You are creating an application which stores extremely sensitive financial information.
All information in the system must be encrypted at rest and in transit.
Which of these is a violation of this policy?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - A.
If you use SSL termination, your servers will always get non-secure connections and will never know whether users used a more secure channel or not.
If you are using Elastic beanstalk to configure the ELB, you can use the below article to ensure end to end encryption.
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-endtoend.htmlThe correct answer is A. ELB SSL termination.
Explanation:
When dealing with sensitive data, it is important to ensure that data is encrypted both at rest and in transit.
ELB SSL termination means that SSL/TLS connections are terminated at the Elastic Load Balancer (ELB) and then decrypted before being forwarded to the backend servers. This means that the data is no longer encrypted in transit between the ELB and the backend servers. Therefore, using ELB SSL termination would violate the policy of encrypting data in transit.
Option B. ELB Using Proxy Protocol v1 does not violate the policy of encrypting data at rest and in transit. Proxy Protocol is used to pass client connection information to backend servers. This protocol can be used securely with SSL/TLS encryption.
Option C. CloudFront Viewer Protocol Policy set to HTTPS redirection is in line with the policy of encrypting data in transit. This option ensures that all HTTP requests are automatically redirected to HTTPS.
Option D. Telling S3 to use AES256 on the server-side is in line with the policy of encrypting data at rest. This option encrypts data stored in S3 using the Advanced Encryption Standard (AES) algorithm.
In summary, the only option that violates the policy of encrypting data in transit is A. ELB SSL termination.