AWS Certified SysOps Administrator – Associate (legacy) — Question 505

A Development team is designing an application that processes sensitive information within a hybrid deployment. The team needs to ensure the application data is protected both in transit and at rest.
Which combination of actions should be taken to accomplish this? (Choose two.)

Answer options

• A. Use a VPN to set up a tunnel between the on-premises data center and the AWS resources
• B. Use AWS Certificate Manager to create TLS/SSL certificates
• C. Use AWS CloudHSM to encrypt the data
• D. Use AWS KMS to create TLS/SSL certificates
• E. Use AWS KMS to manage the encryption keys used for data encryption

Correct answer: B, E

Explanation

To protect data in transit, AWS Certificate Manager is used to generate and manage the TLS/SSL certificates required for secure communication. To protect data at rest, AWS Key Management Service (AWS KMS) is the standard service for creating and managing the cryptographic keys used for encryption. Other options like AWS KMS do not support creating TLS/SSL certificates, and while a VPN secures the network connection, it does not manage application-level encryption for data in transit.