ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Database - Specialty All Questions

View all questions & answers for the AWS Certified Database - Specialty exam
Go to Exam

Exam AWS Certified Database - Specialty topic 1 question 258 discussion

Exam question from Amazon's AWS Certified Database - Specialty
Question #: 258
Topic #: 1
[All AWS Certified Database - Specialty Questions]

A company is running a blogging platform. A security audit determines that the Amazon RDS DB instance that is used by the platform is not configured to encrypt the data at rest. The company must encrypt the DB instance within 30 days.
What should a database specialist do to meet this requirement with the LEAST amount of downtime?

  • A. Create a read replica of the DB instance, and enable encryption. When the read replica is available, promote the read replica and update the endpoint that is used by the application. Delete the unencrypted DB instance.
  • B. Take a snapshot of the DB instance. Make an encrypted copy of the snapshot. Restore the encrypted snapshot. When the new DB instance is available, update the endpoint that is used by the application. Delete the unencrypted DB instance.
  • C. Create a new encrypted DB instance. Perform an initial data load, and set up logical replication between the two DB instances When the new DB instance is in sync with the source DB instance, update the endpoint that is used by the application. Delete the unencrypted DB instance.
  • D. Convert the DB instance to an Amazon Aurora DB cluster, and enable encryption. When the DB cluster is available, update the endpoint that is used by the application to the cluster endpoint. Delete the unencrypted DB instance.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by mbar94 at Sept. 8, 2022, 10:13 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Changwha
Highly Voted 2 years, 8 months ago
Selected Answer: C
When the new, encrypted copy of the DB instance becomes available, you can point your applications to the new database. However, if your project doesn’t allow for significant downtime for this activity, you need an alternate approach that helps minimize the downtime. This pattern uses the AWS Database Migration Service (AWS DMS) to migrate and continuously replicate the data so that the cutover to the new, encrypted database can be done with minimal downtime.
upvoted 5 times
...
Pranava_GCP
Most Recent 1 year, 9 months ago
Selected Answer: C
C. Create a new encrypted DB instance. Perform an initial data load, and set up logical replication between the two DB instances When the new DB instance is in sync with the source DB instance, update the endpoint that is used by the application. Delete the unencrypted DB instance. "However, if your project doesn’t allow for significant downtime for this activity, you need an alternate approach that helps minimize the downtime. This pattern uses the AWS Database Migration Service (AWS DMS) to migrate and continuously replicate the data so that the cutover to the new, encrypted database can be done with minimal downtime. " https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/encrypt-an-existing-amazon-rds-for-postgresql-db-instance.html
upvoted 1 times
...
aviathor
2 years ago
Selected Answer: C
B would work too, but there would be (significantly) more downtime.
upvoted 2 times
...
redman50
2 years, 2 months ago
Selected Answer: B
It says : the LEAST amount of downtime. Creating a replication is much more effort than copying the snapshot. So it is B.
upvoted 2 times
Isio05
1 year, 10 months ago
It's not about effort but downtime. B has more downtime than C. Thus C is the correct answer
upvoted 3 times
...
...
rags1482
2 years, 7 months ago
https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/encrypt-an-existing-amazon-rds-for-postgresql-db-instance.html Answer : B
upvoted 3 times
Germaneli
1 year, 8 months ago
Given the above link, it would be B. "However, if your project doesn’t allow for significant downtime for this activity, you need an alternate approach that helps minimize the downtime. This pattern uses the AWS Database Migration Service (AWS DMS) to migrate and continuously replicate the data so that the cutover to the new, encrypted database can be done with minimal downtime." That leads to C.
upvoted 1 times
...
...
awsjjj
2 years, 7 months ago
Selected Answer: C
minimum downtime. https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/encrypt-an-existing-amazon-rds-for-postgresql-db-instance.html
upvoted 2 times
...
cloudsunriser
2 years, 8 months ago
Selected Answer: C
Solution expects minimal downtime. https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/encrypt-an-existing-amazon-rds-for-postgresql-db-instance.html
upvoted 3 times
...
SonamDhingra
2 years, 8 months ago
Selected Answer: B
B is correct
upvoted 1 times
...
gairaj
2 years, 9 months ago
Selected Answer: B
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html#Overview.Encryption.Enabling
upvoted 3 times
...
hcltechaws
2 years, 9 months ago
My choice is B
upvoted 3 times
...
mbar94
2 years, 9 months ago
Selected Answer: C
Agree with C.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel