ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Database - Specialty All Questions

View all questions & answers for the AWS Certified Database - Specialty exam
Go to Exam

Exam AWS Certified Database - Specialty topic 1 question 4 discussion

Exam question from Amazon's AWS Certified Database - Specialty
Question #: 4
Topic #: 1
[All AWS Certified Database - Specialty Questions]

A company is deploying a solution in Amazon Aurora by migrating from an on-premises system. The IT department has established an AWS Direct Connect link from the company's data center. The company's Database Specialist has selected the option to require SSL/TLS for connectivity to prevent plaintext data from being set over the network. The migration appears to be working successfully, and the data can be queried from a desktop machine.
Two Data Analysts have been asked to query and validate the data in the new Aurora DB cluster. Both Analysts are unable to connect to Aurora. Their user names and passwords have been verified as valid and the Database Specialist can connect to the DB cluster using their accounts. The Database Specialist also verified that the security group configuration allows network from all corporate IP addresses.
What should the Database Specialist do to correct the Data Analysts' inability to connect?

  • A. Restart the DB cluster to apply the SSL change.
  • B. Instruct the Data Analysts to download the root certificate and use the SSL certificate on the connection string to connect.
  • C. Add explicit mappings between the Data Analysts' IP addresses and the instance in the security group assigned to the DB cluster.
  • D. Modify the Data Analysts' local client firewall to allow network traffic to AWS.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by chicagomassageseeker at July 7, 2020, 5:34 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Pranava_GCP
1 year, 8 months ago
Selected Answer: B
B. Instruct the Data Analysts to download the root certificate and use the SSL certificate on the connection string to connect. https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/ssl-certificate-rotation-aurora-postgresql.html
upvoted 3 times
...
SteveMartin9
2 years, 4 months ago
Author from the Udemy.com practice test says B is the correct answer.
upvoted 4 times
...
sirfans
2 years, 7 months ago
Selected Answer: B
B is the right one
upvoted 1 times
...
niteshdba
2 years, 8 months ago
B is the answer
upvoted 1 times
...
novice_expert
3 years, 1 month ago
Selected Answer: B
B. Instruct the Data Analysts to download the root certificate and use the SSL certificate on the connection string to connect. To connect using SSL: • Provide the SSLTrust certificate (can be downloaded from AWS) • Provide SSL options when connecting to database • Not using SSL on a DB that enforces SSL would result in error B - Need root certificate and then need to specify --sql-ca = cert.pem --ssl-mode=verify_identity for example mysql When the require_secure_transport parameter is set to ON for a DB cluster, a database client can connect to it if it can establish an encrypted connection. Otherwise, an error message similar to the following is returned to the client: MySQL Error 3159 (HY000): Connections using insecure transport are prohibited while --require_secure_transport=ON.
upvoted 2 times
...
RotterDam
3 years, 3 months ago
The answer is (B). what I am beginning to REALLY dislike about some of these questions is the terrible grammar. This question is very similar to another question bank where the Database specialist is able to connect to the Aurora Cluster. The english they are using is "Specialist MAY use their account to log in" - this is artificially vague. in the pressure of time - such english just leaves a bad taste and its clear many of the questions are not written by native english language speakers - which makes it frustrating
upvoted 3 times
...
Shunpin
3 years, 5 months ago
Selected Answer: B
My point: Usually, you have no privileges to modify local firewall policy in a big cooperate. In the question, it has mentioned the connection can be made from desktop that means local firewall rules allow to access RDS.
upvoted 3 times
...
aws4myself
3 years, 7 months ago
its B, SSL issue.
upvoted 1 times
...
guru_ji
3 years, 7 months ago
Correct Answer ==>> B
upvoted 1 times
...
Dr_Kiko
3 years, 7 months ago
B, you need a cert
upvoted 1 times
...
LMax
3 years, 7 months ago
Must be B, SSL issue.
upvoted 3 times
...
jnassp1
3 years, 7 months ago
B • To connect using SSL: • Provide the SSLTrust certificate (can be downloaded from AWS) • Provide SSL options when connecting to database • Not using SSL on a DB that enforces SSL would result in error
upvoted 1 times
...
jnassp1
3 years, 7 months ago
D is not right this. The questions is on SSL/TLS encryption in transit - B - Need root certificate and then need to specify --sql-ca = cert.pem --ssl-mode=verify_identity for example mysql
upvoted 1 times
...
myutran
3 years, 7 months ago
Ans: D
upvoted 1 times
...
Exia
3 years, 7 months ago
When the require_secure_transport parameter is set to ON for a DB cluster, a database client can connect to it if it can establish an encrypted connection. Otherwise, an error message similar to the following is returned to the client: MySQL Error 3159 (HY000): Connections using insecure transport are prohibited while --require_secure_transport=ON.
upvoted 1 times
...
Exia
3 years, 7 months ago
D. Aurora MySQL DB clusters must be created in an Amazon Virtual Private Cloud (VPC). To control which devices and Amazon EC2 instances can open connections to the endpoint and port of the DB instance for Aurora MySQL DB clusters in a VPC, you use a VPC security group. These endpoint and port connections can be made using Secure Sockets Layer (SSL). In addition, firewall rules at your company can control whether devices running at your company can open connections to a DB instance. https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Security.html
upvoted 2 times
...
goodh32
3 years, 7 months ago
Answer is B As SSL parameter can be used in string https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/ssl-certificate-rotation-aurora-postgresql.html
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel