Your company wants to set up a new online business. The new solution must be extendable for new products to be developed and added. Customers and business partners must be able to log in to the system. The new system must be usable and manageable. Non-core functions must integrate seamlessly with third parties. Customers' personal and financial information must be protected during transport and

while at rest. The application will consist of a three-tiered architecture for the front-end components and an ESB to provide services. It will include transformation capability, legacy system integration, and a web services gateway. You implement WS-Security for services authentication and XACML for service authorization. What else should you do?

A. Use application level encryption to encrypt sensitive fields, database encryption on sensitive flows, and SSL encryption for sensitive data storage.
B. Use database encryption to encrypt sensitive fields, SSL encryption on sensitive flows, and application-level encryption for sensitive data storage.
C. Use application-level encryption to encrypt sensitive fields, SSL encryption on sensitive flows, and database encryption for sensitive data storage.
D. Use SSL encryption to encrypt sensitive fields, application-level encryption on sensitive flows, and database encryption for sensitive data storage.

---

C
Explanation: You should use application-level encryption to encrypt sensitive fields, SSL encryption on sensitive flows, and database encryption for sensitive data storage.