AWS Certified Solutions Architect - Associate
Get started today
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
A solutions architect is designing an asynchronous application to process credit card data validation requests for a bank. The application must be secure and be able to process each request at least once.
Which solution will meet these requirements MOST cost-effectively?
Other
Community
UAnonymous
A
Use AWS Lambda event source mapping. Set Amazon Simple Queue Service (Amazon SQS) standard queues as the event source. Use AWS Key Management Service (SSE-KMS) for encryption. Add the kms:Decrypt permission for the Lambda execution role.
B
Use AWS Lambda event source mapping. Use Amazon Simple Queue Service (Amazon SQS) FIFO queues as the event source. Use SQS managed encryption keys (SSE-SQS) for encryption. Add the encryption key invocation permission for the Lambda function.
C
Use the AWS Lambda event source mapping. Set Amazon Simple Queue Service (Amazon SQS) FIFO queues as the event source. Use AWS KMS keys (SSE-KMS). Add the kms:Decrypt permission for the Lambda execution role.
D
Use the AWS Lambda event source mapping. Set Amazon Simple Queue Service (Amazon SQS) standard queues as the event source. Use AWS KMS keys (SSE-KMS) for encryption. Add the encryption key invocation permission for the Lambda function.
Explanation:
Explanation
Correct Answer: A
Why Option A is correct:
- Cost-effectiveness: Standard SQS queues are more cost-effective than FIFO queues. FIFO queues have higher costs and throughput limitations.
- At-least-once processing: Standard SQS queues provide at-least-once delivery, which meets the requirement to process each request at least once.
- Security: Using SSE-KMS (AWS Key Management Service) provides strong encryption for sensitive credit card data, which is essential for banking applications.
- Proper permissions: Adding
kms:Decryptpermission to the Lambda execution role is the correct way to grant decryption access.
Why other options are incorrect:
- Option B: FIFO queues are more expensive and provide exactly-once processing, which is overkill for "at least once" requirements. SSE-SQS provides encryption but with SQS-managed keys, which may not meet strict banking security requirements.
- Option C: FIFO queues are more expensive than standard queues and provide exactly-once processing, which exceeds the requirement and increases costs unnecessarily.
- Option D: While standard queues are cost-effective, the permission "encryption key invocation permission" is not a standard AWS permission. The correct permission is
kms:Decrypt.
Key AWS Concepts:
- SQS Standard vs FIFO: Standard queues offer best-effort ordering, at-least-once delivery, and higher throughput at lower cost. FIFO queues guarantee exactly-once processing, preserve order, and have lower throughput limits at higher cost.
- SSE-KMS vs SSE-SQS: SSE-KMS uses AWS KMS keys for encryption, providing better security controls and audit trails. SSE-SQS uses SQS-managed keys.
- Lambda Event Source Mapping: Allows Lambda to poll SQS queues and process messages automatically.
For a banking application processing credit card data, security is paramount, but the requirement only specifies "at least once" processing, making standard queues with SSE-KMS the most cost-effective solution.
Comments
Loading comments...