ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Domain 1.3: Data SecurityDomain 1SecurityRDSEncryption

AWS SAA-C03 · Question 19 · Domain 1.3: Data Security

A company has an unencrypted Amazon RDS for MySQL database. The security team has mandated that the database must be encrypted at rest using AWS KMS. What is the MOST efficient way to encrypt the existing database?

Answer options:

A.

Modify the existing RDS instance and enable encryption in the AWS Management Console.

B.

Take a snapshot of the unencrypted database, copy the snapshot and enable encryption during the copy, then restore a new DB instance from the encrypted snapshot.

C.

Create a new encrypted RDS instance and use AWS Database Migration Service (DMS) to migrate the data.

D.

Export the database to Amazon S3, encrypt the S3 bucket, and import the data into a new RDS instance.

How to approach this question

Remember the rule for RDS: You cannot encrypt an existing unencrypted instance. You must snapshot -> copy (encrypt) -> restore.

Full Answer

B.Take a snapshot of the unencrypted database, copy the snapshot and enable encryption during the copy, then restore a new DB instance from the encrypted snapshot.✓ Correct
Take a snapshot of the unencrypted database, copy the snapshot and enable encryption during the copy, then restore a new DB instance from the encrypted snapshot.
You can only enable encryption for an Amazon RDS DB instance when you create it, not after it's created. To encrypt an existing unencrypted instance, you must create a snapshot of the instance, copy that snapshot and specify a KMS key to encrypt the copy, and then restore a new DB instance from the encrypted snapshot.

Common mistakes

Assuming you can just click 'modify' and turn on encryption for RDS.
18All questions20

Practice the full AWS SAA-C03 Practice Exam 1

65 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...MediumQ02A solutions architect is designing an application that will run on Amazon EC2 instances. The appl...EasyQ03A company wants to implement a federated identity solution for its employees to access the AWS Ma...MediumQ04A mobile application needs to access Amazon DynamoDB directly to read user-specific data. The app...HardQ05A company is hosting a web application on Amazon EC2 instances. The application connects to an Am...Medium
View all 65 questions →