AWS Certified Data Engineer – Associate (DEA-C01) — Question 112

A company is using an AWS Transfer Family server to migrate data from an on-premises environment to AWS. Company policy mandates the use of TLS 1.2 or above to encrypt the data in transit.

Which solution will meet these requirements?

Answer options

• A. Generate new SSH keys for the Transfer Family server. Make the old keys and the new keys available for use.
• B. Update the security group rules for the on-premises network to allow only connections that use TLS 1.2 or above.
• C. Update the security policy of the Transfer Family server to specify a minimum protocol version of TLS 1.2
• D. Install an SSL certificate on the Transfer Family server to encrypt data transfers by using TLS 1.2.

Correct answer: C

Explanation

The correct answer is C because updating the security policy of the Transfer Family server to require a minimum of TLS 1.2 directly enforces the use of the required encryption protocol for data in transit. Option A is irrelevant since generating SSH keys does not pertain to TLS encryption. Option B focuses on network rules rather than server-side protocol enforcement, and option D, while it mentions TLS 1.2, does not ensure that only TLS 1.2 or above is used during data transfers.