Which combination of activities must the company implement to meet its encryption requirements?
(Choose two.)
Configure SSL/TLS on the EC2 instances and configure the ALB target group to use HTTPS.
Ensure that all resources are in the same VPC so the default encryption provided by the VPC is used to encrypt the traffic between the EC2 instances.
In the ALB, select the default encryption to encrypt the traffic between the ALB and the EC2 instances.
In the code for the application, include a cryptography library and encrypt the data before sending it between the EC2 instances.
Configure AWS Direct Connect to provide an encrypted tunnel between the EC2 instances.
Explanations:
Configuring SSL/TLS on the EC2 instances and setting the ALB target group to use HTTPS ensures that the data is encrypted both in transit from the ALB to the EC2 instances and between the EC2 instances themselves. This creates a secure channel for sensitive data.
While ensuring that all resources are in the same VPC may provide some level of security, it does not specifically encrypt the traffic between EC2 instances. VPC provides network isolation but not encryption of data in transit.
The ALB does not provide default encryption for traffic between itself and EC2 instances. Instead, SSL/TLS must be explicitly configured on the instances to encrypt traffic between the ALB and the instances.
Including a cryptography library in the application code to encrypt data before sending it between EC2 instances is a valid approach to ensure that sensitive information is protected in transit. This method complements SSL/TLS and can provide additional security measures.
AWS Direct Connect does not inherently provide an encrypted tunnel between EC2 instances; it is primarily a dedicated network connection to AWS. To secure traffic, additional encryption methods, such as SSL/TLS or application-layer encryption, would still be necessary.