A startup firm has deployed bill payment application servers on custom on-premises servers which handles all users' requests.
Amazon CloudFront has been deployed which forwards user HTTPS request to these custom origin servers.
Last week there was a security breach incident wherein client credit card information was leaked from these servers.
As an AWS Consultant, the security head from a startup firm is looking for your guidance to enhance security for users performing transactions with credit cards.
Which of the following security feature can be implemented to provide additional security for credit card transactions?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - C.
Field-Level Encryption can be configured on Amazon CloudFront to encrypt specific fields in HTTPS requests sent to origin servers.
This provides additional security for sensitive data which is forwarded to origin servers.
In the above case, the client is already using HTTPS between Amazon CloudFront & custom servers.
To safeguard credit card information that is sent to these servers, Amazon CloudFront can be configured to use Field-Level Encryption for these fields in POST requests.
To set up Field-Level Encryption, RSA key pair with 2048 bits is required.
Option A is incorrect as Field-Level Encryption does not support all data encryption, but only specific fields in POST requests to origin servers.
Options B & Dare incorrect as RSA key size should be 2048 bits & not 1024 bits.
For more information on using Field-Level encryption with Amazon CloudFront, refer to the following URL.
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.htmlThe startup firm needs to enhance security for users performing transactions with credit cards. One way to provide additional security is to use field-level encryption. Field-level encryption is a feature of Amazon CloudFront that allows users to encrypt sensitive data at the field level, which can provide end-to-end encryption and can help to prevent data breaches.
There are two key components to using field-level encryption: key pairs and encryption policies. The key pairs are used to encrypt and decrypt the data, while the encryption policies define which fields should be encrypted. Amazon CloudFront supports RSA key pairs with either 1024 bits or 2048 bits.
The correct answer to this question is option C: "Use Field-Level Encryption capability with Amazon CloudFront to encrypt specific fields in POST request using 2048 bits RSA key pair."
Option A ("Use Field-Level Encryption capability with Amazon CloudFront to encrypt all fields in POST request using 2048 bits RSA key pair") is incorrect because it suggests that all fields should be encrypted, which is not necessary and can be inefficient. Encrypting only specific fields can be a better approach, as it reduces the amount of data that needs to be encrypted and decrypted.
Option B ("Use Field-Level Encryption capability with Amazon CloudFront to encrypt all fields in POST request using 1024 bits RSA key pair") is incorrect because it suggests using a weaker RSA key pair, which may not provide sufficient security for credit card transactions. A 2048-bit RSA key pair is recommended for better security.
Option D ("Use Field-Level Encryption capability with Amazon CloudFront to encrypt specific fields in POST request using 1024 bits RSA key pair") is incorrect for the same reason as option B.
In summary, option C is the best solution because it recommends using field-level encryption to encrypt specific fields in POST request using a strong 2048-bit RSA key pair, which can provide better security for credit card transactions.