- You will be using AWS Security Manager
- You will be installing SSL/TLS certificate on EC2 instance.
- Correct Answer
- You will be using AWS CloudTrail solution
Correct Answer : C
: In the given question we wanted that all the data read and write on EBS volume should be encrypted. And better solution for which very well integrated for given requirement is AWS KMS (Key management solution). AWS KMS is a managed solution from A................................. is highly protected because they will never leave KMS, they are protected using Hardware Security Manager (HSM).
And KMS is well integrated with the AWS EC2 and EBS volume. If yo..............................the data you are storing in EBS. Hence, option 3 is correct.
Now lets look for other options
Option 1: AWS security manager provides encryption but this is not an ideal solution for EBS volume encryption. Security Manager is good for encryption credentials like Database connection string, Username and password etc, which you can retrieve dynamically and rather than storing them in the code. It is a good practice to use it, but can not be used for EBS encryption. Even AWS Security Manager uses KMS for encrypting credentials.
Option 2: SSL certificates are good for both c............................