As part of meeting compliance requirements, your client needs to guarantee the protection of their customer information when it is stored in the cloud as well as safeguarding the data during transfer to and from their cloud storage solution. Which approach would best fulfill these requirements?
Activating a web application firewall for incoming and outgoing data and applying hardware security modules for stored data
Engaging a third-party service for end-to-end data encryption without utilizing built-in cloud service features
Securing data at rest with Identity and Access Management permissions and data in transit with virtual private networks
Enabling encryption for stored data using service-managed keys and requiring encrypted connections for data transfer
The best practice for protecting data stored on the cloud is to use server-side encryption, where the storage service itself encrypts the data before it writes it to disk. For securing data during transfer, the standard approach is to enforce the use of Secure Socket Layer (SSL)/Transport Layer Security (TLS) protocols, which is generally achieved by allowing only HTTPS connections to the storage service. This combination will meet the compliance requirements for both data at rest and data in transit encryption.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are service-managed keys and how do they work with encryption?
Open an interactive chat with Bash
What is the difference between data at rest and data in transit?
Open an interactive chat with Bash
How do SSL and TLS protocols secure data during transfer?
Open an interactive chat with Bash
AWS Cloud Practitioner CLF-C02
Security and Compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access