Topic 1 Question 152

AWS Certified Advanced Networking - Specialty

Topic 1 Question 152
A company has an order processing system that needs to keep credit card numbers encrypted. The company's customer-facing application runs as an Amazon Elastic Container Service (Amazon ECS) service behind an Application Load Balancer (ALB) in the us-west-2 Region. An Amazon CloudFront distribution is configured with the ALB as the origin. The company uses a third-party trusted certificate authority to provision its certificates.

The company is using HTTPS for encryption in transit. The company needs additional field-level encryption to keep sensitive data encrypted during processing so that only certain application components can decrypt the sensitive data.

Which combination of steps will meet these requirements?

2 つ選択
- Import the third-party certificate for the ALB. Associate the certificate with the ALB. Upload the certificate for the CloudFront distribution into AWS Certificate Manager (ACM) in us-west-2.
- Import the third-party certificate for the ALB into AWS Certificate Manager (ACM) in us-west-2. Associate the certificate with the ALUpload the certificate for the CloudFront distribution into ACM in the us-east-1 Region.
- Upload the private key that handles the encryption of the sensitive data to the CloudFront distribution. Create a field-level encryption profile and specify the fields that contain sensitive information. Create a field-level encryption configuration, and choose the newly created profile. Link the configuration to the appropriate cache behavior that is associated with sensitive POST requests.
- Upload the public key that handles the encryption of the sensitive data to the CloudFront distribution. Create a field-level encryption configuration, and specify the fields that contain sensitive information. Create a field-level encryption profile, and choose the newly created configuration. Link the profile to the appropriate cache behavior that is associated with sensitive GET requests.
- Upload the public key that handles the encryption of the sensitive data to the CloudFront distribution. Create a field-level encryption profile and specify the fields that contain sensitive information. Create a field-level encryption configuration, and choose the newly created profile. Link the configuration to the appropriate cache behavior that is associated with sensitive POST requests.
ユーザの投票
コメント(2)
- 正解だと思う選択肢: BE
  Option A: CloudFront does not use certificates stored in AWS Certificate Manager (ACM) in the us-west-2 region. It uses certificates stored in the us-east-1 region, making this option incorrect.
  
  Option C: This is incorrect because the private key should not be uploaded to CloudFront for field-level encryption. Instead, the public key is used. A private key must remain confidential and not exposed or uploaded to public services.
  
  Option D: This option incorrectly suggests that the field-level encryption profile should be linked to GET requests. Field-level encryption is used for encrypting sensitive information coming in POST requests (like form submissions with credit card details), not for GET requests. Therefore, this option is incorrect.
  
  👍 4
  Certified1012023/08/03
- BE - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-requirements.html
  
  👍 2
  ISSDoksim2023/07/30
シャッフルモード

ユーザの投票

コメント(2)