Q492. A software company has deployed a web application on AWS in a VPC. The application uses an Application Load Balancer and Amazon EC2 instances in an Auto Scaling group for the application tier. The EC2 instances access an
IBM Db2 database that is hosted on separate EC2 instances. Db2 credentials are stored in the configuration file on the application tier and are deployed with AWS AppConfig. The company has a new requirement to prove that the team in charge of the operations of the platform cannot access the cleartext data that is stored in Db2. A solutions architect must implement a solution to meet this requirement with the least possible redevelopment needed Which combination of steps should the solutions architect take? (Select TWO.)
A.Use an AWS managed CMK to ensure that EBS disks for the EC2 instances are encrypted Edit the key policy to ensure that only the roles provided to the EC2 instances in the application tier are allowed to use the key. B.Use a customer managed CMK to ensure that EBS disks for the EC2instances are encrypted. Edit the key policy to ensure that only the roles provided to the EC2 instances in the application tier are allowed to use the key. C.Use AWS Certificate Manager (ACM) to implement mutual authentication between the application and the database. D.Use AWS Secrets Manager to ensure that a password is not stored in the application configuration. E.Use client-side encryption in the application正确答案BD
