You want to ensure that your DynamoDB table uses a customer-managed key (CMK) for encryption at rest instead of the default AWS key. What steps should you take?

hard🚀 Application Q8 of 15

DynamoDB - Security and Access Control

AEnable encryption in transit and upload the CMK to the client

BSpecify the CMK ARN in the SSESpecification when creating the table

CManually encrypt data before inserting into the table using the CMK

DChange the table encryption key after table creation via AWS console

Step-by-Step Solution

Solution:

Step 1: Understand how to use customer-managed keys with DynamoDB
You specify the CMK's Amazon Resource Name (ARN) in the SSESpecification property when creating the table.
Step 2: Confirm that encryption key must be set at table creation
The CMK cannot be changed after creation; it must be provided upfront.
Final Answer:
Specify the CMK ARN in the SSESpecification when creating the table -> Option B
Quick Check:
Use CMK ARN in SSESpecification at creation [OK]

Quick Trick: Set CMK ARN in SSESpecification during table creation [OK]

Common Mistakes:

MISTAKES

Trying to change encryption key after table creation
Confusing encryption in transit with encryption at rest

Master "Security and Access Control" in DynamoDB

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions

More DynamoDB Quizzes

You want to ensure that your DynamoDB table uses a customer-managed key (CMK) for encryption at rest instead of the default AWS key. What steps should you take?

Step 1: Understand how to use customer-managed keys with DynamoDB

Step 2: Confirm that encryption key must be set at table creation

Final Answer:

Quick Check:

Want More Practice?