A company is deploying a highly sensitive application on Amazon EC2. The application processes PII and requires that all data in transit between EC2 instances within the VPC be encrypted. The company wants to achieve this with ZERO configuration changes to the application code or the operating system. How can this be achieved?

Answer options:

Configure IPsec VPN tunnels between all EC2 instances.

Use AWS Certificate Manager (ACM) to deploy TLS certificates to the instances.

Use EC2 instances that support AWS Nitro System and launch them in the same VPC.

Enable VPC Flow Logs with encryption enabled.

How to approach this question

Identify the hardware-level encryption feature provided by modern EC2 instances.

Full Answer

C.Use EC2 instances that support AWS Nitro System and launch them in the same VPC.✓ Correct

Use EC2 instances that support AWS Nitro System and launch them in the same VPC.

The AWS Nitro System provides hardware-level encryption for data in transit between instances. If you use current-generation Nitro instances in the same VPC, AWS automatically encrypts the network traffic between them without any configuration required.

Common mistakes

Thinking application-level TLS is the only way to encrypt in-transit data.

Question 27 All questions Question 29

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 4

75 questions · hints · full answers · grading

More questions from this exam

Q01A global enterprise is redesigning its network architecture across 50 AWS accounts. They require ...Hard Q02A financial services company uses AWS Organizations to manage 100+ accounts. The security team ma...Medium Q03An e-commerce company requires a multi-region active-active architecture for its critical order p...Medium Q04A company is setting up a new AWS environment using AWS Control Tower. They need to ensure that a...Hard Q05An enterprise has 50 AWS accounts under AWS Organizations. They want to implement a chargeback mo...Medium

View all 75 questions →