Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 16 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 16
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company is developing an ecommerce application. The application uses Amazon EC2 instances and an Amazon RDS MySQL database. For compliance reasons, data must be secured in transit and at rest. The company needs a solution that minimizes operational overhead and minimizes cost.
Which solution meets these requirements?

  • A. Use TLS certificates from AWS Certificate Manager (ACM) with an Application Load Balancer. Deploy self-signed certificates on the EC2 instances. Ensure that the database client software uses a TLS connection to Amazon RDS. Enable encryption of the RDS DB instance. Enable encryption on the Amazon Elastic Block Store (Amazon EBS) volumes that support the EC2 instances.
  • B. Use TLS certificates from a third-party vendor with an Application Load Balancer. Install the same certificates on the EC2 instances. Ensure that the database client software uses a TLS connection to Amazon RDS. Use AWS Secrets Manager for client-side encryption of application data.
  • C. Use AWS CloudHSM to generate TLS certificates for the EC2 instances. Install the TLS certificates on the EC2 instances. Ensure that the database client software uses a TLS connection to Amazon RDS. Use the encryption keys from CloudHSM for client-side encryption of application data.
  • D. Use Amazon CloudFront with AWS WAF. Send HTTP connections to the origin EC2 instances. Ensure that the database client software uses a TLS connection to Amazon RDS. Use AWS Key Management Service (AWS KMS) for client-side encryption of application data before the data is stored in the RDS database.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by aragon_saa at Oct. 4, 2023, 1:12 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
FunkyFresco
1 month, 2 weeks ago
Selected Answer: A
Option A.
upvoted 1 times
...
Raphaello
7 months, 4 weeks ago
Selected Answer: A
A..ofc!
upvoted 1 times
...
awssecuritynewbie
8 months, 1 week ago
Selected Answer: A
Non of them talk about the encryption at rest for the EBS apart from Option A
upvoted 1 times
...
3633f8f
9 months, 3 weeks ago
Selected Answer: A
TLS In-Flight encryption is core funcitionality of ACM. Others are invalidated based on this.
upvoted 1 times
...
Daniel76
10 months, 3 weeks ago
Selected Answer: A
Only A address data encryption at rest at RDS and EBS and is the most cost-effective and efficient method. TLS certificates from a third-party vendor or generated by CloudHSM is unnecessarily increase cost and ops overhead. CloudFront with WAF is irrelevant to the requirement.
upvoted 2 times
...
[Removed]
11 months, 1 week ago
Selected Answer: A
Answer A
upvoted 1 times
...
lalee2
11 months, 1 week ago
Selected Answer: A
Option A talks about ACM which is encryption in transit
upvoted 1 times
...
pupsik
11 months, 2 weeks ago
Selected Answer: A
Option A
upvoted 1 times
...
KR693
11 months, 2 weeks ago
Option A
upvoted 1 times
...
Sumi81
11 months, 2 weeks ago
A. No other solution talks about encryption at rest
upvoted 1 times
...
100fold
11 months, 3 weeks ago
Selected Answer: A
Agree answer A. TLS certificates from (ACM) secures data in transit
upvoted 1 times
...
aragon_saa
1 year ago
https://www.examtopics.com/discussions/amazon/view/60895-exam-aws-certified-security-specialty-topic-1-question-265/
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel