DBS-C01 · Question #36
DBS-C01 Question #36: Real Exam Question with Answer & Explanation
The correct answer is D: Ensure that the connection is using SSL and is addressing the port where the RDS DB instance is. Explanation Option D is correct because the company mandates encryption in transit (SSL/TLS), and a "communications link failure" error - which persists despite password resets - strongly suggests the connection attempt is either not using SSL or is targeting the wrong port (e.g.
Question
A large financial services company requires that all data be encrypted in transit. A Developer is attempting to connect to an Amazon RDS DB instance using the company VPC for the first time with credentials provided by a Database Specialist. Other members of the Development team can connect, but this user is consistently receiving an error indicating a communications link failure. The Developer asked the Database Specialist to reset the password a number of times, but the error persists. Which step should be taken to troubleshoot this issue?
Options
- AEnsure that the database option group for the RDS DB instance allows ingress from the
- BEnsure that the RDS DB instance's subnet group includes a public subnet to allow the Developer
- CEnsure that the RDS DB instance has not reached its maximum connections limit
- DEnsure that the connection is using SSL and is addressing the port where the RDS DB instance is
Explanation
Explanation
Option D is correct because the company mandates encryption in transit (SSL/TLS), and a "communications link failure" error - which persists despite password resets - strongly suggests the connection attempt is either not using SSL or is targeting the wrong port (e.g., using the default unencrypted port instead of the SSL-enabled one). Since other team members connect successfully, the issue is specific to this developer's connection configuration, not the database itself.
Why the distractors are wrong:
- Option A is incorrect because option groups control database engine features (like plugins), not network ingress - that is controlled by security groups, and other developers can already connect successfully.
- Option B is incorrect because the RDS instance is within a company VPC and other developers connect fine, indicating the subnet configuration is not the problem.
- Option C is incorrect because a maximum connections error would produce a different error message, and it wouldn't selectively block only one user while allowing others.
Memory Tip 🔑
Think "SSL = port matters" - when a company enforces encryption in transit, always verify both that SSL is enabled in the connection string and that the correct SSL port is being used. If others can connect but you can't, and passwords aren't the issue, your connection configuration is the culprit, not the database.
Topics
Community Discussion
No community discussion yet for this question.