What should a solutions architect do to improve the security of the data in transit?

By:
On:
In: SAA-C03
Tagged:
With: 0 Comments
A company has a three-tier application on AWS that ingests sensor data from its users’ devices.The traffic flows through a Network Load Balancer (NLB), then to Amazon EC2 instances for the web tier, and finally to EC2 instances for the application tier.The application tier makes calls to a database.

What should a solutions architect do to improve the security of the data in transit?

Configure a TLS listener. Deploy the server certificate on the NLB.

Configure AWS Shield Advanced. Enable AWS WAF on the NLB.

Change the load balancer to an Application Load Balancer (ALB). Enable AWS WAF on the ALB.

Encrypt the Amazon Elastic Block Store (Amazon EBS) volume on the EC2 instances by using AWS Key Management Service (AWS KMS).

Explanations:

Configuring a TLS listener and deploying the server certificate on the NLB will encrypt the data in transit between the NLB and the clients. This ensures that sensitive data, such as sensor data, is transmitted securely over the network, protecting it from interception and unauthorized access.

While AWS Shield Advanced provides DDoS protection and AWS WAF can help filter malicious traffic, neither directly addresses the encryption of data in transit. Therefore, this option does not enhance the security of the data itself during transmission.

Changing to an Application Load Balancer and enabling AWS WAF does not inherently improve the encryption of data in transit. An ALB can handle TLS termination, but without configuring a TLS listener, data will still be transmitted in an unencrypted format.

Encrypting the Amazon EBS volume protects data at rest on the EC2 instances but does not secure data in transit. Therefore, this option does not address the need for securing data during transmission between components.

Leave a Reply

Your email address will not be published. Required fields are marked *

3 × four =