题目
A health organization is using a large Dedicated EC2 instance with multiple EBS volumes to host its health records web application. The EBS volumes must be encrypted due to the confidentiality of the data that they are handling and also to comply with the HIPAA (Health Insurance Portability and Accountability Act) standard. In EBS encryption, what service does AWS use to secure the volume’s data at rest? (Choose 2)
————————————————————————————
A. By using your own keys in AWS Key Management Service (KMS).
B. By using S3 Server-Side Encryption.
C. By using Amazon-managed keys in AWS Key Management Service (KMS).
D. By using S3 Client-Side Encryption.
E. By using a password stored in CloudHSM.
F. By using the SSL certificates provided by the AWS Certificate Manager (ACM).
注释
Amazon EBS 加密提供了EBS数据卷、引导卷和快照的无缝加密,无需构建和维护安全的密钥管理。EBS 加密通过使用Amazon 管理的密钥加密数据或使用 AWS 密钥管理服务 (KMS) 创建和管理的密钥, 实现静态数据的安全性。加密发生在承载 EC2 实例的服务器上, 在数据在 EC2 实例和 EBS 存储之间移动时提供数据加密。因此, 备选案文1和3是正确的答案。
选项2和4是不正确的,因为它只与S3相关。
选项5是不正确的,因为您只将密钥存储在 CloudHSM 中,而不存储密码。
选项6是不正确的,因为只提供SSL证书,而不提供EBS卷的数据加密。
参考链接
https://aws.amazon.com/ebs/faqs/
答案
正确答案:A,C
扫一扫
2808
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
