SAP-C02 第 303 题
题目
An online survey company runs its application in the AWS Cloud. The application is distributed and consists of microservices that run in an automatically scaled Amazon Elastic Container Service (Amazon ECS) cluster. The ECS cluster is a target for an Application Load Balancer (ALB). The ALB is a custom origin for an Amazon CloudFront distribution. The company has a survey that contains sensitive data. The sensitive data must be encrypted when it moves through the application. The application's data-handling microservice is the only microservice that should be able to decrypt the data Which solution will meet these requirements?
中文翻译:
一家在线调查公司在 AWS 云中运行其应用程序。该应用程序是分布式的,由在自动扩展的 Amazon Elastic Container Service (Amazon ECS) 集群中运行的微服务组成。 ECS 集群是应用程序负载均衡器 (ALB) 的目标。 ALB 是 Amazon CloudFront 分配的自定义源。该公司有一项包含敏感数据的调查。敏感数据在应用程序中移动时必须进行加密。应用程序的数据处理微服务是唯一能够解密数据的微服务哪个解决方案可以满足这些要求?
选项
A. Create a symmetric AWS Key Management Service (AWS KMS) key that is dedicated to the data-handling microservice. Create a field-level encryption profile and a configuration. Associate the KMS key and the configuration with the CloudFront cache behavior.
中文翻译:
创建专用于数据处理微服务的对称 AWS Key Management Service (AWS KMS) 密钥。创建字段级加密配置文件和配置。将 KMS 密钥和配置与 CloudFront 缓存行为关联。
B. Create an RSA key pair that is dedicated to the data-handing microservice. Upload the public key to the CloudFront distribution. Create a field-level encryption profile and a configuration. Add the configuration to the CloudFront cache behavior.
中文翻译:
创建专用于数据处理微服务的 RSA 密钥对。将公钥上传到 CloudFront 分配。创建字段级加密配置文件和配置。将配置添加到 CloudFront 缓存行为。
C. Create a symmetric AWS Key Management Service (AWS KMS) key that is dedicated to the data-handling microservice. Create a Lambda@Edge function. Program the function to use the KMS key to encrypt the sensitive data.
中文翻译:
创建专用于数据处理微服务的对称 AWS Key Management Service (AWS KMS) 密钥。创建 Lambda@Edge 函数。对函数进行编程以使用 KMS 密钥加密敏感数据。
D. Create an RSA key pair that is dedicated to the data-handling microservice. Create a Lambda@Edge function. Program the function to use the private key of the RSA key pair to encrypt the sensitive data.
中文翻译:
创建专用于数据处理微服务的 RSA 密钥对。创建 Lambda@Edge 函数。对该函数进行编程,以使用 RSA 密钥对的私钥来加密敏感数据。
答案
B
解析
正确答案:B 解析: 本题应选择 B。 正确选项: B. 创建专用于数据处理微服务的 RSA 密钥对。将公钥上传到 CloudFront 分配。创建字段级加密配置文件和配置。将配置添加到 CloudFront 缓存行为。 选择理由: 该选项最直接地满足题干中的关键约束。做 SAP-C02 题目时,需要同时对照题干里的限定词,例如最高性能、最低运维开销、成本效益、可靠性、可扩展性、安全性、RTO/RPO、合规要求等。本题相关考点主要包括:...