Answer-first summary for fast verification
Answer: Use AWS CloudHSM to manage encryption keys, Amazon S3 server-side encryption for data at rest, and AWS Certificate Manager for TLS encryption in transit.
To meet the regulatory requirements for data security and key management, the financial services company should use AWS CloudHSM (Cloud Hardware Security Module) to manage and rotate encryption keys with the highest level of security. Amazon S3 server-side encryption should be used to encrypt data at rest, and AWS Certificate Manager should be used to enable TLS encryption for data in transit.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A financial services company is migrating its trading application to AWS. The application processes and stores sensitive customer data, including trade orders and account information. To meet regulatory requirements, the company needs to ensure that data is encrypted at rest and in transit, and that encryption keys are securely managed and rotated regularly. Which combination of AWS services should they use?
A
Use AWS KMS to manage encryption keys, Amazon EBS for encrypted data volumes, and AWS Certificate Manager for TLS encryption in transit.
B
Use AWS CloudHSM to manage encryption keys, Amazon S3 server-side encryption for data at rest, and AWS Certificate Manager for TLS encryption in transit.
C
Use AWS Secrets Manager to store and rotate encryption keys, Amazon RDS with encryption for data at rest, and AWS Global Accelerator for secure data transfer.
D
Use AWS KMS to manage encryption keys, Amazon EFS with encryption for data at rest, and AWS WAF for web application security.
No comments yet.