Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam SAA-C03 Topic 14 Question 24 Discussion

Actual exam question for Amazon's SAA-C03 exam
Question #: 24
Topic #: 14
[All SAA-C03 Questions]

A company has a three-tier environment on AWS that ingests sensor data from its users' devices The traffic flows through a Network Load Balancer (NIB) then to Amazon EC2 instances for the web tier and finally to EC2 instances for the application tier that makes database calls

What should a solutions architect do to improve the security of data in transit to the web tier?

Show Suggested Answer Hide Answer
Suggested Answer: A

A) How do you protect your data in transit?

Best Practices:

Implement secure key and certificate management: Store encryption keys and certificates securely and rotate them at appropriate time intervals while applying strict access control; for example, by using a certificate management service, such as AWS Certificate Manager (ACM).

Enforce encryption in transit: Enforce your defined encryption requirements based on appropriate standards and recommendations to help you meet your organizational, legal, and compliance requirements.

Automate detection of unintended data access: Use tools such as GuardDuty to automatically detect attempts to move data outside of defined boundaries based on data classification level, for example, to detect a trojan that is copying data to an unknown or untrusted network using the DNS protocol.

Authenticate network communications: Verify the identity of communications by using protocols that support authentication, such as Transport Layer Security (TLS) or IPsec.

https://wa.aws.amazon.com/wat.question.SEC_9.en.html


Contribute your Thoughts:

Emeline
8 months ago
Sounds good to me. Now let's just hope the exam question is as straightforward as this one!
upvoted 0 times
...
Dominque
8 months ago
Haha, yeah, that's like trying to fix a leaky faucet by cleaning the bathtub. Good one, Michael!
upvoted 0 times
...
Carlene
8 months ago
Alright, I think we've got this figured out. Option A is the way to go - configure that TLS listener and get that data securely on its way to the web tier.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77