A company is designing a new application that will process sensitive financial data. They need to ensure encryption at rest and in transit. Which of the following should they use? (Select TWO.)
Trap 1: AWS Certificate Manager (ACM) for all encryption
ACM provides certificates, not encryption at rest.
Trap 2: SSL certificates for all connections
TLS is the modern standard, SSL is deprecated.
Trap 3: AWS Identity and Access Management (IAM) for data encryption
IAM controls access, not encryption.
- A
TLS for all data in transit
TLS encrypts data in transit.
- B
AWS Certificate Manager (ACM) for all encryption
Why wrong: ACM provides certificates, not encryption at rest.
- C
SSL certificates for all connections
Why wrong: TLS is the modern standard, SSL is deprecated.
- D
AWS Key Management Service (KMS) for encryption at rest
KMS manages encryption keys for at-rest encryption.
- E
AWS Identity and Access Management (IAM) for data encryption
Why wrong: IAM controls access, not encryption.