Topic 1 Question 16
A company is developing an ecommerce application. The application uses Amazon EC2 instances and an Amazon RDS MySQL database. For compliance reasons, data must be secured in transit and at rest. The company needs a solution that minimizes operational overhead and minimizes cost. Which solution meets these requirements?
Use TLS certificates from AWS Certificate Manager (ACM) with an Application Load Balancer. Deploy self-signed certificates on the EC2 instances. Ensure that the database client software uses a TLS connection to Amazon RDS. Enable encryption of the RDS DB instance. Enable encryption on the Amazon Elastic Block Store (Amazon EBS) volumes that support the EC2 instances.
Use TLS certificates from a third-party vendor with an Application Load Balancer. Install the same certificates on the EC2 instances. Ensure that the database client software uses a TLS connection to Amazon RDS. Use AWS Secrets Manager for client-side encryption of application data.
Use AWS CloudHSM to generate TLS certificates for the EC2 instances. Install the TLS certificates on the EC2 instances. Ensure that the database client software uses a TLS connection to Amazon RDS. Use the encryption keys from CloudHSM for client-side encryption of application data.
Use Amazon CloudFront with AWS WAF. Send HTTP connections to the origin EC2 instances. Ensure that the database client software uses a TLS connection to Amazon RDS. Use AWS Key Management Service (AWS KMS) for client-side encryption of application data before the data is stored in the RDS database.
ユーザの投票
コメント(12)
- 正解だと思う選択肢: A
Only A address data encryption at rest at RDS and EBS and is the most cost-effective and efficient method. TLS certificates from a third-party vendor or generated by CloudHSM is unnecessarily increase cost and ops overhead. CloudFront with WAF is irrelevant to the requirement.
👍 3Daniel762023/11/18 - 👍 2aragon_saa2023/10/03
- 正解だと思う選択肢: A
Agree answer A. TLS certificates from (ACM) secures data in transit
👍 1100fold2023/10/19
シャッフルモード