Amazon Web Services DVA-C02 Exam With Confidence Using Practice Dumps

Why Option B is Correct:A customer-managed AWS Key Management Service (KMS) key allows for encryption at rest and provides the ability to rotate the key on demand. This ensures compliance with security requirements for key management and database encryption.

RDS integrates natively with AWS KMS, allowing the use of a customer-managed key for encrypting data at rest.

Key rotation can be managed directly in AWS KMS without needing custom solutions.

Why Other Options are Incorrect:

Option A: AWS KMS managed encryption keys (AWS-owned keys) do not support key rotation on demand.

Option C & D: Storing keys in AWS Secrets Manager with custom rotation is not a recommended approach for database encryption. AWS KMS is designed specifically for secure key management and encryption.

AWS Documentation References:

Encrypting Amazon RDS Resources

AWS Key Management Service (KMS)

This solution will meet the requirements by using AWS Serverless Application Model (AWS SAM) templates and gradual deployments to automatically test the Lambda functions. AWS SAM templates are configuration files that define serverless applications and resources such as Lambda functions. Gradual deployments are a feature of AWS SAM that enable deploying new versions of Lambda functions incrementally, shifting traffic gradually, and performing validation tests during deployment. The developer can enable gradual deployments through AWS SAM templates by adding a DeploymentPreference property to each Lambda function resource in the template. The developer can set the deployment preference type to Canary10Percent30Minutes, which means that 10 percent of traffic will be shifted to the new version of the Lambda function for 30 minutes before shifting 100 percent of traffic. The developer can also use hooks to test the deployment, which are custom Lambda functions that run before or after traffic shifting and perform validation tests or rollback actions.