AWS Certified Security – Specialty (SCS-C02) — Question 298

A company’s network security policy requires encryption for all data in transit. The company must encrypt data that is sent between Amazon EC2 instances and Amazon Elastic Block Store (Amazon EBS) volumes.

Which solution will meet this requirement?

Answer options

• A. Configure Amazon EC2 to enable encryption in the EC2 network interface properties.
• B. Configure Amazon EBS to enable volume encryption with AWS Key Management Service (AWS KMS) for data at rest.
• C. Configure Amazon EBS to enable TLS encryption in the volume configuration properties.
• D. Configure Amazon EC2 to enable TLS encryption with certificates that are stored in AWS Certificate Manager (ACM).

Correct answer: D

Explanation

Configuring Amazon EC2 to utilize TLS encryption with certificates managed by AWS Certificate Manager (ACM) ensures that in-transit data is securely encrypted using standard cryptographic protocols. Other options are incorrect because Amazon EBS volume configuration properties do not feature a native TLS toggle, and AWS KMS data-at-rest encryption does not directly establish TLS-based transit encryption for these network paths.