Exam4Training

A company currently operates a web application backed by an Amazon RDS MySQL database It has automated backups that are run daily and are not encrypted A security audit requires future backups to be encrypted and the unencrypted backups to be destroyed The company will make at least one encrypted backup before destroying the old backups

A company currently operates a web application backed by an Amazon RDS MySQL database It has automated backups that are run daily and are not encrypted A security audit requires future backups to be encrypted and the unencrypted backups to be destroyed The company will make at least one encrypted backup before destroying the old backups

What should be done to enable encryption for future backups”
A . Enable default encryption for the Amazon S3 bucket where backups are stored
B . Modify the backup section of the database configuration to toggle the Enable encryption check box
C . Create a snapshot of the database Copy it to an encrypted snapshot Restore the database from the encrypted snapshot
D . Enable an encrypted read replica on RDS for MySQL Promote the encrypted read replica to primary Remove the original database instance

Answer: C

Explanation:

However, because you can encrypt a copy of an unencrypted DB snapshot, you can effectively add encryption to an unencrypted DB instance. That is, you can create a snapshot of your DB instance, and then create an encrypted copy of that snapshot. You can then restore a DB instance from the encrypted snapshot, and thus you have an encrypted copy of your original DB instance

DB instances that are encrypted can’t be modified to disable encryption.

You can’t have an encrypted read replica of an unencrypted DB instance or an unencrypted read replica of an encrypted DB instance.

Encrypted read replicas must be encrypted with the same key as the source DB instance when both are in the same AWS Region.

You can’t restore an unencrypted backup or snapshot to an encrypted DB instance.

To copy an encrypted snapshot from one AWS Region to another, you must specify the KMS key identifier of the destination AWS Region. This is because KMS encryption keys are specific to the AWS Region that they are created in.

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html

Latest SAA-C02 Dumps Valid Version with 230 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Exit mobile version