Exam AWS-SysOps topic 1 question 768 discussion

A and E are the correct answers.

B & E B - Create the Cert using ACM which will encrypt data in transit E keep data at rest encrypted using keys I had thought A, but stating "VPN" and not direct connect is what throws it off

A. Use a VPN to set up a tunnel between the on-premises data center and the AWS resources. Using a VPN (Virtual Private Network) establishes a secure connection between the on-premises data center and AWS resources, ensuring the encryption of data during transit. This helps protect the data while it is being transmitted between the on-premises environment and AWS. E. Use AWS KMS to manage the encryption keys used for data encryption. AWS Key Management Service (KMS) provides a secure and scalable solution for managing encryption keys. By using AWS KMS, the Development team can manage the encryption keys used to encrypt and decrypt sensitive data both in transit and at rest. This ensures that the data remains protected and only accessible to authorized entities.

creating an application that will handle sensitive data , but does the data go thru ELB ? if yes then ACM it's correct but if not the application just need to upload file to s3 thru VPN Gateway then i think not. So confuse I go with A & E

I will go with A & E

Correct Answer: A & E

B | E are the answers

B is incorrect. The answer does not mention how these certificates will be used. They could be useful for end-to-end encryption but this is dependent on application design so it’s unclear if this is a suitable option. answer: A, E

A, E ..

B. Use AWS Certificate Manager to create TLS/SSL certificates E. Use AWS KMS to manage the encryption keys used for data encryption

I'll go with B,E

Believe B & E VPN for only one application? Generally the hybrid cloud is created with Direct Connect. VPN is used as failover. Development team will have more flexibility with the use of ACM and SSL certificates.

B. Use AWS Certificate Manager to create TLS/SSL certificates E. Use AWS KMS to manage the encryption keys used for data encryption

ANS A & E hybrid deployment, therefore connection is between cloud and on-prem. Furthermore, connection should be encrypted Encrypt with VPN for data in transit & Encrypt with KMS for data at rest

we dont know if the vpn is backed by xconnect or site to site vpn. if it were site to site vpn then it support ip sec which protects data by encrypting data in transit. B and E is correct.

At first I thought A but IPSEC does not supply end to end encryption, but only encrypts traffic while going over the tunnel. End to End encryption would be a little safer in my opinion. Therefore I will go with B and E. Encryption in transit and encryption at rest.

In transit (VPN) and a rest (AWS KMS) A&E