ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 683 - SAA-C03 discussion

Report
Export

A company has a three-tier environment on AWS that ingests sensor data from its users' devices The traffic flows through a Network Load Balancer (NIB) then to Amazon EC2 instances for the web tier and finally to EC2 instances for the application tier that makes database calls

What should a solutions architect do to improve the security of data in transit to the web tier?

A.
Configure a TLS listener and add the server certificate on the NLB
Answers
A.
Configure a TLS listener and add the server certificate on the NLB
B.
Configure AWS Shield Advanced and enable AWS WAF on the NLB
Answers
B.
Configure AWS Shield Advanced and enable AWS WAF on the NLB
C.
Change the load balancer to an Application Load Balancer and attach AWS WAF to it
Answers
C.
Change the load balancer to an Application Load Balancer and attach AWS WAF to it
D.
Encrypt the Amazon Elastic Block Store (Amazon EBS) volume on the EC2 instances using AWS Key Management Service (AWS KMS)
Answers
D.
Encrypt the Amazon Elastic Block Store (Amazon EBS) volume on the EC2 instances using AWS Key Management Service (AWS KMS)
Suggested answer: A

Explanation:

A: How do you protect your data in transit?

Best Practices:

Implement secure key and certificate management: Store encryption keys and certificates securely and rotate them at appropriate time intervals while applying strict access control; for example, by using a certificate management service, such as AWS Certificate Manager (ACM).

Enforce encryption in transit: Enforce your defined encryption requirements based on appropriate standards and recommendations to help you meet your organizational, legal, and compliance requirements.

Automate detection of unintended data access: Use tools such as GuardDuty to automatically detect attempts to move data outside of defined boundaries based on data classification level, for example, to detect a trojan that is copying data to an unknown or untrusted network using the DNS protocol.

Authenticate network communications: Verify the identity of communications by using protocols that support authentication, such as Transport Layer Security (TLS) or IPsec.

https://wa.aws.amazon.com/wat.question.SEC_9.en.html



asked 16/09/2024
Judith Persons
43 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first