ExpertMedium1 markMultiple Choice
AWS SAA-C03 · Question 18 · Domain 1.3: Data Security
A company has an unencrypted Amazon RDS for PostgreSQL database. The security team mandates that the database must be encrypted at rest using AWS KMS.<br/><br/>What is the MOST operationally efficient way to encrypt the existing database?
A company has an unencrypted Amazon RDS for PostgreSQL database. The security team mandates that the database must be encrypted at rest using AWS KMS.<br/><br/>What is the MOST operationally efficient way to encrypt the existing database?
Answer options:
A.
Modify the existing RDS instance and check the 'Enable Encryption' box.
B.
Take a snapshot of the unencrypted database, copy the snapshot and enable encryption, then restore a new DB instance from the encrypted snapshot.
C.
Create a new encrypted RDS instance and use AWS DMS to migrate the data.
D.
Export the data to S3, encrypt the S3 bucket, and import it into a new RDS instance.
How to approach this question
Remember the snapshot-copy-restore pattern for RDS encryption.
Full Answer
B.Take a snapshot of the unencrypted database, copy the snapshot and enable encryption, then restore a new DB instance from the encrypted snapshot.✓ Correct
Take a snapshot of the unencrypted database, copy the snapshot and enable encryption, then restore a new DB instance from the encrypted snapshot.
You can only enable encryption for an Amazon RDS DB instance when you create it, not after. To encrypt an existing unencrypted instance, you must create a snapshot, copy that snapshot (specifying a KMS key to encrypt the copy), and then restore the encrypted snapshot to a new instance.
Common mistakes
Believing you can just modify the instance to turn on encryption.
Practice the full AWS SAA-C03 Practice Exam 6
65 questions · hints · full answers · grading
More questions from this exam
Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...MediumQ02A company has two AWS accounts: Account A for development and Account B for production. Developer...MediumQ03A mobile application needs to authenticate users using their social media accounts (Facebook, Goo...EasyQ04A company is running an application on Amazon EC2 instances. The application needs to connect to ...MediumQ05A company has 50 AWS accounts managed by AWS Organizations. The IT team wants to implement a cent...Easy