AWS Certified Big Data – Specialty — Question 23

An Amazon Kinesis stream needs to be encrypted.
Which approach should be used to accomplish this task?

Answer options

• A. Perform a client-side encryption of the data before it enters the Amazon Kinesis stream on the producer.
• B. Use a partition key to segment the data by MD5 hash function, which makes it undecipherable while in transit.
• C. Perform a client-side encryption of the data before it enters the Amazon Kinesis stream on the consumer.
• D. Use a shard to segment the data, which has built-in functionality to make it indecipherable while in transit.

Correct answer: A

Explanation

The correct answer, A, is appropriate because client-side encryption ensures that data is encrypted before it is sent to Amazon Kinesis, providing security from the outset. Options B and D incorrectly suggest that data segmentation or sharding provides encryption, but these methods do not encrypt data. Option C is also incorrect as it refers to encryption on the consumer side, which does not secure the data while it is being transmitted.