A company has a database fleet that includes an Amazon RDS for MySQL DB instance. During an audit, the company discovered that the data that is stored on the DB instance is unencrypted. A database specialist must enable encryption for the DB instance. The database specialist also must encrypt all connections to the DB instance. Which combination of actions should the database specialist take to meet these requirements? (Choose three.)

Topic #: - All AWS Certified Database - Specialty Questions

A. In the RDS console, choose ג€Enable encryptionג€ to encrypt the DB instance by using an AWS Key Management Service (AWS KMS) key.
B. Encrypt the read replica of the unencrypted DB instance by using an AWS Key Management Service (AWS KMS) key. Fail over the read replica to the primary DB instance.
C. Create a snapshot of the unencrypted DB instance. Encrypt the snapshot by using an AWS Key Management Service (AWS KMS) key. Restore the DB instance from the encrypted snapshot. Delete the original DB instance.
D. Require SSL connections for applicable database user accounts.
E. Use SSL/TLS from the application to encrypt a connection to the DB instance.
F. Enable SSH encryption on the DB instance.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Share this post

Join the Discussion