ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 383 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 383
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company is designing a new application stack. The design includes web servers and backend servers that are hosted on Amazon EC2 instances. The design also includes an Amazon Aurora MySQL DB cluster.

The EC2 instances are in an Auto Scaling group that uses launch templates. The EC2 instances for the web layer and the backend layer are backed by Amazon Elastic Block Store (Amazon EBS) volumes. No layers are encrypted at rest. A security engineer needs to implement encryption at rest.

Which combination of steps will meet these requirements? (Choose two.)

  • A. Modify EBS default encryption setting in the target AWS Region to enable encryption. Use an Auto Scaling group instance refresh.
  • B. Modify the launch templates for the web layer and the backend layer to add AWS Certificate Manager (ACM) encryption for the attached EBS volumes. Use an Auto Scaling group instance refresh.
  • C. Create a new AWS Key Management Service (AWS KMS) encrypted DB cluster from a snapshot of the existing DB cluster.
  • D. Apply AWS Key Management Service (AWS KMS) encryption to the existing DB cluster.
  • E. Apply AWS Certificate Manager (ACM) encryption to the existing DB cluster.
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
by D2 at Nov. 28, 2022, 10:15 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Green53
1 year, 10 months ago
Selected Answer: AC
A/C B - You don't use ACM for encryption, it's KMS D - You can't encrypt an existing cluster, you need to snapshot, then encrypt with KMS E - Same as B
upvoted 1 times
...
Toptip
1 year, 11 months ago
Selected Answer: AC
A+C easy... you can restore an unencrypted snapshot to a NEW encrypted Aurora DB cluster.
upvoted 2 times
...
ITGURU51
2 years ago
The security engineer needs to implement and design a security solution that will encrypt data at rest. AC
upvoted 1 times
...
nairj
2 years, 1 month ago
A and C Whoever is selecting B has to understand ACM is not used for encryption at rest
upvoted 2 times
...
Teknoklutz
2 years, 4 months ago
Selected Answer: AC
You can not modify launch template so A and C
upvoted 2 times
...
must_be_rohit
2 years, 4 months ago
Selected Answer: AB
workload are provisioned uses launch template
upvoted 1 times
...
tainh
2 years, 5 months ago
Selected Answer: AC
A,C are correct
upvoted 3 times
...
D2
2 years, 5 months ago
AC Correct Details for A https://aws.amazon.com/premiumsupport/knowledge-center/ebs-automatic-encryption/
upvoted 4 times
Teknoklutz
2 years, 5 months ago
and For C - https://aws.amazon.com/blogs/database/securing-data-in-amazon-rds-using-aws-kms-encryption/
upvoted 4 times
secdaddy
2 years, 4 months ago
More support for C "You can't convert an unencrypted DB cluster to an encrypted one. However, you can restore an unencrypted snapshot to an encrypted Aurora DB cluster." https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Overview.Encryption.html
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago