Answer-first summary for fast verification
Answer: Use TLS certificates from AWS Certificate Manager (ACM) with an Application Load Balancer. Deploy self-signed certificates on the EC2 instances. Ensure that the database client software uses a TLS connection to Amazon RDS. Enable encryption of the RDS DB instance. Enable encryption on the Amazon Elastic Block Store (Amazon EBS) volumes that support the EC2 instances.
The correct answer is A. This option uses TLS certificates from AWS Certificate Manager (ACM) with an Application Load Balancer to secure data in transit. It also ensures that the database client software uses a TLS connection to Amazon RDS, and enables encryption of the RDS DB instance as well as the Amazon Elastic Block Store (Amazon EBS) volumes that support the EC2 instances. This approach fulfills the requirement to secure data both in transit and at rest, while minimizing operational overhead and cost. Other options involve either unnecessary complexity, additional cost, or are irrelevant to the requirements.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company is developing an e-commerce application that utilizes Amazon EC2 instances and an Amazon RDS MySQL database. Due to compliance requirements, the company must ensure that data is secured both in transit and at rest. The company is looking for a solution that not only meets these security requirements but also minimizes operational overhead and cost. Which of the following solutions would be the most appropriate for this scenario?
A
Use TLS certificates from AWS Certificate Manager (ACM) with an Application Load Balancer. Deploy self-signed certificates on the EC2 instances. Ensure that the database client software uses a TLS connection to Amazon RDS. Enable encryption of the RDS DB instance. Enable encryption on the Amazon Elastic Block Store (Amazon EBS) volumes that support the EC2 instances.
B
Use TLS certificates from a third-party vendor with an Application Load Balancer. Install the same certificates on the EC2 instances. Ensure that the database client software uses a TLS connection to Amazon RDS. Use AWS Secrets Manager for client-side encryption of application data.
C
Use AWS CloudHSM to generate TLS certificates for the EC2 instances. Install the TLS certificates on the EC2 instances. Ensure that the database client software uses a TLS connection to Amazon RDS. Use the encryption keys from CloudHSM for client-side encryption of application data.
D
Use Amazon CloudFront with AWS WAF. Send HTTP connections to the origin EC2 instances. Ensure that the database client software uses a TLS connection to Amazon RDS. Use AWS Key Management Service (AWS KMS) for client-side encryption of application data before the data is stored in the RDS database.