Data Protection Questions
Practice questions for Data Protection topic in AWS Certified Security - Specialty. 36 questions covering this domain.
A security architect wants full control over KMS key lifecycle and usage permissions for an encryption key used by applications and AWS services. Whic...
An object version in Amazon S3 is protected by Object Lock in compliance mode until a future date. An administrator wants to shorten the retention per...
A company uses S3 Cross-Region Replication for objects encrypted with a multi-Region KMS key and expects replication to avoid any re-encryption becaus...
A compliance officer needs a retention mode in S3 Object Lock that prevents any user, including the AWS account root user, from deleting or shortening...
A company wants to enforce backup plans across accounts in AWS Organizations, copy backups across accounts and Regions, and generate daily compliance ...
A company wants write-once-read-many protection for objects in Amazon S3 so the objects cannot be deleted or overwritten for a retention period. Which...
A team stores database credentials in AWS Secrets Manager and wants to avoid extra KMS key charges unless custom key control is required. Which encryp...
A company needs single-tenant hardware security modules with full control over algorithms and keys, and it accepts more operational responsibility tha...
A company needs to encrypt data in one AWS Region and decrypt it in another Region without re-encrypting the data or making a cross-Region call to AWS...
Which Systems Manager Parameter Store parameter type encrypts the value with AWS KMS at rest and is the recommended choice for storing application sec...
A regulated workload requires single-tenant FIPS 140-3 Level 3 hardware security modules with full administrative control over the HSM and cluster, in...
An auditor requires that S3 objects in the EU only be decrypted by KMS keys that are themselves located in the EU, even though the bucket replicates o...
An application requires double encryption of objects in Amazon S3 such that every object is encrypted twice with two different keys at the object leve...
Which AWS KMS feature, when enabled on a customer-managed symmetric key, automatically rotates the key material every year while keeping the same key ...
A developer needs to allow another AWS account to use a customer-managed KMS key for a limited time without modifying the key policy permanently. Whic...
Which Amazon S3 feature reduces AWS KMS request volume and costs when many objects in the same bucket are encrypted with the same SSE-KMS key?
A team wants AWS Secrets Manager to automatically rotate Amazon RDS database credentials on a schedule using a Lambda rotation function provided by AW...
An ALB needs a public TLS certificate for a custom domain that is automatically renewed at no charge. Which AWS service provides this?
A team needs to distribute an application secret (database password) to multiple Lambda functions across multiple AWS accounts in an organization with...
A security team needs to prevent any IAM principal in the account from disabling S3 Object Lock or shortening the retention period on any object in a ...
Sign in to see all 36 questions
Create a free account to browse all questions — completely free during our launch phase.