AWS Certified Developer – Associate — Question 150

A web application is using Amazon Kinesis Streams for clickstream data that may not be consumed for up to 12 hours.

How can the developer implement encryption at rest for data within the Kinesis Streams?

Answer options

• A. Enable SSL connections to Kinesis.
• B. Use Amazon Kinesis Consumer Library.
• C. Encrypt the data once it is at rest with a Lambda function.
• D. Enable server-side encryption in Kinesis Streams.

Correct answer: D

Explanation

The correct answer is D because enabling server-side encryption in Kinesis Streams automatically protects data at rest without requiring manual intervention. Options A and B do not address encryption at rest, and option C encrypts data only after it has been stored, which does not provide the immediate protection that server-side encryption offers.