🔥 3-day streak
AWS Certified Security - Specialty54 / 184
Question 54 of 184

A financial services company stores sensitive customer transaction records in an Amazon DynamoDB table. A compliance requirement mandates that the encryption key used for data at rest must be under the company's direct control, allowing them to define key policies, audit key usage in CloudTrail, and disable the key immediately if a breach is suspected. The security team wants to minimize operational overhead while still meeting these controls. Which DynamoDB encryption-at-rest configuration should they choose?

Reviewed for accuracy · Report an issueNext question