A company is developing an application that interacts with a DynamoDB table. There is now a security mandate that all data must be encrypted at rest. How can you achieve this requirement? (Select TWO)

Answer options:

A.Enable encryption using AWS owned key.
B.Enable encryption using AWS managed key.
C.Enable encryption using client keys.
D.Enable your application to use the SDK to decrypt the data.

Correct Answer – A and B
DynamoDB encryption is mandatory at the time of table creation itself and it is of two types.
i. DEFAULT method using `AWS owned key`
ii. KMS method using `AWS managed key `
Therefore the following options are correct.
A. Enable encryption using AWS-owned CMK.
B. Enable encryption using AWS-managed CMK.
For more information on Encryption at rest for DynamoDB, please refer to the below URL-
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/EncryptionAtRest.html