A company hosts a web-based application that captures and stores sensitive data in an Amazon DynamoDB table. A security audit reveals that the application does not provide end-to-end data protection or the ability to detect unauthorized data changes. The software engineering team needs to make changes that will address the audit findings.
Which set of steps should the software engineering team take?
A. Use an AWS Key Management Service (AWS CMK) CMK. Encrypt the data at rest.
B. Use AWS Certificate Manager (ACM) Private Certificate Authority. Encrypt the data in transit.
C. Use a DynamoDB encryption client. Use client-side encryption and sign the table items.
D. Use the AWS Encryption SDK. Use client-side encryption and sign the table items.
