ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified SysOps Administrator - Associate All Questions

View all questions & answers for the AWS Certified SysOps Administrator - Associate exam
Go to Exam

Exam AWS Certified SysOps Administrator - Associate topic 1 question 204 discussion

Exam question from Amazon's AWS Certified SysOps Administrator - Associate
Question #: 204
Topic #: 1
[All AWS Certified SysOps Administrator - Associate Questions]

A company is hosting applications on Amazon EC2 instances. The company is hosting a database on an Amazon RDS for PostgreSQL DB instance. The company requires all connections to the DB instance to be encrypted.

What should a SysOps administrator do to meet this requirement?

  • A. Allow SSL connections to the database by using an inbound security group rule.
  • B. Encrypt the database by using an AWS Key Management Service (AWS KMS) encryption key.
  • C. Enforce SSL connections to the database by using a custom parameter group.
  • D. Patch the database with SSL/TLS by using a custom PostgreSQL extension.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by beznika at Dec. 9, 2022, 1:57 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Christina666
Highly Voted 11 months, 2 weeks ago
Selected Answer: C
C. Enforce SSL connections to the database by using a custom parameter group. Explanation: Enforcing SSL connections to the database is the appropriate way to ensure that all connections between the application and the Amazon RDS for PostgreSQL DB instance are encrypted. This can be achieved using a custom parameter group, which allows you to configure specific database settings. When you enforce SSL connections, the PostgreSQL server will require clients to use SSL when connecting. This ensures that all data transmitted between the application and the database is encrypted, providing an additional layer of security for sensitive information. Options A, B, and D are not directly related to enforcing SSL connections for the database:
upvoted 5 times
Christina666
11 months, 2 weeks ago
A. Allowing SSL connections to the database through an inbound security group rule would only control network access to the database. While it's a good practice to restrict access, this option alone does not enforce encryption on the connections. B. Encrypting the database using AWS Key Management Service (AWS KMS) encryption key is a good practice for data-at-rest encryption, but it does not specifically enforce SSL connections for network communication between the application and the database. D. Patching the database with SSL/TLS by using a custom PostgreSQL extension is not the correct approach. SSL/TLS support is usually built into the PostgreSQL database, and you should not need to patch it with a custom extension for this purpose. Instead, you can enforce SSL connections through the custom parameter group.
upvoted 6 times
...
...
guau
Most Recent 1 year ago
C, not sure if restart is required but is c
upvoted 2 times
...
zolthar_z
1 year, 6 months ago
Selected Answer: C
yeap, C is the answer: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html
upvoted 3 times
...
beznika
1 year, 7 months ago
C looks ok https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL.Concepts.General.SSL.html
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel