AWS SAP-C02 · Question 35 · Domain 2.3: Security Controls
A healthcare organization is migrating its patient records system to AWS. The system consists of a web frontend, an application tier, and an Oracle database. The organization must comply with strict regulatory requirements: all data must be encrypted at rest using a dedicated hardware security module (HSM) under their exclusive control, and the database must be highly available across multiple Availability Zones. Which combination of services and configurations should the Architect use? (Select THREE)
Answer options:
Deploy an AWS CloudHSM cluster across multiple Availability Zones.
Migrate the database to Amazon RDS for Oracle with Multi-AZ enabled.
Configure Amazon RDS to use AWS KMS with a custom key store backed by the CloudHSM cluster.
Migrate the database to Amazon Aurora PostgreSQL and use Aurora Global Database.
Use AWS KMS with AWS managed keys to encrypt the RDS database.
Deploy Oracle on Amazon EC2 instances and use AWS Secrets Manager to handle encryption keys.
75 questions · hints · full answers · grading
Expert