What should a solutions architect do to improve the security of the data in transit?
Configure a TLS listener. Deploy the server certificate on the NLB.
Configure AWS Shield Advanced. Enable AWS WAF on the NLB.
Change the load balancer to an Application Load Balancer (ALB). Enable AWS WAF on the ALB.
Encrypt the Amazon Elastic Block Store (Amazon EBS) volume on the EC2 instances by using AWS Key Management Service (AWS KMS).
Explanations:
Configuring a TLS listener on the Network Load Balancer and deploying the server certificate ensures that the data is encrypted during transit from the client to the load balancer, providing secure communication. This is crucial for protecting sensitive sensor data from interception.
AWS Shield Advanced provides DDoS protection, and enabling AWS WAF on the NLB offers some security features; however, this does not specifically address the encryption of data in transit, which is the primary concern for securing sensitive data.
While switching to an Application Load Balancer (ALB) and enabling AWS WAF can enhance security, the option does not mention configuring TLS for data encryption in transit, which is essential for protecting the data itself. WAF primarily protects against web application attacks.
Encrypting the Amazon EBS volumes helps secure data at rest, not data in transit. This option does not address the need for secure communication between the various tiers of the application, which is the primary concern for data in transit security.