DVA-C02 · Question #745
DVA-C02 Question #745: Real Exam Question with Answer & Explanation
The correct answer is C: Restore the DB instance from the encrypted snapshot.. Amazon RDS does not support enabling encryption at rest on an existing DB instance directly. To encrypt an unencrypted DB: - take a snapshot of the existing (unencrypted) DB instance and create an encrypted copy of that - restore a new DB instance from the encrypted snapshot. The
Question
A company maintains an application that uses an Amazon RDS DB instance for its database. A developer needs to implement encryption at rest for the database. Which combination of steps should the developer take to meet this requirement? (Choose two.)
Options
- AEnable encryption on the DB instance in the AWS Management Console.
- BStop the DB instance
- CRestore the DB instance from the encrypted snapshot.
- DTake a snapshot of the DB instance, and create an encrypted copy of the snapshot
- ECreate a customer managed key in AWS KMS
Explanation
Amazon RDS does not support enabling encryption at rest on an existing DB instance directly. To encrypt an unencrypted DB: - take a snapshot of the existing (unencrypted) DB instance and create an encrypted copy of that - restore a new DB instance from the encrypted snapshot. The new instance will have encryption at rest enabled.
Community Discussion
No community discussion yet for this question.