Topic 1 Question 330
A company is planning to store data on Amazon RDS DB instances. The company must encrypt the data at rest.
What should a solutions architect do to meet this requirement?
Create a key in AWS Key Management Service (AWS KMS). Enable encryption for the DB instances.
Create an encryption key. Store the key in AWS Secrets Manager. Use the key to encrypt the DB instances.
Generate a certificate in AWS Certificate Manager (ACM). Enable SSL/TLS on the DB instances by using the certificate.
Generate a certificate in AWS Identity and Access Management (IAM). Enable SSL/TLS on the DB instances by using the certificate.
ユーザの投票
コメント(11)
- 正解だと思う選択肢: A
A. Create a key in AWS Key Management Service (AWS KMS). Enable encryption for the DB instances.
👍 2Bhawesh2023/02/17 - 正解だと思う選択肢: A
A is the correct solution to meet the requirement of encrypting the data at rest.
To encrypt data at rest in Amazon RDS, you can use the encryption feature of Amazon RDS, which uses AWS Key Management Service (AWS KMS). With this feature, Amazon RDS encrypts each database instance with a unique key. This key is stored securely by AWS KMS. You can manage your own keys or use the default AWS-managed keys. When you enable encryption for a DB instance, Amazon RDS encrypts the underlying storage, including the automated backups, read replicas, and snapshots.
👍 2LuckyAro2023/02/22 - 正解だと思う選択肢: A
Key Management Service. Secrets Manager is for database connection strings.
👍 2Steve_45426362023/03/03
シャッフルモード