AWS Certified Solutions Architect – Associate (SAA-C02) — Question 471

A company wants to build a scalable key management infrastructure to support developers who need to encrypt data in their applications.
What should a solutions architect do to reduce the operational burden?

Answer options

• A. Use multi-factor authentication (MFA) to protect the encryption keys.
• B. Use AWS Key Management Service (AWS KMS) to protect the encryption keys.
• C. Use AWS Certificate Manager (ACM) to create, store, and assign the encryption keys.
• D. Use an IAM policy to limit the scope of users who have access permissions to protect the encryption keys.

Correct answer: B

Explanation

AWS Key Management Service (AWS KMS) is a fully managed service that simplifies the creation and control of cryptographic keys, significantly reducing the operational overhead of managing key infrastructure. AWS Certificate Manager (ACM) is designed for managing SSL/TLS certificates rather than application data encryption keys, while options like MFA and IAM policies are access control mechanisms that do not replace the need for a dedicated key management system.