ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Database - Specialty All Questions

View all questions & answers for the AWS Certified Database - Specialty exam
Go to Exam

Exam AWS Certified Database - Specialty topic 1 question 16 discussion

Exam question from Amazon's AWS Certified Database - Specialty
Question #: 16
Topic #: 1
[All AWS Certified Database - Specialty Questions]

A company is running a finance application on an Amazon RDS for MySQL DB instance. The application is governed by multiple financial regulatory agencies.
The RDS DB instance is set up with security groups to allow access to certain Amazon EC2 servers only. AWS KMS is used for encryption at rest.
Which step will provide additional security?

  • A. Set up NACLs that allow the entire EC2 subnet to access the DB instance
  • B. Disable the master user account
  • C. Set up a security group that blocks SSH to the DB instance
  • D. Set up RDS to use SSL for data in transit
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by jove at Nov. 24, 2021, 9:09 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
jove
Highly Voted 3 years, 6 months ago
Selected Answer: D
This needs to be corrected in the question: Instead of "AWS KMS is used to encrypt data in transit" it should be "AWS KMS is used to encrypt data at rest".
upvoted 18 times
...
Pranava_GCP
Most Recent 1 year, 8 months ago
Selected Answer: D
D. Set up RDS to use SSL for data in transit https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html "SSL/TLS connections provide a layer of security by encrypting data that moves between your client and DB instance. Optionally, your SSL/TLS connection can perform server identity verification by validating the server certificate installed on your DB instance."
upvoted 2 times
...
megramlak
2 years ago
D is the correct answer, in AWS RDS we cannot SSH into underlying instances
upvoted 2 times
...
im_not_robot
2 years, 4 months ago
Selected Answer: D
A is incorrect since it allows all ec2 instances can connect to db B is incorrect because it doesn't help security C is incorrect because security group doesn't have 'Deny' rule D is correct because the data is encrypted in transit
upvoted 1 times
...
vkruger
2 years, 6 months ago
Selected Answer: D
Correct answer is D
upvoted 1 times
...
novice_expert
3 years, 1 month ago
Selected Answer: D
SSL for data in transit
upvoted 1 times
...
tugboat
3 years, 3 months ago
Selected Answer: D
After text correct in Q, D is good for security in transit
upvoted 3 times
...
Sp230
3 years, 6 months ago
D set up ssl
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel