AWS Certified Cloud Practitioner — Question 759

Which AWS service provides encryption at rest for Amazon RDS and for Amazon Elastic Block Store (Amazon EBS) volumes?

Answer options

• A. AWS Lambda
• B. AWS Key Management Service (AWS KMS)
• C. AWS WAF
• D. Amazon Rekognition

Correct answer: B

Explanation

AWS Key Management Service (AWS KMS) is the primary service used to create and control the cryptographic keys used to encrypt data at rest across various AWS services, including Amazon EBS and Amazon RDS. Other options like AWS Lambda (serverless compute), AWS WAF (web application firewall), and Amazon Rekognition (computer vision) do not provide cryptographic key management or data-at-rest encryption services.