A company has deployed a single-page application on AWS. The application stores assets in an Amazon S3 bucket. The application has an Amazon CloudFront distribution that is configured with the S3 bucket as the origin. Amazon API Gateway APIs access AWS Lambda functions that store information in an Amazon DynamoDB table. The application ingests a payload that includes 20 fields of sensitive data.
Which combination of steps should a developer take to protect the sensitive data through its entire lifecycle in AWS? (Choose two.)

A. Create a Lambda@Edge function to encrypt data when CloudFront processes a client request. Configure the distribution to invoke the Lambda@Edge function when the origin request event occurs.

B. Generate an AWS Key Management Service (AWS KMS) customer managed key that Lambda@Edge can use.

C. Create an SSL/TLS certificate in AWS Certificate Manager (ACM). Associate the certificate with the Network Load Balancer.

D. Set up a Network Load Balancer for API Gateway private integrations.

E. Store the data in the S3 bucket by using server-side encryption with Amazon S3 managed encryption keys (SSE-S3). Transfer the encrypted data from the S3 bucket to the DynamoDB table.






 

Suggested Answer: BD

Community Answer: AB




This question is in DVA-C01 AWS Certified Developer – Associate Exam
For getting AWS Certified Developer – Associate Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.