Question

Your company is going to develop an application in .NET Core with DynamoDB. There is a requirement that all data needs to be encrypted at rest. If the DynamoDB table has already been created, what else is needed to achieve this?

A. No additional configurations are required since server-side encryption is enabled on all DynamoDB table data.

B. Enable encryption on the existing table.

C. You cannot enable encryption at rest. Consider using the AWS RDS service instead.

D. You cannot enable encryption at rest. Consider using the S3 service instead.

Answer 1

Answer - A. No additional configurations are required since server-side encryption is enabled on all DynamoDB table data.

Option B is incorrect since Encryption can only be configured during table creation time.

Options C and D are incorrect since Encryption is possible in DynamoDB.The AWS Documentation mentions the following.

Amazon DynamoDB offers fully managed encryption at rest.

DynamoDB encryption at rest provides enhanced security by encrypting your data at rest using an AWS Key Management Service (AWS KMS) managed encryption key for DynamoDB.

This functionality eliminates the operational burden and complexity involved in protecting sensitive data.