ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Database - Specialty All Questions

View all questions & answers for the AWS Certified Database - Specialty exam
Go to Exam

Exam AWS Certified Database - Specialty topic 1 question 8 discussion

Exam question from Amazon's AWS Certified Database - Specialty
Question #: 8
Topic #: 1
[All AWS Certified Database - Specialty Questions]

A financial services company is developing a shared data service that supports different applications from throughout the company. A Database Specialist designed a solution to leverage Amazon ElastiCache for Redis with cluster mode enabled to enhance performance and scalability. The cluster is configured to listen on port 6379.
Which combination of steps should the Database Specialist take to secure the cache data and protect it from unauthorized access? (Choose three.)

  • A. Enable in-transit and at-rest encryption on the ElastiCache cluster.
  • B. Ensure that Amazon CloudWatch metrics are configured in the ElastiCache cluster.
  • C. Ensure the security group for the ElastiCache cluster allows all inbound traffic from itself and inbound traffic on TCP port 6379 from trusted clients only.
  • D. Create an IAM policy to allow the application service roles to access all ElastiCache API actions.
  • E. Ensure the security group for the ElastiCache clients authorize inbound TCP port 6379 and port 22 traffic from the trusted ElastiCache cluster's security group.
  • F. Ensure the cluster is created with the auth-token parameter and that the parameter is used in all subsequent commands.
Show Suggested Answer Hide Answer
Suggested Answer: ACF 🗳️
by cynthiacy at Dec. 1, 2021, 5:06 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Pranava_GCP
1 year, 8 months ago
Selected Answer: ACF
ACF are correct A refer to https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/encryption.html F refers to https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/auth.html
upvoted 2 times
...
mraronsimon
1 year, 11 months ago
Selected Answer: ACF
ACF is correct because those are preventive protection B - not preventive D - what about non-IAM-based connections? :) E - client-server architecture -> always the client initiates the connection! The cluster needs SG to prevent connections from unexpected sources and on unexpected ports, instead of clients...
upvoted 1 times
...
ken_test1234
2 years, 2 months ago
ACF is the correct answer
upvoted 1 times
...
SteveMartin9
2 years, 4 months ago
Selected Answer: ACF
Author from the Udemy.com practice test says ACF is the correct answer.
upvoted 3 times
...
SachinGoel
2 years, 4 months ago
Selected Answer: ACF
ACF is right choice
upvoted 1 times
...
sju
2 years, 5 months ago
Why A, if data is encrypted, it will remain confidentials but open for manipulation as you can delete it. Encryption can give confidentiality but can't gurantee integrity.
upvoted 1 times
...
Sab
2 years, 6 months ago
Elasticache for Redis 7.0 now support IAM authentication through users and roles.
upvoted 1 times
...
novice_expert
3 years, 1 month ago
Selected Answer: ACF
A. Enable in-transit and at-rest encryption on the ElastiCache cluster. x B. why CloudWatch ? C. Ensure the security group for the ElastiCache cluster allows all inbound traffic from itself and inbound traffic on TCP port 6379 from trusted clients only. x why all API? D. Create an IAM policy to allow the application service roles to access all ElastiCache API actions. x why 22? E. Ensure the security group for the ElastiCache clients authorize inbound TCP port 6379 and port 22 traffic from the trusted ElastiCache cluster's security group. F. Ensure the cluster is created with the auth-token parameter and that the parameter is used in all subsequent commands.
upvoted 4 times
...
soyyodario
3 years, 4 months ago
Selected Answer: ACF
ACF are the correct E Why do you need port 22?
upvoted 2 times
...
2025flakyt
3 years, 6 months ago
ADF are the correct options
upvoted 1 times
...
2025flakyt
3 years, 6 months ago
Ensure the security group for the ElastiCache cluster allows all inbound traffic from itself is only needed when you launched your ElastiCache instance in EC2 Classic. so C is not a valid option
upvoted 1 times
jove
3 years, 5 months ago
These questions are not for up to date versions. When this question was added the most likely the EC2-Classic was still very much available. My choice is ACF
upvoted 1 times
...
2025flakyt
3 years, 6 months ago
The following is needed to protect ElastiCache Use multi-factor authentication (MFA) with each account. Use SSL/TLS to communicate with AWS resources. Set up API and user activity logging with AWS CloudTrail. Use AWS encryption solutions, along with all default security controls within AWS services. Use advanced managed security services such as Amazon Macie, which assists in discovering and securing personal data that is stored in Amazon S3.
upvoted 2 times
...
...
cynthiacy
3 years, 6 months ago
ACF. F refers to https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/encryption.html
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel