Answer-first summary for fast verification
Answer: Use AWS Lambda event source mapping. Set Amazon Simple Queue Service (Amazon SQS) standard queues as the event source. Use AWS Key Management Service (SSE-KMS) for encryption. Add the kms:Decrypt permission for the Lambda execution role.
## Explanation **Correct Answer: A** **Why Option A is correct:** 1. **Cost-effectiveness**: Standard SQS queues are more cost-effective than FIFO queues. FIFO queues have higher costs and throughput limitations. 2. **At-least-once processing**: Standard SQS queues provide at-least-once delivery, which meets the requirement to process each request at least once. 3. **Security**: Using SSE-KMS (AWS Key Management Service) provides strong encryption for sensitive credit card data, which is essential for banking applications. 4. **Proper permissions**: Adding `kms:Decrypt` permission to the Lambda execution role is the correct way to grant decryption access. **Why other options are incorrect:** - **Option B**: FIFO queues are more expensive and provide exactly-once processing, which is overkill for "at least once" requirements. SSE-SQS provides encryption but with SQS-managed keys, which may not meet strict banking security requirements. - **Option C**: FIFO queues are more expensive than standard queues and provide exactly-once processing, which exceeds the requirement and increases costs unnecessarily. - **Option D**: While standard queues are cost-effective, the permission "encryption key invocation permission" is not a standard AWS permission. The correct permission is `kms:Decrypt`. **Key AWS Concepts:** - **SQS Standard vs FIFO**: Standard queues offer best-effort ordering, at-least-once delivery, and higher throughput at lower cost. FIFO queues guarantee exactly-once processing, preserve order, and have lower throughput limits at higher cost. - **SSE-KMS vs SSE-SQS**: SSE-KMS uses AWS KMS keys for encryption, providing better security controls and audit trails. SSE-SQS uses SQS-managed keys. - **Lambda Event Source Mapping**: Allows Lambda to poll SQS queues and process messages automatically. For a banking application processing credit card data, security is paramount, but the requirement only specifies "at least once" processing, making standard queues with SSE-KMS the most cost-effective solution.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A solutions architect is designing an asynchronous application to process credit card data validation requests for a bank. The application must be secure and be able to process each request at least once.
Which solution will meet these requirements MOST cost-effectively?
A
Use AWS Lambda event source mapping. Set Amazon Simple Queue Service (Amazon SQS) standard queues as the event source. Use AWS Key Management Service (SSE-KMS) for encryption. Add the kms:Decrypt permission for the Lambda execution role.
B
Use AWS Lambda event source mapping. Use Amazon Simple Queue Service (Amazon SQS) FIFO queues as the event source. Use SQS managed encryption keys (SSE-SQS) for encryption. Add the encryption key invocation permission for the Lambda function.
C
Use the AWS Lambda event source mapping. Set Amazon Simple Queue Service (Amazon SQS) FIFO queues as the event source. Use AWS KMS keys (SSE-KMS). Add the kms:Decrypt permission for the Lambda execution role.
D
Use the AWS Lambda event source mapping. Set Amazon Simple Queue Service (Amazon SQS) standard queues as the event source. Use AWS KMS keys (SSE-KMS) for encryption. Add the encryption key invocation permission for the Lambda function.