Home › AWS Cloud Practitioner › cloudcomputing › securitycompliance › Which combination correctly describes encryption…
Which combination correctly describes encryption in transit versus encryption at rest?
AIn transit is free; at rest doubles the storage bill
BIn transit protects data moving over a network using TLS; at rest protects data stored on disk using AES or similar block ciphers
CIn transit means data is stored on tape; at rest means data is replicated to another Region
DIn transit applies only to S3; at rest applies only to RDS
Answer & Solution
Correct answer: B. In transit protects data moving over a network using TLS; at rest protects data stored on disk using AES or similar block ciphers
In transit = TLS / HTTPS over the wire. At rest = block-level disk encryption (often AES-256) with keys managed by AWS KMS or the customer. Both should be enabled for sensitive workloads. Neither doubles the bill, and both apply broadly across services.
Related questions
AWS IAM Identity Center (formerly AWS SSO) primarily lets you:A team wants to block common web exploits like SQL injection and cross-site scripting at tAn organization wants to detect threats like unusual API calls, compromised EC2 instances,For Amazon RDS, which of the following best describes the shared responsibility split?What is the difference between an IAM user and an IAM role?The principle of least privilege, as applied via IAM, recommends that you:Which AWS service logs all API calls made against the AWS account, so administrators can aWhich task can ONLY be performed by the AWS account root user, and not by any IAM user eve