A company has an unencrypted Amazon RDS MySQL database. A new compliance mandate requires that the database must be encrypted at rest. What is the MOST operationally efficient way to achieve this?

Answer options:

Modify the existing RDS instance and check the 'Enable Encryption' box.

Take a snapshot of the database, copy the snapshot and enable encryption, then restore a new DB instance from the encrypted snapshot.

Create a new encrypted RDS instance and use AWS DMS to migrate the data.

Enable AWS KMS encryption on the underlying EBS volumes attached to the RDS instance.

How to approach this question

Remember the snapshot-copy-restore workflow for encrypting existing RDS databases.

Full Answer

B.Take a snapshot of the database, copy the snapshot and enable encryption, then restore a new DB instance from the encrypted snapshot.✓ Correct

To encrypt an existing unencrypted RDS instance, you must create a snapshot, copy that snapshot while specifying a KMS key to encrypt the copy, and then restore a new DB instance from the encrypted snapshot.

Common mistakes

Assuming you can just toggle encryption on an existing database.

Question 16 All questions Question 18

Practice the full AWS SAA-C03 Practice Exam 5

65 questions · hints · full answers · grading

More questions from this exam

Q01A company needs to grant an external auditor read-only access to specific AWS resources. The audi...Easy Q02An application running on EC2 instances needs to access objects in an S3 bucket. The security tea...Medium Q03A company is designing a VPC for a multi-tier web application. They need to block specific malici...Medium Q04A large enterprise uses AWS Organizations to manage multiple accounts. The security team wants to...Hard Q05A company hosts a web application on an Application Load Balancer (ALB). They are experiencing SQ...Medium

View all 65 questions →