A financial services company will deploy a sensitive-transaction application on Amazon EC2 and use Amazon RDS for MySQL. Security policies require encryption at rest and in transit. Which solution provides this with the LEAST operational overhead?
Choose an answer
Tap an option to check your answer.
Correct answer: Configure encryption at rest for Amazon RDS for MySQL by using AWS KMS managed keys. Configure AWS Certificate Manager (ACM) SSL/TLS certificates for encryption in transit..
Why this is the answer
The correct solution leverages native AWS services for both encryption at rest and in transit, minimizing operational overhead. AWS KMS-managed keys provide easy and secure encryption for RDS at rest. AWS Certificate Manager (ACM) simplifies the provisioning, management, and deployment of SSL/TLS certificates for encryption in transit, integrating seamlessly with other AWS services. Using IPsec tunnels or a VPN connection for encryption in transit would introduce significantly more operational overhead due to the need for configuration, management, and maintenance of these network components. Implementing third-party application-level encryption adds complexity to the application development and management, as the application would be responsible for encryption and decryption, rather than offloading it to the database service.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed