Company A needs to export sensitive data from its financial system to company B’s database, using company
B’s API in an automated manner. Company A’s policy prohibits the use of any intermediary external systems to
transfer or store its sensitive data, therefore the transfer must occur directly between company A’s financial
system and company B’s destination server using the supplied API. Additionally, company A’s legacy financial
software does not support encryption, while company B’s API supports encryption. Which of the following will
provide end-to-end encryption for the data transfer while adhering to these requirements?
A.
Company A must install an SSL tunneling software on the financial system.
B.
Company A’s security administrator should use an HTTPS capable browser to transfer the data.
C.
Company A should use a dedicated MPLS circuit to transfer the sensitive data to company B.
D.
Company A and B must create a site-to-site IPSec VPN on their respective firewalls.