ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 654 discussion

Exam question from Amazon's AWS-SysOps
Question #: 654
Topic #: 1
[All AWS-SysOps Questions]

A database is running on an Amazon RDS Multi-AZ DB instance. A recent security audit found the database to be out of compliance because it was not encrypted.
Which approach will resolve the encryption requirement?

  • A. Log in to the RDS console and select the encryption box to encrypt the database.
  • B. Create a new encrypted Amazon EBS volume and attach it to the instance.
  • C. Encrypt the standby replica in the secondary Availability Zone and promote it to the primary instance.
  • D. Take a snapshot of the RDS instance, copy and encrypt the snapshot, and then restore to the new RDS instance.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by coolboylqy at Sept. 19, 2019, 2:52 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
coolboylqy
Highly Voted 1 year, 7 months ago
should be D. https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html#Overview.Encryption.Enabling
upvoted 19 times
...
mukeshs
Highly Voted 1 year, 7 months ago
It should be D. https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html#Overview.Encryption.Enabling You can only enable encryption for an Amazon RDS DB instance when you create it, not after the DB instance is created. However, because you can encrypt a copy of an unencrypted DB snapshot, you can effectively add encryption to an unencrypted DB instance. That is, you can create a snapshot of your DB instance, and then create an encrypted copy of that snapshot. You can then restore a DB instance from the encrypted snapshot, and thus you have an encrypted copy of your original DB instance.
upvoted 9 times
...
Shruti09753
Most Recent 6 months ago
Should be D
upvoted 1 times
...
aidenpearce01
1 year, 1 month ago
Selected Answer: D
I choose D, this is common question in SAA
upvoted 1 times
...
asfsdfsdf
1 year, 2 months ago
Selected Answer: D
D is the correct answer - Enc can be enabled only when a DB is created. Also you cant encrypt a read-replica of an undecrypted RDS primary source
upvoted 2 times
...
Cyril_the_Squirl
1 year, 6 months ago
D is correct. There is no option in the console to encrypt a db instance. But you can create replica and encrypt it
upvoted 1 times
...
RicardoD
1 year, 6 months ago
D is the answer
upvoted 2 times
...
abhishek_m_86
1 year, 6 months ago
D. Take a snapshot of the RDS instance, copy and encrypt the snapshot, and then restore to the new RDS instance.
upvoted 3 times
...
jackdryan
1 year, 6 months ago
I'll go with D
upvoted 3 times
...
allanon
1 year, 6 months ago
You can only enable encryption for an Amazon RDS DB instance when you create it, not after the DB instance is created. However, because you can encrypt a copy of an unencrypted snapshot, you can effectively add encryption to an unencrypted DB instance. That is, you can create a snapshot of your DB instance, and then create an encrypted copy of that snapshot. You can then restore a DB instance from the encrypted snapshot, and thus you have an encrypted copy of your original DB instance.
upvoted 2 times
...
MFDOOM
1 year, 6 months ago
D. Take a snapshot of the RDS instance, copy and encrypt the snapshot, and then restore to the new RDS instance.
upvoted 4 times
...
waterzhong
1 year, 6 months ago
It should be D.
upvoted 3 times
...
KhatriRocks
1 year, 6 months ago
D is correct
upvoted 2 times
...
MrKhan
1 year, 6 months ago
You cannot encrypt RDS once it is created, so D is the correct Answer.
upvoted 3 times
...
AWS_Noob
1 year, 6 months ago
D - encrypting an existing RDS follows the same rule as if you wish to encrypt an existing EBS volume
upvoted 2 times
...
karmaah
1 year, 7 months ago
Encryption should be always in place while creating db itself. so D.
upvoted 2 times
...
saumenP
1 year, 7 months ago
D is correct
upvoted 8 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago