What is the MOST secure way to meet these requirements?

By:
In: DVA-C01
Tagged:
With: 1 Comment
The developer is creating a web application that collects highly regulated and confidential user data through a POST request.The web application is served through Amazon CloudFront.User names and phone numbers must be encrypted at the edge and must remain encrypted throughout the entire application stack.

What is the MOST secure way to meet these requirements?

Enforce Match Viewer with HTTPS Only on CloudFront.

Use only the newest TLS security policy on CloudFront.

Enforce a signed URL on CloudFront on the front end.

Use field-level encryption on CloudFront.

Explanations:

Enforcing HTTPS only on CloudFront ensures secure transport but does not encrypt the data itself at the edge. Field-level encryption is needed for encrypting sensitive data like usernames and phone numbers at the edge.

Using the newest TLS security policy improves security during data transmission, but it doesn’t address the encryption of sensitive data at the edge or throughout the application stack.

Enforcing a signed URL controls access to CloudFront resources but does not provide encryption of sensitive data like usernames and phone numbers at the edge.

Field-level encryption on CloudFront enables the encryption of specific data fields (e.g., usernames, phone numbers) at the edge before they are sent to the origin, ensuring the data remains encrypted throughout the stack.

2025-10-07

1 Comment

  1. Amanda
    Author

    I opine that the answer is:
    Use field-level encryption on CloudFront.

Leave a Reply

Your email address will not be published. Required fields are marked *

16 − 1 =