Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 234 discussion

AWS KMS can be used to encrypt the EBS and Aurora database storage at rest. ACM can be used to obtain an SSL/TLS certificate and attach it to the ALB. This encrypts the data in transit between the clients and the ALB. A is incorrect because it suggests using ACM to encrypt the EBS, which is not the correct service for encrypting EBS. B is incorrect because relying on the AWS root account and selecting an option in the AWS Management Console to enable encryption for all data at rest and in transit is not a valid approach. D is incorrect because BitLocker is not a suitable solution for encrypting data in AWS services. It is primarily used for encrypting data on Windows-based operating systems. Additionally, importing TLS certificate keys to AWS KMS and attaching them to the ALB is not the recommended approach for encrypting data in transit.

Got this question in exam today

To encrypt data at rest, AWS Key Management Service (AWS KMS) can be used to encrypt EBS volumes and Aurora database storage. To encrypt data in transit, an AWS Certificate Manager (ACM) certificate can be attached to the Application Load Balancer (ALB) to enable HTTPS and TLS encryption.

Use AWS Key Management Service (AWS KMS) to encrypt the EBS volumes and Aurora database storage at rest. Attach an AWS Certificate Manager (ACM) certificate to the ALB to encrypt data in transit

C is the best answer. To encrypt data at rest, AWS Key Management Service (AWS KMS) can be used to encrypt EBS volumes and Aurora database storage. To encrypt data in transit, an AWS Certificate Manager (ACM) certificate can be attached to the Application Load Balancer (ALB) to enable HTTPS and TLS encryption.

Option C it's correct

Option C fulfills the requirements.

C is correct ,A REVERSES the work ofeach service.

C is correct!

c is correct answer