A database is running on an Amazon RDS Multi-AZ DB instance. A recent security audit found the database to be out of compliance because it was not encrypted.
Which approach will resolve the encryption requirement?
A.
Log in to the RDS console and select the encryption box to encrypt the database.
B.
Create a new encrypted Amazon EBS volume and attach it to the instance.
C.
Encrypt the standby replica in the secondary Availability Zone and promote it to the primary instance.
D.
Take a snapshot of the RDS instance, copy and encrypt the snapshot, and then restore to the new RDS instance.
D. You can only encrypt an Amazon RDS DB instance when you create it, not after the DB instance is created.
However, because you can encrypt a copy of an unencrypted snapshot, you can effectively add encryption to an unencrypted DB instance. That is, you can create a snapshot of your DB instance, and then create an encrypted copy of that snapshot. You can then restore a DB instance from the encrypted snapshot, and thus you have an encrypted copy of your original DB instance.
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Xelnak
Highly Voted 5 months, 4 weeks agomichaldavid
Most Recent 5 months agoLiongeek
5 months, 4 weeks ago