Answer-first summary for fast verification
Answer: Generate an RSA key pair exclusively for the data-handling microservice. Upload the public key to the CloudFront distribution, establish a field-level encryption profile and configuration, and incorporate this configuration into the CloudFront cache behavior.
The correct answer is B. Amazon CloudFront supports field-level encryption using an RSA public key to encrypt sensitive data. The steps involve generating an RSA key pair dedicated to the data-handling microservice, uploading the public key to the CloudFront distribution, creating a field-level encryption profile and configuration, and then linking this configuration to the CloudFront cache behavior. This ensures that only the data-handling microservice, which holds the private key, can decrypt the sensitive data, meeting the security requirements.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
An online survey company operates a distributed application consisting of microservices within the AWS Cloud. These microservices are managed by an automatically scaled Amazon Elastic Container Service (ECS) cluster, which is targeted by an Application Load Balancer (ALB). The ALB serves as a custom origin for an Amazon CloudFront distribution. The company's survey includes sensitive data that must be encrypted during transmission through the application. Specifically, only the data-handling microservice should have the capability to decrypt this sensitive data. What solution will effectively meet these security requirements?
A
Create a dedicated symmetric AWS Key Management Service (KMS) key for the data-handling microservice. Configure a field-level encryption profile and its associated settings, then link the KMS key and these settings to the CloudFront cache behavior.
B
Generate an RSA key pair exclusively for the data-handling microservice. Upload the public key to the CloudFront distribution, establish a field-level encryption profile and configuration, and incorporate this configuration into the CloudFront cache behavior.
C
Develop a dedicated symmetric AWS Key Management Service (KMS) key for the data-handling microservice. Implement a Lambda@Edge function that is programmed to utilize the KMS key for encrypting the sensitive data.
D
Forge an RSA key pair specifically for the data-handling microservice. Develop a Lambda@Edge function that is configured to employ the private key from the RSA key pair to encrypt the sensitive data.