Topic 1 Question 121
A company is running an online transaction processing (OLTP) workload on AWS. This workload uses an unencrypted Amazon RDS DB instance in a Multi-AZ deployment. Daily database snapshots are taken from this instance. What should a solutions architect do to ensure the database and snapshots are always encrypted moving forward?
Encrypt a copy of the latest DB snapshot. Replace existing DB instance by restoring the encrypted snapshot.
Create a new encrypted Amazon Elastic Block Store (Amazon EBS) volume and copy the snapshots to it. Enable encryption on the DB instance.
Copy the snapshots and enable encryption using AWS Key Management Service (AWS KMS) Restore encrypted snapshot to an existing DB instance.
Copy the snapshots to an Amazon S3 bucket that is encrypted using server-side encryption with AWS Key Management Service (AWS KMS) managed keys (SSE-KMS).
ユーザの投票
コメント(17)
- 正解だと思う選択肢: A
"You can enable encryption for an Amazon RDS DB instance when you create it, but not after it's created. However, you can add encryption to an unencrypted DB instance by creating a snapshot of your DB instance, and then creating an encrypted copy of that snapshot. You can then restore a DB instance from the encrypted snapshot to get an encrypted copy of your original DB instance." https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/encrypt-an-existing-amazon-rds-for-postgresql-db-instance.html
👍 34123jhl02022/10/19 - 正解だと思う選択肢: A
You can't restore from a DB snapshot to an existing DB instance; a new DB instance is created when you restore.
👍 3kruasan2023/04/25 - 正解だと思う選択肢: A
I feel this is a bit tricky in the way the question is asked, but C implies that you are encrypting the snapshot. You are not. It is the DB that receives a KMS key upon restoring, but the snapshot is still unencrypted.
👍 2lfrad2023/01/09
シャッフルモード