AWS Certified SysOps Administrator SOA-C01 – Question768

A Development team is designing an application that processes sensitive information within a hybrid deployment. The team needs to ensure the application data is protected both in transit and at rest.
Which combination of actions should be taken to accomplish this? (Choose two.)

A.
Use a VPN to set up a tunnel between the on-premises data center and the AWS resources
B. Use AWS Certificate Manager to create TLS/SSL certificates
C. Use AWS CloudHSM to encrypt the data
D. Use AWS KMS to create TLS/SSL certificates
E. Use AWS KMS to manage the encryption keys used for data encryption