A company is developing an AWS-based application to store sensitive data. The IT support team has access to the infrastructure, including databases. The security engineer needs to implement measures to safeguard sensitive data from breaches, reduce management overhead, and ensure regular rotation of database credentials. What measures should the security engineer recommend?

Exam-Like

Enable Amazon RDS encryption for the database and snapshots, enable Amazon EBS encryption on EC2 instances, include database credentials in EC2 user data, use an AWS Lambda function for credential rotation, and set up TLS for database connections.

0.0%

Install a database on an EC2 instance, enable third-party disk encryption for the EBS volume, store database credentials in AWS CloudHSM with automatic rotation, and set up TLS for database connections.

0.0%

Enable Amazon RDS encryption for the database and snapshots, enable Amazon EBS encryption on EC2 instances, store database credentials in AWS Secrets Manager with automatic rotation, and set up TLS for RDS database connections.

100.0%

Set up an AWS CloudHSM cluster with AWS KMS for storing KMS keys, enable Amazon RDS encryption using AWS KMS, store database credentials in AWS Systems Manager Parameter Store with automatic rotation, and set up TLS for RDS database connections.

0.0%

AWS Certified Security - Specialty

Get started today

Comments