Domain 1.3: Data Security — AWS SAA-C03 Practice Question 19

How to approach this question

Remember the rule for RDS: You cannot encrypt an existing unencrypted instance. You must snapshot -> copy (encrypt) -> restore.

Full Answer

B.Take a snapshot of the unencrypted database, copy the snapshot and enable encryption during the copy, then restore a new DB instance from the encrypted snapshot.✓ Correct

You can only enable encryption for an Amazon RDS DB instance when you create it, not after it's created. To encrypt an existing unencrypted instance, you must create a snapshot of the instance, copy that snapshot and specify a KMS key to encrypt the copy, and then restore a new DB instance from the encrypted snapshot.

Common mistakes

Assuming you can just click 'modify' and turn on encryption for RDS.

A company has an unencrypted Amazon RDS for MySQL database. The security team has mandated that the database must be encrypted at rest using AWS KMS. What is the MOST efficient way to encrypt the existing database?

How to approach this question

Full Answer

Common mistakes

Practice the full AWS SAA-C03 Practice Exam 1

More questions from this exam