Topic 1 Question 37

AWS Certified Advanced Networking - Specialty

Topic 1 Question 37
A network engineer must provide additional safeguards to protect encrypted data at Application Load Balancers (ALBs) through the use of a unique random session key. What should the network engineer do to meet this requirement?
- Change the ALB security policy to a policy that supports TLS 1.2 protocol only
- Use AWS Key Management Service (AWS KMS) to encrypt session keys
- Associate an AWS WAF web ACL with the ALBs. and create a security rule to enforce forward secrecy (FS)
- Change the ALB security policy to a policy that supports forward secrecy (FS)
ユーザの投票
コメント(6)
- Option D)
  
  Use ELBSecurityPolicy-FS policies, if you require Forward Secrecy • Provides additional safeguards against the eavesdropping of encrypted data • Using a unique random session key
  
  👍 7
  study_aws12023/03/20
- 正解だと思う選択肢: D
  Perfect Forward Secrecy is a feature that provides additional safeguards against the eavesdropping of encrypted data, through the use of a unique random session key. This prevents the decoding of captured data, even if the secret long-term key is compromised.
  
  https://aws.amazon.com/about-aws/whats-new/2014/02/19/elastic-load-balancing-perfect-forward-secrecy-and-more-new-security-features/
  
  https://aws.amazon.com/about-aws/whats-new/2018/06/application-load-balancer-adds-new-security-policies-including-policy-for-forward-secrecy/
  
  👍 4
  titi_r2023/03/26
- B - correct.
  
  The requirement is to provide additional safeguards to protect encrypted data at Application Load Balancers (ALBs) through the use of a unique random session key. To meet this requirement, the network engineer should use AWS Key Management Service (AWS KMS) to encrypt session keys. Therefore, the correct answer is option B.
  
  👍 1
  zaazanuna2023/03/18
シャッフルモード

ユーザの投票

コメント(6)