You are creating an application which stores extremely sensitive financial information. All information in the system must
be encrypted at rest and in transit. Which of these is a violation of this policy?
A.
ELB SSL termination.
B.
ELB Using Proxy Protocol v1.
C.
CloudFront Viewer Protocol Policy set to HTTPS redirection.
D.
Telling S3 to use AES256 on the server-side.
Explanation:
Terminating SSL terminates the security of a connection over HTTP, removing the S for “Secure” in HTTPS. This violates
the “encryption in transit” requirement in the scenario.
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-listener-config.html
A seems right
it’s kind of tricky. ELB can terminate the incoming SSL and establish another ssl connection with the backed instances with CA or self signed cert.
However the other answers seems all fine. So may still be A.