AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

A company uses Amazon Elastic Kubernetes Service (Amazon EKS) to run a container application. The EKS cluster stores sensitive information in the Kubernetes secrets object. The company wants to ensure that the information is encrypted. Which solution will meet these requirements with the LEAST operational overhead?

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Use the container application to encrypt the information by using AWS Key Management Service (AWS KMS).

Enable secrets encryption in the EKS cluster by using AWS Key Management Service (AWS KMS).

Implement an AWS Lambda function to encrypt the information by using AWS Key Management Service (AWS KMS).

Use AWS Systems Manager Parameter Store to encrypt the information by using AWS Key Management Service (AWS KMS).

Explanation:

Explanation

Correct Answer: B - Enable secrets encryption in the EKS cluster by using AWS Key Management Service (AWS KMS).

Why Option B is Correct:

Native EKS Feature: Amazon EKS provides native support for encrypting Kubernetes secrets using AWS KMS. This is a built-in feature that requires minimal operational overhead.
Automatic Encryption: When you enable secrets encryption in EKS, all Kubernetes secrets stored in etcd are automatically encrypted at rest using the specified KMS key.
Least Operational Overhead: This solution requires only configuration changes during cluster creation or update, without needing to modify applications, write custom code, or manage additional services.

Why Other Options are Incorrect:

A. Use the container application to encrypt the information by using AWS Key Management Service (AWS KMS).

This requires modifying the application code to handle encryption/decryption
Increases development and maintenance overhead
Not transparent to the application

C. Implement an AWS Lambda function to encrypt the information by using AWS Key Management Service (AWS KMS).

Requires building and maintaining a separate Lambda function
Adds complexity with event triggers and error handling
Not a native Kubernetes solution

D. Use AWS Systems Manager Parameter Store to encrypt the information by using AWS Key Management Service (AWS KMS).

Requires storing secrets outside of Kubernetes
Applications need to be modified to retrieve secrets from Parameter Store
Adds complexity with IAM permissions and secret management

Key Points:

EKS secrets encryption with KMS is a managed service feature
Encryption happens transparently at the etcd level
No application changes required
Meets security requirements with minimal operational effort
Supports both symmetric and asymmetric KMS keys

This solution aligns with AWS best practices for securing sensitive data in EKS clusters while minimizing operational complexity.

Powered ByGPT-5.2

Comments

Loading comments...