ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Database - Specialty All Questions

View all questions & answers for the AWS Certified Database - Specialty exam
Go to Exam

Exam AWS Certified Database - Specialty topic 1 question 64 discussion

Exam question from Amazon's AWS Certified Database - Specialty
Question #: 64
Topic #: 1
[All AWS Certified Database - Specialty Questions]

A financial company wants to store sensitive user data in an Amazon Aurora PostgreSQL DB cluster. The database will be accessed by multiple applications across the company. The company has mandated that all communications to the database be encrypted and the server identity must be validated. Any non-SSL- based connections should be disallowed access to the database.
Which solution addresses these requirements?

  • A. Set the rds.force_ssl=0 parameter in DB parameter groups. Download and use the Amazon RDS certificate bundle and configure the PostgreSQL connection string with sslmode=allow.
  • B. Set the rds.force_ssl=1 parameter in DB parameter groups. Download and use the Amazon RDS certificate bundle and configure the PostgreSQL connection string with sslmode=disable.
  • C. Set the rds.force_ssl=0 parameter in DB parameter groups. Download and use the Amazon RDS certificate bundle and configure the PostgreSQL connection string with sslmode=verify-ca.
  • D. Set the rds.force_ssl=1 parameter in DB parameter groups. Download and use the Amazon RDS certificate bundle and configure the PostgreSQL connection string with sslmode=verify-full.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by BillyC at July 27, 2020, 2:27 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BillyC
Highly Voted 3 years, 8 months ago
ANS D is Correct!
upvoted 10 times
...
novice_expert
Highly Voted 3 years ago
Selected Answer: D
- in DB parameter groups: rds.force_ssl=1 (o=>false, 1=>true) -Download and use the Amazon RDS certificate bundle - configure the PostgreSQL connection string with sslmode=verify-full. https://jdbc.postgresql.org/documentation/head/ssl-client.html If sslmode=verify-ca, the server is verified by checking the certificate chain up to the root certificate stored on the client. If sslmode=verify-full, the server host name will be verified to make sure it matches the name stored in the server certificate.
upvoted 6 times
khchan123
3 years ago
Yes answer D.
upvoted 1 times
...
...
Pranava_GCP
Most Recent 1 year, 8 months ago
Selected Answer: D
Answer is D rds.force_ssl=1 to force ssl in RDS and sslmode=verify-full to encrypt the connection and validate server identity.
upvoted 2 times
...
tucobbad
2 years, 5 months ago
Selected Answer: D
Ans is D rds.force_ssl=1 to force ssl in RDS and sslmode=verify-full to encrypt the connection and validate server identity.
upvoted 3 times
...
guru_ji
3 years, 6 months ago
Correct Answer ==>> D
upvoted 1 times
...
myutran
3 years, 6 months ago
Ans: D
upvoted 2 times
...
JobinAkaJoe
3 years, 7 months ago
D indeed is the right choice
upvoted 1 times
...
Ashoks
3 years, 7 months ago
yes. it is D
upvoted 2 times
...
firbhat
3 years, 8 months ago
ANS: D PostgreSQL: sslrootcert=rds-cert.pem sslmode=[verify-ca | verify-full]
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel