AWS Certified Developer – Associate (DVA-C02) — Question 305

A developer is creating an Amazon DynamoDB table by using the AWS CLI. The DynamoDB table must use server-side encryption with an AWS owned encryption key.

How should the developer create the DynamoDB table to meet these requirements?

Answer options

• A. Create an AWS Key Management Service (AWS KMS) customer managed key. Provide the key's Amazon Resource Name (ARN) in the KMSMasterKeyId parameter during creation of the DynamoDB table.
• B. Create an AWS Key Management Service (AWS KMS) AWS managed key. Provide the key's Amazon Resource Name (ARN) in the KMSMasterKeyId parameter during creation of the DynamoDB table.
• C. Create an AWS owned key. Provide the key's Amazon Resource Name (ARN) in the KMSMasterKeyId parameter during creation of the DynamoDB table.
• D. Create the DynamoDB table with the default encryption options.

Correct answer: D

Explanation

By default, Amazon DynamoDB encrypts all tables at rest using an AWS owned key, which requires no additional configuration or parameter settings. Specifying a KMS key via parameters is only necessary when you want to use an AWS managed key or a customer managed key. Therefore, simply creating the table with the default settings automatically satisfies the requirement to use an AWS owned key.