Learn which AWS service enables encryption at rest for Amazon RDS and Amazon EBS volumes. Understand how AWS Key Management Service (KMS) manages encryption keys for secure data storage.
Table of Contents
Question
Which AWS service provides encryption at rest for Amazon RDS and for Amazon Elastic Block Store (Amazon EBS) volumes?
A. AWS Lambda
B. AWS Key Management Service (AWS KMS)
C. AWS WAF
D. Amazon Rekognition
Answer
B. AWS Key Management Service (AWS KMS)
Explanation
AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data. AWS KMS provides centralized control over the encryption keys used to protect your data. You can use AWS KMS to encrypt data in Amazon RDS and Amazon EBS volumes.
AWS Key Management Service (KMS) is the correct answer because it provides encryption at rest for services like Amazon RDS and Amazon Elastic Block Store (EBS). AWS KMS allows you to create and manage cryptographic keys, which are used to encrypt and decrypt your data securely. It integrates seamlessly with various AWS services, including RDS and EBS, to enable server-side encryption.
- Amazon RDS: When you enable encryption for an RDS instance, AWS KMS is used to manage the encryption keys that protect the data stored in your database.
- Amazon EBS: Similarly, when you enable encryption for EBS volumes, AWS KMS handles the key management, ensuring secure data storage.
Other options are incorrect
A. AWS Lambda: This service is for running code without managing servers and does not provide encryption at rest.
C. AWS WAF: This is a web application firewall for protecting applications from web threats, unrelated to data encryption.
D. Amazon Rekognition: This is an AI service for image and video analysis, not a security or encryption service.
AWS KMS simplifies encryption tasks by providing centralized key management and integration with AWS CloudTrail for auditing key usage, further enhancing security18.
Amazon AWS Certified Cloud Practitioner CLF-C02 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Cloud Practitioner CLF-C02 exam and earn Amazon AWS Certified Cloud Practitioner CLF-C02 certification.