ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 171 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 171
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company's architecture requires that its three Amazon EC2 instances run behind an Application Load Balancer (ALB). The EC2 instances transmit sensitive data between each other. Developers use SSL certificates to encrypt the traffic between the public users and the ALB. However, the Developers are unsure of how to encrypt the data in transit between the ALB and the EC2 instances and the traffic between the EC2 instances.
Which combination of activities must the company implement to meet its encryption requirements? (Choose two.)

  • A. Configure SSL/TLS on the EC2 instances and configure the ALB target group to use HTTPS.
  • B. Ensure that all resources are in the same VPC so the default encryption provided by the VPC is used to encrypt the traffic between the EC2 instances.
  • C. In the ALB, select the default encryption to encrypt the traffic between the ALB and the EC2 instances.
  • D. In the code for the application, include a cryptography library and encrypt the data before sending it between the EC2 instances.
  • E. Configure AWS Direct Connect to provide an encrypted tunnel between the EC2 instances.
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
by RamboDaSilva at Aug. 28, 2020, 2:44 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
JackLee1
Highly Voted 3 years, 7 months ago
A - to encrypt between ALB and EC2s. D - to encrypt between EC2s. https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html
upvoted 34 times
...
PeppaPig
Highly Voted 3 years, 7 months ago
A&D B: wrong no such thing like VPC default encryption C: wrong, ALB has no default encryption E: Makes no sense.
upvoted 15 times
Jack_London
3 years, 7 months ago
Agreed. AD is the correct answer.
upvoted 3 times
...
...
Raphaello
Most Recent 1 year, 2 months ago
Selected Answer: AD
AD make sense.
upvoted 1 times
...
kpv_
1 year, 5 months ago
A and B . All the traffic between ec2 is encrypted if in VPC https://docs.aws.amazon.com/whitepapers/latest/logical-separation/encrypting-data-at-rest-and--in-transit.html
upvoted 1 times
...
freddyman
1 year, 10 months ago
Selected Answer: AD
A and D. There's no encryption of traffic within a VPC.
upvoted 2 times
...
michele_scar
1 year, 11 months ago
Selected Answer: AD
In the question there isn't mention about "Same VPC" so B it's out. A&D
upvoted 2 times
...
sudipta0007
1 year, 11 months ago
to meat the vpc data protection encryption it must me used specific instance types (mainly nitro based instance type). In the question its not specified . So I will go with A,D Doc : https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/data-protection.html#encryption-transi
upvoted 1 times
...
Blue15
1 year, 12 months ago
E. 확실히 아닙니다. https://docs.aws.amazon.com/ko_kr/directconnect/latest/UserGuide/encryption-in-transit.html
upvoted 1 times
...
ITGURU51
2 years ago
As per AWS: All traffic within a VPC and between peered VPCs across regions is transparently encrypted at the network layer when using supported Amazon EC2 instance types. AB
upvoted 2 times
...
nairj
2 years ago
A and B A - It's pretty straightforward. B - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/data-protection.html#encryption-transit - The section on "Encryption between instances" states that AWS encrypts network communications between the instances.
upvoted 1 times
Dmosh
2 years ago
Specific instance types
upvoted 1 times
...
...
peddyua
2 years, 1 month ago
Selected Answer: AD
A - for obvious reasons D - Enable encryption for traffic between the EC2 instances: You can use SSL/TLS protocols to encrypt the traffic between the EC2 instances. This can be done by installing SSL/TLS certificates on the EC2 instances and configuring the applications to use HTTPS.
upvoted 2 times
...
boooliyooo
2 years, 3 months ago
Selected Answer: AB
A and B are the correct options. Option B: Ensuring that all resources are in the same VPC will allow the default encryption provided by the VPC to be used to encrypt the traffic between the EC2 instances. This means that the traffic between the EC2 instances will be encrypted without any additional configuration. Option D: Encrypting the data in the application code before sending it between the EC2 instances will not encrypt the actual network traffic between the instances.
upvoted 2 times
...
Teknoklutz
2 years, 4 months ago
Selected Answer: AD
No doubt - its A and D....there is nothing like mentioned in B
upvoted 2 times
...
pk0619
2 years, 4 months ago
Selected Answer: AB
B is right https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/data-protection.html#encryption-transit
upvoted 1 times
peddyua
2 years, 1 month ago
your link says "The instances are in the same VPC or peered VPCs, and the traffic does not pass through a virtual network device or service, such as a load balancer or a transit gateway." which is our case, so B is out
upvoted 1 times
...
...
[Removed]
2 years, 6 months ago
Selected Answer: AB
AB: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/data-protection.html#encryption-transit
upvoted 3 times
...
cloud_collector
2 years, 7 months ago
Selected Answer: AB
A: You can create an HTTPS listener, which uses encrypted connections (also known as SSL offload). This feature enables traffic encryption between your load balancer and the clients that initiate SSL or TLS sessions. https://aws.amazon.com/elasticloadbalancing/application-load-balancer/ B: The instances are in the same VPC or peered VPCs, and the traffic does not pass through a virtual network device or service, such as a load balancer or a transit gateway. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/data-protection.html#encryption-transit
upvoted 2 times
cloud_collector
2 years, 7 months ago
For B: As the question mentioned , "The EC2 instances transmit sensitive data between each other" & "how to encrypt the data in transit between .... the traffic between the EC2 instances" , Choose B. A lot of people said "D" is correct , I searched AWS documentation but not found any useful info, who can share it if you know?
upvoted 1 times
...
...
sapien45
2 years, 8 months ago
Selected Answer: AD
It’s private in the sense that other tenants / AWS customers wouldn’t be able to eavesdrop or capture communication flows. However, it is NOT encrypted. If you need to achieve compliance, your best bet is to use encryption protocols at your stack - TLS / SSH everywhere
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago