AWS Certified Developer – Associate (DVA-C02) — Question 217

A web application is using Amazon Kinesis Data Streams for clickstream data that may not be consumed for up to 12 hours.

How can the developer implement encryption at rest for data within the Kinesis Data Streams?

Answer options

• A. Enable SSL connections to Kinesis.
• B. Use Amazon Kinesis Consumer Library.
• C. Encrypt the data once it is at rest with a Lambda function.
• D. Enable server-side encryption in Kinesis Data Streams.

Correct answer: D

Explanation

The correct answer is D because enabling server-side encryption in Kinesis Data Streams automatically encrypts the data at rest using AWS-managed keys. Option A is incorrect as SSL only secures data in transit, not at rest. Option B does not pertain to encryption, and option C is not an efficient way to manage encryption for data that is already stored.