Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam SAA-C03 Topic 6 Question 30 Discussion

Actual exam question for Amazon's SAA-C03 exam
Question #: 30
Topic #: 6
[All SAA-C03 Questions]

A company has a three-tier environment on AWS that ingests sensor data from its users' devices The traffic flows through a Network Load Balancer (NIB) then to Amazon EC2 instances for the web tier and finally to EC2 instances for the application tier that makes database calls

What should a solutions architect do to improve the security of data in transit to the web tier?

Show Suggested Answer Hide Answer
Suggested Answer: A

A: How do you protect your data in transit?

Best Practices:

Implement secure key and certificate management: Store encryption keys and certificates securely and rotate them at appropriate time intervals while applying strict access control; for example, by using a certificate management service, such as AWS Certificate Manager (ACM).

Enforce encryption in transit: Enforce your defined encryption requirements based on appropriate standards and recommendations to help you meet your organizational, legal, and compliance requirements.

Automate detection of unintended data access: Use tools such as GuardDuty to automatically detect attempts to move data outside of defined boundaries based on data classification level, for example, to detect a trojan that is copying data to an unknown or untrusted network using the DNS protocol.

Authenticate network communications: Verify the identity of communications by using protocols that support authentication, such as Transport Layer Security (TLS) or IPsec.

https://wa.aws.amazon.com/wat.question.SEC_9.en.html


Contribute your Thoughts:

Janna
6 months ago
I think Option C) Change the load balancer to an Application Load Balancer and attach AWS WAF to it could also enhance security by adding a web application firewall.
upvoted 0 times
...
Stephane
6 months ago
Option A) Configure a TLS listener and add the server certificate on the NLB seems like a good choice. It encrypts the data in transit.
upvoted 0 times
...
Junita
6 months ago
I agree. What are our options?
upvoted 0 times
...
Hubert
6 months ago
I think we should focus on improving the security of data in transit to the web tier.
upvoted 0 times
...
Destiny
7 months ago
I'm not sure about these options, but I think we definitely need to do something to improve security. It's crucial to protect the data in transit.
upvoted 0 times
...
Jarod
7 months ago
I see both points, but I think option B could also be a good choice. Enabling AWS Shield Advanced and AWS WAF would add another layer of protection.
upvoted 0 times
...
Marjory
7 months ago
I disagree, I believe option C is better. Using an Application Load Balancer with AWS WAF provides additional security features.
upvoted 0 times
...
Mila
7 months ago
I think we should go with option A, configuring a TLS listener on the NLB would encrypt the data in transit.
upvoted 0 times
...
Mila
8 months ago
Haha, yeah, that's a good point. Option D is definitely a distraction. I'm leaning towards option A myself, as it seems the most direct solution to the problem. And hey, who doesn't love a good old-fashioned TLS encryption? *winks* It's the security equivalent of a warm hug for your data.
upvoted 0 times
...
Natalie
8 months ago
I agree, options A and C both seem like viable choices. Although, I'm not sure if Option D, encrypting the EBS volumes, is really relevant here. That would protect the data at rest, but not the data in transit, which is the focus of this question. *chuckles* Maybe the exam writers are just trying to throw in a red herring to confuse us.
upvoted 0 times
...
Bernardine
8 months ago
Option A does sound like the most straightforward way to secure the data in transit, but I'm also curious about Option C. Changing the load balancer to an Application Load Balancer and attaching AWS WAF could provide an extra layer of protection against web-based attacks. What do you guys think?
upvoted 0 times
Corrie
7 months ago
I say let's go with Option C for that added layer of protection
upvoted 0 times
...
Rosalind
7 months ago
Option C does seem like a good way to enhance security for the web tier
upvoted 0 times
...
Shannan
8 months ago
D) Encrypt the Amazon Elastic Block Store (Amazon EBS) volume on the EC2 instances using AWS Key Management Service (AWS KMS)
upvoted 0 times
...
Stephane
8 months ago
I also think Option C could be a good choice for an extra layer of protection
upvoted 0 times
...
Gail
8 months ago
C) Change the load balancer to an Application Load Balancer and attach AWS WAF to it
upvoted 0 times
...
Gilma
8 months ago
B) Configure AWS Shield Advanced and enable AWS WAF on the NLB
upvoted 0 times
...
Octavio
8 months ago
A) Configure a TLS listener and add the server certificate on the NLB
upvoted 0 times
...
...
Norah
8 months ago
Hmm, this is an interesting question. I think the key here is to focus on securing the data in transit to the web tier, which is the weakest link in the architecture. I'm leaning towards option A - configuring a TLS listener and adding the server certificate on the NLB. That should help encrypt the traffic and prevent any eavesdropping or man-in-the-middle attacks.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77