A company is running a finance application on an Amazon RDS for MySQL DB instance. The application is governed by multiple financial regulatory agencies. The RD...

A company is running a finance application on an Amazon RDS for MySQL DB instance. The application is governed by multiple financial regulatory agencies.
The RDS DB instance is set up with security groups to allow access to certain Amazon EC2 servers only. AWS KMS is used for encryption at rest.
Which step will provide additional security?

A. Set up NACLs that allow the entire EC2 subnet to access the DB instance B. Disable the master user account C. Set up a security group that blocks SSH to the DB instance D. Set up RDS to use SSL for data in transit