Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam SAA-C03 Topic 1 Question 53 Discussion

Actual exam question for Amazon's SAA-C03 exam
Question #: 53
Topic #: 1
[All SAA-C03 Questions]

A company has a three-tier environment on AWS that ingests sensor data from its users' devices The traffic flows through a Network Load Balancer (NIB) then to Amazon EC2 instances for the web tier and finally to EC2 instances for the application tier that makes database calls

What should a solutions architect do to improve the security of data in transit to the web tier?

Show Suggested Answer Hide Answer
Suggested Answer: A

A: How do you protect your data in transit?

Best Practices:

Implement secure key and certificate management: Store encryption keys and certificates securely and rotate them at appropriate time intervals while applying strict access control; for example, by using a certificate management service, such as AWS Certificate Manager (ACM).

Enforce encryption in transit: Enforce your defined encryption requirements based on appropriate standards and recommendations to help you meet your organizational, legal, and compliance requirements.

Automate detection of unintended data access: Use tools such as GuardDuty to automatically detect attempts to move data outside of defined boundaries based on data classification level, for example, to detect a trojan that is copying data to an unknown or untrusted network using the DNS protocol.

Authenticate network communications: Verify the identity of communications by using protocols that support authentication, such as Transport Layer Security (TLS) or IPsec.

https://wa.aws.amazon.com/wat.question.SEC_9.en.html


by Ruthann at Jan 10, 2025, 08:35 AM

Limited Time Offer

25%

Off

Get Premium SAA-C03 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
France
15 days ago
A) is the obvious choice. Unless you're trying to break the system, then D) might be the way to go. *laughs*
upvoted 0 times
...
France
17 days ago
Hmm, I guess the architects are really trying to keep the data safe, even from the EC2 instances themselves. *wink wink*
upvoted 0 times
Simona
6 days ago
B: Change the load balancer to an Application Load Balancer and attach AWS WAF to it
upvoted 0 times
...
Wilburn
12 days ago
A: Configure a TLS listener and add the server certificate on the NLB
upvoted 0 times
...
...
Carlee
25 days ago
I'm not sure about TLS encryption. Wouldn't it be better to go with option B) Configure AWS Shield Advanced and enable AWS WAF on the NLB for added protection against DDoS attacks?
upvoted 0 times
...
Alfred
26 days ago
I'm going with A). Securing the data in transit is the most important thing here.
upvoted 0 times
Adela
8 days ago
User 2: I agree, configuring a TLS listener and adding the server certificate on the NLB is a good security measure.
upvoted 0 times
...
Zona
14 days ago
User 1: I think A) is the best option for securing data in transit.
upvoted 0 times
...
...
Marvel
1 months ago
C) is not the right choice. Application Load Balancer is not necessary for this scenario.
upvoted 0 times
Elouise
5 days ago
D) Encrypt the Amazon Elastic Block Store (Amazon EBS) volume on the EC2 instances using AWS Key Management Service (AWS KMS)
upvoted 0 times
...
Brynn
6 days ago
B) Configure AWS Shield Advanced and enable AWS WAF on the NLB
upvoted 0 times
...
Marnie
7 days ago
A) Configure a TLS listener and add the server certificate on the NLB
upvoted 0 times
...
...
Virgie
1 months ago
I agree with German. TLS encryption is a standard security measure for data in transit. It's the best option for improving security in this scenario.
upvoted 0 times
...
Robt
1 months ago
B) seems like a good option too. AWS Shield Advanced and AWS WAF can provide additional protection for the NLB.
upvoted 0 times
...
Coletta
1 months ago
I think D) is the way to go. Encrypting the EBS volumes is the best way to secure the data.
upvoted 0 times
Lawanda
10 hours ago
D: I agree with the user comment, D) is the best option. Encrypting the EBS volumes using AWS KMS is a strong security measure.
upvoted 0 times
...
Cherelle
2 days ago
C: I think C) is the way to go. Changing to an Application Load Balancer with AWS WAF attached will enhance security.
upvoted 0 times
...
Yesenia
11 days ago
B: I disagree, I believe B) is the best choice. Enabling AWS Shield Advanced and AWS WAF adds an extra layer of security.
upvoted 0 times
...
Eleni
29 days ago
A: I think A) is a better option. Configuring a TLS listener will encrypt the data in transit.
upvoted 0 times
...
...
Pete
2 months ago
A) is the correct answer. Configuring a TLS listener and adding the server certificate on the NLB will encrypt the data in transit to the web tier.
upvoted 0 times
Avery
1 months ago
C) Changing to an Application Load Balancer and attaching AWS WAF sounds like a good option too.
upvoted 0 times
...
Jose
1 months ago
B) But wouldn't enabling AWS Shield Advanced and AWS WAF on the NLB also improve security?
upvoted 0 times
...
Halina
1 months ago
A) Configure a TLS listener and add the server certificate on the NLB
upvoted 0 times
...
...
German
2 months ago
I think we should go with option A) Configure a TLS listener and add the server certificate on the NLB. It will encrypt the data in transit.
upvoted 0 times
...

Save Cancel