AWS Certified Developer – Associate — Question 268

A company is running its application on the most recent generation of hare metal Amazon EC2 instances. A developer is adding a low-latency computation feature to the application. The feature depends on highly sensitive personally identifiable information (PII). When computation occurs on unencrypted data, the feature needs to run in an isolated environment that provides CPU and memory isolation.

Which solution will meet these requirements?

Answer options

• A. Build and deploy the feature on the original EC2 instance store.
• B. Add the now feature in the original application. Deploy the application on a Dedicated Host.
• C. Package the now feature and deploy the now feature on AWS Lambda. Use AWS Key Management Service (AWS KMS) to encrypt and decrypt the PII.
• D. Build and deploy the now feature as part of the original application. Run the feature on AWS Nitro Enclaves.

Correct answer: D

Explanation

AWS Nitro Enclaves allows users to create isolated compute environments with dedicated CPU and memory allocation on EC2 instances to securely process highly sensitive data like PII. Other options like Dedicated Hosts or instance stores do not offer this hardened cryptographic isolation, and AWS Lambda cannot run directly within the low-latency bare metal EC2 host environment.