A healthcare company is building a new patient portal on AWS. The application uses an Application Load Balancer (ALB), Amazon EC2 instances in an Auto Scaling group, and an Amazon RDS for MySQL database. To meet HIPAA compliance, all data must be encrypted at rest and in transit. How should the architect ensure end-to-end encryption in transit from the user to the database?

Ensure every network hop is encrypted.

What mistakes do candidates make on this AWS SAP-C02 question?

Terminating SSL at the ALB and using HTTP to the backend targets.

Domain 2.3: Security Controls — AWS SAP-C02 Practice Question 09

A.

Configure an HTTPS listener on the ALB. Terminate SSL at the ALB and route traffic to EC2 over HTTP. Use AWS KMS to encrypt the RDS database.

B.

Configure an HTTPS listener on the ALB with an ACM certificate. Configure the ALB to route traffic to EC2 instances over HTTPS. Enforce SSL/TLS connections in the RDS parameter group.

C.

Use a Network Load Balancer (NLB) with TCP passthrough to the EC2 instances. Use AWS Certificate Manager to deploy certificates directly to the RDS instance.

D.

Enable AWS Shield Advanced on the ALB to automatically encrypt all incoming and outgoing traffic.

How to approach this question

Full Answer

Common mistakes

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 7

More questions from this exam