ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Database - Specialty All Questions

View all questions & answers for the AWS Certified Database - Specialty exam
Go to Exam

Exam AWS Certified Database - Specialty topic 1 question 26 discussion

Exam question from Amazon's AWS Certified Database - Specialty
Question #: 26
Topic #: 1
[All AWS Certified Database - Specialty Questions]

A media company is using Amazon RDS for PostgreSQL to store user data. The RDS DB instance currently has a publicly accessible setting enabled and is hosted in a public subnet. Following a recent AWS Well-Architected Framework review, a Database Specialist was given new security requirements.
✑ Only certain on-premises corporate network IPs should connect to the DB instance.
✑ Connectivity is allowed from the corporate network only.
Which combination of steps does the Database Specialist need to take to meet these new requirements? (Choose three.)

  • A. Modify the pg_hba.conf file. Add the required corporate network IPs and remove the unwanted IPs.
  • B. Modify the associated security group. Add the required corporate network IPs and remove the unwanted IPs.
  • C. Move the DB instance to a private subnet using AWS DMS.
  • D. Enable VPC peering between the application host running on the corporate network and the VPC associated with the DB instance.
  • E. Disable the publicly accessible setting.
  • F. Connect to the DB instance using private IPs and a VPN.
Show Suggested Answer Hide Answer
Suggested Answer: BEF 🗳️
by [deleted] at July 11, 2020, 11:51 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ebi
Highly Voted 3 years, 10 months ago
Answer is BEF Database does not need to be in private subnet (there is no requirement in the question) disabling public accessibility will remove public IP address associated from the instance.
upvoted 14 times
...
ChauPhan
Highly Voted 3 years, 9 months ago
B E F are the answers. D is not correct because there is on-premise network, VPC peering is for AWS VPC - AWS VPC C is not correct. DMS is using for DB migration, not subnet modification
upvoted 8 times
guru_ji
3 years, 9 months ago
Correct Answer ==>> B,E,F
upvoted 1 times
...
...
IhorK
Most Recent 2 years ago
Selected Answer: BEF
https://kloudle.com/academy/how-to-restrict-access-to-your-publicly-accessible-rds-instance/ After publicly accessible setting disable no need to move the DB instance to a private subnet. We do not change the conf file settings, instead we change the security group where we configure the IP addresses from which access is required. VPC peering only inside AWS. You need to select the third item, nothing but "Connect to the DB instance using private IPs and a VPN" is suitable.
upvoted 1 times
...
ankurlibra
2 years, 5 months ago
BEF for sure
upvoted 1 times
...
novice_expert
3 years, 3 months ago
Selected Answer: BEF
x A. RDS you don't edit config files directly B. Modify the security group. Add the required corporate network IPs and remove the unwanted IPs x C. sunet change by DMS? x D. VPC peering is within AWS only E. disable publicly accessible F. .Connect to the DB instance using private IPs and a VPN.
upvoted 1 times
kush_sumit
3 years ago
You cant ssh directly into rds how would you connect using private IP's?
upvoted 1 times
...
...
RotterDam
3 years, 4 months ago
Selected Answer: BEF
1) Security Groups HAS to be done to restrict DB access to specific IPS 2) Public accessibility has to be removed 3) Corp to AWS VPN has to be enabled to secure traffic
upvoted 2 times
...
tugboat
3 years, 5 months ago
Selected Answer: BEF
agree with others
upvoted 2 times
...
awsmonster
3 years, 6 months ago
F is incorrect. RDS uses endpoint, not IP address. I vote for BCE
upvoted 3 times
...
GMartinelli
3 years, 8 months ago
Selected Answer: BEF
B, E & F
upvoted 3 times
...
manan728
3 years, 9 months ago
B,C and E are correct. You need to migrate the database to private subnet before you can disable the publicly accessible setting in the console.
upvoted 2 times
...
Windy
3 years, 9 months ago
BEF for me
upvoted 3 times
...
myutran
3 years, 9 months ago
Ans: BEF
upvoted 3 times
...
JobinAkaJoe
3 years, 9 months ago
I will go with BEF. Ideally db should be moved to private subnet.But using DMS for that makes C a wrong choice
upvoted 4 times
...
kilkar
3 years, 9 months ago
BDF https://aws.amazon.com/premiumsupport/knowledge-center/rds-connectivity-instance-subnet-vpc/ https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html
upvoted 1 times
ChauPhan
3 years, 9 months ago
VPC peering is between AWS VPCs, not between on-primise network and AWS VPC
upvoted 1 times
...
...
[Removed]
3 years, 9 months ago
F- Connect to DB instance using VPC peering - At which point in this question does it mention the need to connect to other VPC's? Best practices in AWS doco state that (see the Note) - - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html#USER_VPC.Hiding
upvoted 1 times
...
Ashoks
3 years, 9 months ago
B,C,E,F are probable answers. C - database needs to moved private to public subnet, however, migration can be done through snapshot instead dms. So BEF would be the answers
upvoted 2 times
...
Manmohan
3 years, 9 months ago
BEF for me
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel