Which of the following statements correctly describes how DynamoDB handles encryption at rest?
Think about the default security features AWS provides for DynamoDB data storage.
DynamoDB automatically encrypts all data at rest using AWS owned keys by default. Users can optionally use customer managed keys, but encryption is always enabled.
How does DynamoDB ensure encryption in transit when clients communicate with the service?
Consider the standard protocol used for secure web communication.
DynamoDB uses HTTPS (TLS) by default to encrypt all data transmitted between clients and the service, ensuring data privacy and integrity during transit.
Given the following AWS CLI command output snippet describing a DynamoDB table, what is the encryption status of the table?
{
"Table": {
"TableName": "Orders",
"SSEDescription": {
"Status": "ENABLED",
"SSEType": "KMS",
"KMSMasterKeyArn": "arn:aws:kms:us-east-1:123456789012:key/abcd-1234"
}
}
}Look at the SSEType and Status fields carefully.
The SSEDescription shows Status as ENABLED and SSEType as KMS, which means server-side encryption is active using a customer managed KMS key.
A developer notices that data sent to DynamoDB is not encrypted in transit. Which of the following client configurations is most likely causing this issue?
Consider the protocol used for secure communication.
Using HTTP instead of HTTPS means data is sent unencrypted over the network, causing encryption in transit to fail.
You want to minimize costs related to encryption while maintaining strong security for your DynamoDB tables. Which approach best balances cost and security?
Think about the cost differences between AWS owned keys and customer managed keys.
AWS owned keys provide encryption at rest at no additional cost, while customer managed KMS keys incur charges. Disabling encryption or encryption in transit reduces security and is not recommended.