What should the security engineer do to meet these requirements?
Use AWS Certificate Manager (ACM) for encryption in transit. Use AWS Key Management Service for encryption at rest.
Use AWS Certificate Manager (ACM) for encryption in transit and encryption at rest.
Use AWS Key Management Service for encryption in transit. Use AWS Certificate Manager (ACM) for encryption at rest.
Use AWS Key Management Service for encryption in transit and encryption at rest.
Explanations:
AWS Certificate Manager (ACM) can be used to manage SSL/TLS certificates, ensuring that traffic is encrypted in transit to the Application Load Balancer and Amazon API Gateway. AWS Key Management Service (KMS) can manage encryption keys for encrypting data at rest in S3. This combination fulfills both requirements of encryption in transit and at rest.
While AWS Certificate Manager (ACM) is appropriate for encrypting traffic in transit, it is not used for encrypting data at rest. ACM manages SSL/TLS certificates but does not handle storage encryption. Therefore, this option does not meet the requirement for encrypting resources at rest.
AWS Key Management Service (KMS) is not typically used directly for encrypting traffic in transit; instead, it manages encryption keys. ACM is the correct choice for securing traffic in transit. This option fails to meet the requirement for encryption in transit.
AWS Key Management Service (KMS) does not encrypt traffic in transit. It is used for managing encryption keys and can be used for encrypting data at rest. This option does not address the need for encrypting traffic in transit to the Application Load Balancer and API Gateway, thus failing to meet all requirements.
I systematize that the answer is:
Use AWS Certificate Manager (ACM) for encryption in transit. Use AWS Key Management Service for encryption at rest.