Ultimate access to all questions.
A company operates an order processing system requiring credit card numbers to remain encrypted. Their customer-facing application is deployed as an Amazon ECS service behind an Application Load Balancer (ALB) in the us-west-2 Region, with an Amazon CloudFront distribution configured to use the ALB as its origin. The company uses certificates from a third-party trusted certificate authority and employs HTTPS for encryption in transit. To ensure sensitive data remains encrypted during processing and is only decryptable by specific application components, what two steps should the company implement? (Choose two.)
A
Import the third-party certificate for the ALB. Associate the certificate with the ALB. Upload the certificate for the CloudFront distribution into AWS Certificate Manager (ACM) in us-west-2.
B
Import the third-party certificate for the ALB into AWS Certificate Manager (ACM) in us-west-2. Associate the certificate with the ALB. Upload the certificate for the CloudFront distribution into ACM in the us-east-1 Region.
C
Upload the private key that handles the encryption of the sensitive data to the CloudFront distribution. Create a field-level encryption profile and specify the fields that contain sensitive information. Create a field-level encryption configuration, and choose the newly created profile. Link the configuration to the appropriate cache behavior that is associated with sensitive POST requests.
D
Upload the public key that handles the encryption of the sensitive data to the CloudFront distribution. Create a field-level encryption configuration, and specify the fields that contain sensitive information. Create a field-level encryption profile, and choose the newly created configuration. Link the profile to the appropriate cache behavior that is associated with sensitive GET requests.
E
Upload the public key that handles the encryption of the sensitive data to the CloudFront distribution. Create a field-level encryption profile and specify the fields that contain sensitive information. Create a field-level encryption configuration, and choose the newly created profile. Link the configuration to the appropriate cache behavior that is associated with sensitive POST requests.