ExpertAWS SAP-C02 · Question 09 · Domain 2.3: Security Controls
A healthcare company is building a new patient portal on AWS. The application uses an Application Load Balancer (ALB), Amazon EC2 instances in an Auto Scaling group, and an Amazon RDS for MySQL database. To meet HIPAA compliance, all data must be encrypted at rest and in transit. How should the architect ensure end-to-end encryption in transit from the user to the database?
A healthcare company is building a new patient portal on AWS. The application uses an Application Load Balancer (ALB), Amazon EC2 instances in an Auto Scaling group, and an Amazon RDS for MySQL database. To meet HIPAA compliance, all data must be encrypted at rest and in transit. How should the architect ensure end-to-end encryption in transit from the user to the database?
Answer options:
Configure an HTTPS listener on the ALB. Terminate SSL at the ALB and route traffic to EC2 over HTTP. Use AWS KMS to encrypt the RDS database.
Configure an HTTPS listener on the ALB with an ACM certificate. Configure the ALB to route traffic to EC2 instances over HTTPS. Enforce SSL/TLS connections in the RDS parameter group.
Use a Network Load Balancer (NLB) with TCP passthrough to the EC2 instances. Use AWS Certificate Manager to deploy certificates directly to the RDS instance.
Enable AWS Shield Advanced on the ALB to automatically encrypt all incoming and outgoing traffic.
How to approach this question
Full Answer
Common mistakes
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 7
75 questions · hints · full answers · grading