Which combination of AWS services or features can a company use to encrypt data in transit and data at rest?

Explanations:

AWS Lambda is a serverless compute service that runs code in response to events but does not provide encryption features by itself. It can be used in conjunction with other services that handle encryption but does not directly encrypt data.

AWS Key Management Service (AWS KMS) is a managed service that allows you to create and control encryption keys used to encrypt your data at rest and in transit. It provides the functionality to encrypt data stored in AWS services and to manage keys for data encryption.

Amazon CloudWatch metrics is primarily a monitoring service that provides data and insights about AWS resources and applications. It does not offer any encryption capabilities for data at rest or in transit.

AWS Certificate Manager (ACM) is a service that helps you provision, manage, and deploy SSL/TLS certificates, which are essential for encrypting data in transit. It enables secure communications over the internet by using these certificates to establish encrypted connections.

AWS Systems Manager is a management service that provides operational data from multiple AWS services to automate tasks across AWS resources. It does not directly provide encryption capabilities for data at rest or in transit.