Company A needs to export sensitive data from its financial system to company B’s database,
using company B’s API in an automated manner. Company A’s policy prohibits the use of any
intermediary external systems to transfer or store its sensitive data, therefore the transfer must
occur directly between company A’s financial system and company B’s destination server using
the supplied API. Additionally, company A’s legacy financial software does not support encryption,
while company B’s API supports encryption. Which of the following will provide end-to-end
encryption for the data transfer while adhering to these requirements?
A.
Company A must install an SSL tunneling service on the financial system.
B.
Company A’s security administrator should use an HTTPS capable browser to transfer the
data.
C.
Company A should use a dedicated MPLS circuit to transfer the sensitive data to company B.
D.
Company A and B must create a site-to-site IPSec VPN on their respective firewalls.