AWS Certified Cloud Practitioner CLF-C02 Exam - Question 5

based on docs, AWS DynamoDB is automatically encrypted your data as default (but RDS you must turn on this feature by your self) ref: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/EncryptionAtRest.html ref: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html#Overview.Encryption.Determining

Under the AWS Shared Responsibility Model, the customer's responsibilities when using Amazon DynamoDB include: C. Access to DynamoDB tables The customer is responsible for managing and controlling access to their DynamoDB tables. This includes defining appropriate permissions, user access control, and authentication mechanisms to ensure that only authorized users or services can access the tables. The other options are not customer responsibilities: D. Encryption of data at rest in DynamoDB: AWS provides encryption of data at rest as a built-in feature for DynamoDB. The customer can enable encryption for their tables, but AWS handles the actual implementation and management of the encryption process. Therefore, the correct customer responsibility is C. Access to DynamoDB tables.

if people say it is D, so this mean aws responsible for access the table !? no sense + data is encrypted at rest by default

Under the AWS Shared Responsibility Model, the responsibility for certain aspects of a service is divided between AWS and the customer. Regarding Amazon DynamoDB: The customer is responsible for: C. Access to DynamoDB tables This means that the customer is responsible for managing and controlling access to their DynamoDB tables, including setting up appropriate IAM (Identity and Access Management) permissions and policies. AWS is responsible for: A. Physical security of DynamoDB B. Patching of DynamoDB D. Encryption of data at rest in DynamoDB AWS takes care of the physical infrastructure, patches and updates the DynamoDB service, and provides encryption mechanisms for data at rest. It's important for customers to be aware of their responsibilities and configure access controls accordingly to ensure the security of their DynamoDB tables.

Access to DB tables

Customers are responsible for managing their data (including encryption options), classifying their assets, and using IAM tools to apply the appropriate permissions.

DynamoDB encrypts data at rest by default. https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/EncryptionAtRest.html

DynamoDB : fully managed Data service , encrypts data by default Amazon RDS : encrypts data when user select it

The answer is C. Access to DynamoDB tables. Within the AWS Shared Responsibility Model, Amazon is responsible for the physical security of DynamoDB, patching DynamoDB, and encrypting non-active data in DynamoDB. Customers are responsible for accessing DynamoDB tables.

https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Introduction.html#:~:text=DynamoDB%20also%20offers%20encryption%20at%20rest%2C%20which%20eliminates%20the%20operational%20burden%20and%20complexity%20involved%20in%20protecting%20sensitive%20data.%20For%20more%20information%2C%20see%20DynamoDB%20encryption%20at%20rest.

C because why should aws has the power to control who will access the tables..🫠

C. Access to DynamoDB tables The customer is responsible for managing access control to their DynamoDB tables, including defining permissions, roles, and policies to control who can access the tables and what actions they can perform. This involves setting up appropriate IAM policies and roles to restrict access to authorized users and applications while adhering to security best practices.

The correct answer is D. Encryption of data at rest in DynamoDB. https://aws.amazon.com/compliance/shared-responsibility-model/#:~:text=Customers%20are%20responsible%20for%20managing,also%20extends%20to%20IT%20controls.

DynamoDB encrypts data at rest by default. https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/EncryptionAtRest.html

Encryption is under customer responsibility. https://aws.amazon.com/compliance/shared-responsibility-model/

It's C as you get to set your own IAM policy to allow access to a specific DynamoDB table, while encryption of data at rest (D) is a built-in feature in DynamoDB

C. Access to DynamoDB tables Under the AWS Shared Responsibility Model, controlling and managing access to AWS services, including Amazon DynamoDB tables, is a customer responsibility. While AWS takes care of the physical infrastructure, patching, and encryption of data at rest in DynamoDB, customers are responsible for setting up proper access controls, authentication, and authorization to protect their data and resources

Answer C. Acces to DynamoDB tables.

AWS database managed services already implement encryption at rest: https://aws.amazon.com/pm/dynamodb/?gclid=Cj0KCQiA4Y-sBhC6ARIsAGXF1g62nH-xwU3jA3Rijthg64iin_6g_SPOgCaHCeCDs1A7S1s6SxMbnfgaAt4AEALw_wcB&trk=bf64c969-685f-4fc4-b36b-4bcbda56cee7&sc_channel=ps&ef_id=Cj0KCQiA4Y-sBhC6ARIsAGXF1g62nH-xwU3jA3Rijthg64iin_6g_SPOgCaHCeCDs1A7S1s6SxMbnfgaAt4AEALw_wcB:G:s&s_kwcid=AL!4422!3!536324221413!p!!g!!dynamodb!12195830303!119606857400

Under the AWS Shared Responsibility Model, the responsibility for certain aspects of a service is divided between AWS and the customer. Regarding Amazon DynamoDB: The customer is responsible for: C. Access to DynamoDB tables This means that the customer is responsible for managing and controlling access to their DynamoDB tables, including setting up appropriate IAM (Identity and Access Management) permissions and policies.

C = CORRECT

C. Access to DynamoDB tables This means that customers are responsible for managing access control to their DynamoDB tables, including configuring IAM policies, roles, and permissions to ensure that only authorized users or services can interact with the tables. This responsibility involves setting up appropriate authentication and authorization mechanisms to protect the data stored in DynamoDB from unauthorized access.

It must be c, Dynamo encrypts data by default

C. Access to DynamoDB tables

Answer C. DynamoDB implements its encryption in: Data at rest Data in transit

Access to DynamoDB tables

C. Access to DynamoDB tables Under the AWS Shared Responsibility Model, customers are responsible for managing access to their resources, including controlling who has access to their Amazon DynamoDB tables. This involves setting up and configuring AWS Identity and Access Management (IAM) policies to control authentication and authorization for DynamoDB.

C is correct

The customer is responsible for: C. Access to DynamoDB tables

Customers are responsible for managing their data (including encryption options), classifying their assets, and using IAM tools to apply the appropriate permissions.

Encryption is AWS's responsibility.

If Encryption is default in dynamodb . Then answer will be C. Access to dynamoDb table Right..

C is correct.

based on docs, AWS DynamoDB is automatically encrypted your data as default (but RDS you must turn on this feature by your self) ref: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/EncryptionAtRest.html

C. Access to DynamoDB tables

Customers are responsible for controlling the encryption of their data.

C. Access to DynamoDB tables

C. Access to DynamoDB tables

The customer responsibility include access to DynamoDB

access

authorizing the access

physical security of Dynamodb

Customer responsibility includes setting IAM policies and permissions to control who can access their DynamoDB tables.

Maintaining access to Dynamo DB tables

C is correct

Customers are reponsible for security in the cloud-meaning how they configure and use AWS service

C is correct