Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam SAA-C03 Topic 1 Question 37 Discussion

Actual exam question for Amazon's SAA-C03 exam
Question #: 37
Topic #: 1
[All SAA-C03 Questions]

A company has a three-tier environment on AWS that ingests sensor data from its users' devices The traffic flows through a Network Load Balancer (NIB) then to Amazon EC2 instances for the web tier and finally to EC2 instances for the application tier that makes database calls

What should a solutions architect do to improve the security of data in transit to the web tier?

Show Suggested Answer Hide Answer
Suggested Answer: A

A: How do you protect your data in transit?

Best Practices:

Implement secure key and certificate management: Store encryption keys and certificates securely and rotate them at appropriate time intervals while applying strict access control; for example, by using a certificate management service, such as AWS Certificate Manager (ACM).

Enforce encryption in transit: Enforce your defined encryption requirements based on appropriate standards and recommendations to help you meet your organizational, legal, and compliance requirements.

Automate detection of unintended data access: Use tools such as GuardDuty to automatically detect attempts to move data outside of defined boundaries based on data classification level, for example, to detect a trojan that is copying data to an unknown or untrusted network using the DNS protocol.

Authenticate network communications: Verify the identity of communications by using protocols that support authentication, such as Transport Layer Security (TLS) or IPsec.

https://wa.aws.amazon.com/wat.question.SEC_9.en.html


Contribute your Thoughts:

Roy
5 months ago
Haha, I can just imagine the developers trying to explain to the client why they need to upgrade to an ALB just to use WAF. Option A is the clear winner here.
upvoted 0 times
...
Bettina
5 months ago
Hmm, I'm not sure about the other options. Encrypting the EBS volumes doesn't really address the data in transit issue, and the WAF stuff seems overkill for this scenario.
upvoted 0 times
...
Eve
5 months ago
I agree, implementing TLS on the NLB is the best approach here. It's a simple but effective way to protect the data.
upvoted 0 times
Ngoc
4 months ago
B: That sounds like a solid plan. TLS encryption is a must for securing data in transit.
upvoted 0 times
...
Tuyet
5 months ago
A: Configure a TLS listener and add the server certificate on the NLB
upvoted 0 times
...
...
Tony
5 months ago
Option A seems like the way to go. Encrypting the data in transit is crucial for securing the sensor data.
upvoted 0 times
Jeniffer
5 months ago
I agree, configuring a TLS listener and adding the server certificate on the NLB is a good way to encrypt the data.
upvoted 0 times
...
Stephaine
5 months ago
I think option A is the best choice for improving security of data in transit to the web tier.
upvoted 0 times
...
...
Kendra
6 months ago
I agree with Tracey, TLS encryption is the best way to secure the data flow to the web tier.
upvoted 0 times
...
Tracey
6 months ago
I think we should go with option A, configuring a TLS listener will encrypt the data in transit.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77