Which combination of steps will meet these requirements?

By:
In: DVA-C01
Tagged:
With: 2 Comments
A developer wants to process personally identifiable information by using a public HTTP API that is hosted on Amazon EC2.The developer also wants to protect the data as securely as possible in transit.

Which combination of steps will meet these requirements?

(Choose two.)

Use the Amazon CloudFront field-level encryption feature for the incoming data.

Apply the principle of least privilege for access to the AWS Key Management Service (AWS KMS) service page.

Frequently rotate any API access keys for the HTTP API.

Turn on multi-factor authentication (MFA) for all IAM users.

Implement TLS for the HTTP API.

Explanations:

Amazon CloudFront field-level encryption protects specific data fields and ensures that sensitive data is encrypted before being transmitted and stored in CloudFront.

Applying least privilege for access to AWS KMS service page is good practice but does not directly protect data in transit for a public API on EC2.

Frequently rotating API access keys is good for securing access but does not address the encryption of data in transit.

Enabling MFA for IAM users enhances account security but does not directly secure data in transit or provide encryption for an HTTP API.

Implementing TLS (Transport Layer Security) for the HTTP API ensures that data is encrypted in transit, protecting sensitive information from interception during transmission.

2026-04-05

2 Comments

  1. Kathleen
    Author

    My best guess is:
    Use the Amazon CloudFront field-level encryption feature for the incoming data.

  2. Kathy
    Author

    I assess that the answer is:
    Use the Amazon CloudFront field-level encryption feature for the incoming data.

Leave a Reply

Your email address will not be published. Required fields are marked *

seven + 1 =