DVA-C02 · Question #509
DVA-C02 Question #509: Real Exam Question with Answer & Explanation
Sign in or unlock DVA-C02 to reveal the answer and full explanation for question #509. The question stem and answer options stay visible for context.
Question
A company is building an application to accept data from customers. The data must be encrypted at rest and in transit. The application uses an Amazon API Gateway API that resolves to AWS Lambda functions. The Lambda functions store the data in an Amazon Aurora MySQL DB cluster. The application worked properly during testing. A developer configured an Amazon CloudFront distribution with field-level encryption that uses an AWS Key Management Service (AWS KMS) key. After the configuration of the distribution, the application behaved unexpectedly. All the data in the database changed from plaintext to ciphertext. The developer must ensure that the data is not stored in the database as the ciphertext from the CloudFront field-level encryption. Which solution will meet this requirement?
Options
- AChange the CloudFront Viewer protocol policy from "HTTP and HTTPS" to "HTTPS only."
- BAdd a Lambda function that uses the KMS key to decrypt the data fields before saving the data to
- CEnable encryption on the DB cluster by using the same KMS key that is used in CloudFront.
- DRequest and deploy a new SSL certificate to use with the CloudFront distribution.
Unlock DVA-C02 to see the answer
You've previewed enough free DVA-C02 questions. Unlock DVA-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.