Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 37 discussion

Option D) Use ELBSecurityPolicy-FS policies, if you require Forward Secrecy • Provides additional safeguards against the eavesdropping of encrypted data • Using a unique random session key

Perfect Forward Secrecy is a feature that provides additional safeguards against the eavesdropping of encrypted data, through the use of a unique random session key. This prevents the decoding of captured data, even if the secret long-term key is compromised. https://aws.amazon.com/about-aws/whats-new/2014/02/19/elastic-load-balancing-perfect-forward-secrecy-and-more-new-security-features/ https://aws.amazon.com/about-aws/whats-new/2018/06/application-load-balancer-adds-new-security-policies-including-policy-for-forward-secrecy/

D is the correct answer Perfect Forward Secrecy is a feature that provides additional safeguards against the eavesdropping of encrypted data, through the use of a unique random session key. This prevents the decoding of captured data, even if the secret long-term key is compromised.

Select Security Policy that support FS algorithms. D is the correct answer.

I think that it's correcty answer is D.

Correct is either C or D, bur prob D. B is for sure wrong.

To provide additional safeguards to protect encrypted data at Amazon Application Load Balancers (ALBs) through the use of a unique random session key, the network engineer should use AWS Key Management Service (AWS KMS) to encrypt session keys. Therefore, the correct answer is B.

BBBBBBBBB

B - correct. The requirement is to provide additional safeguards to protect encrypted data at Application Load Balancers (ALBs) through the use of a unique random session key. To meet this requirement, the network engineer should use AWS Key Management Service (AWS KMS) to encrypt session keys. Therefore, the correct answer is option B.