Answer-first summary for fast verification
Answer: Upload the private key that handles the encryption of the sensitive data to the CloudFront distribution. Create a field-level encryption profile and specify the fields that contain sensitive information. Create a field-level encryption configuration, and choose the newly created profile. Link the configuration to the appropriate cache behavior that is associated with sensitive POST requests., Upload the public key that handles the encryption of the sensitive data to the CloudFront distribution. Create a field-level encryption profile and specify the fields that contain sensitive information. Create a field-level encryption configuration, and choose the newly created profile. Link the configuration to the appropriate cache behavior that is associated with sensitive POST requests.
To meet the requirements of keeping credit card numbers encrypted during processing and ensuring only certain application components can decrypt the sensitive data, the company needs to implement field-level encryption with Amazon CloudFront. This involves specifying which fields contain sensitive information and ensuring these fields are encrypted before being sent to the origin server. The correct steps involve uploading the public key that handles the encryption of the sensitive data to the CloudFront distribution, creating a field-level encryption profile to specify the sensitive fields, creating a field-level encryption configuration with the newly created profile, and linking this configuration to the appropriate cache behavior associated with sensitive POST requests. This ensures that sensitive data is encrypted at the field level before being processed by the application. Therefore, the correct options are those that correctly describe these steps, which are options C and E. Option C correctly describes the process of using the private key for encryption, creating a field-level encryption profile, and linking the configuration to sensitive POST requests. Option E correctly describes uploading the public key, creating a field-level encryption profile, and linking the configuration to sensitive POST requests, which is the correct approach for field-level encryption with CloudFront.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company operates an order processing system requiring credit card numbers to remain encrypted. Their customer-facing application is deployed as an Amazon ECS service behind an Application Load Balancer (ALB) in the us-west-2 Region, with an Amazon CloudFront distribution configured to use the ALB as its origin. The company uses certificates from a third-party trusted certificate authority and employs HTTPS for encryption in transit. To ensure sensitive data remains encrypted during processing and is only decryptable by specific application components, what two steps should the company implement? (Choose two.)
A
Import the third-party certificate for the ALB. Associate the certificate with the ALB. Upload the certificate for the CloudFront distribution into AWS Certificate Manager (ACM) in us-west-2.
B
Import the third-party certificate for the ALB into AWS Certificate Manager (ACM) in us-west-2. Associate the certificate with the ALB. Upload the certificate for the CloudFront distribution into ACM in the us-east-1 Region.
C
Upload the private key that handles the encryption of the sensitive data to the CloudFront distribution. Create a field-level encryption profile and specify the fields that contain sensitive information. Create a field-level encryption configuration, and choose the newly created profile. Link the configuration to the appropriate cache behavior that is associated with sensitive POST requests.
D
Upload the public key that handles the encryption of the sensitive data to the CloudFront distribution. Create a field-level encryption configuration, and specify the fields that contain sensitive information. Create a field-level encryption profile, and choose the newly created configuration. Link the profile to the appropriate cache behavior that is associated with sensitive GET requests.
E
Upload the public key that handles the encryption of the sensitive data to the CloudFront distribution. Create a field-level encryption profile and specify the fields that contain sensitive information. Create a field-level encryption configuration, and choose the newly created profile. Link the configuration to the appropriate cache behavior that is associated with sensitive POST requests.