SAA-C03 · Question #672
SAA-C03 Question #672: Real Exam Question with Answer & Explanation
The correct answer is C: Create a snapshot of the unencrypted DB instance. Create an encrypted copy of the snapshot.. You cannot directly enable encryption on an existing unencrypted RDS DB instance. The correct approach is to create a snapshot of the unencrypted DB instance, then make an encrypted copy of that snapshot using an AWS KMS key. Afterward, restore a new DB instance from the encrypte
Question
A company is running an Amazon RDS for MySQL Multi-AZ DB instance for a business-critical workload. RDS encryption for the DB instance is disabled. A recent security audit concluded that all business-critical applications must encrypt data at rest. The company has asked its solutions architect to formulate a plan to accomplish this for the DB instance. Which process should the solutions architect recommend?
Options
- ACreate an encrypted snapshot of the unencrypted DB instance. Copy the encrypted snapshot to
- BCreate a new RDS for MySQL DB instance with encryption enabled. Restore the unencrypted
- CCreate a snapshot of the unencrypted DB instance. Create an encrypted copy of the snapshot.
- DTemporarily shut down the unencrypted DB instance. Enable AWS Key Management Service
Explanation
You cannot directly enable encryption on an existing unencrypted RDS DB instance. The correct approach is to create a snapshot of the unencrypted DB instance, then make an encrypted copy of that snapshot using an AWS KMS key. Afterward, restore a new DB instance from the encrypted snapshot. The new instance will have all data encrypted at rest while maintaining the original data and configuration.
Community Discussion
No community discussion yet for this question.