AWS Certified Security – Specialty — Question 45

A pharmaceutical company has digitized versions of historical prescriptions stored on premises. The company would like to move these prescriptions to AWS and perform analytics on the data in them. Any operation with this data requires that the data be encrypted in transit and at rest.
Which application flow would meet the data protection requirements on AWS?

Answer options

• A. Digitized files -> Amazon Kinesis Data Analytics
• B. Digitized files -> Amazon Kinesis Data Firehose -> Amazon S3 -> Amazon Athena
• C. Digitized files -> Amazon Kinesis Data Streams -> Kinesis Client Library consumer -> Amazon S3 -> Athena
• D. Digitized files -> Amazon Kinesis Data Firehose -> Amazon Elasticsearch

Correct answer: B

Explanation

Option B is correct as it ensures that the digitized files are encrypted both in transit through Amazon Kinesis Data Firehose and at rest in Amazon S3, satisfying the data protection requirements. Options A, C, and D do not incorporate the necessary storage system (Amazon S3) in a manner that guarantees encryption at rest, which is essential for compliance with data protection standards.