SCS-C02 · Question #19
SCS-C02 Question #19: Real Exam Question with Answer & Explanation
The correct answer is A: Create an AWS Config rule to detect the creation of unencrypted RDS databases. Create an. https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/automatically-remediate- unencrypted-amazon-rds-db-instances-and-clusters.html
Question
A company uses Amazon RDS for MySQL as a database engine for its applications. A recent security audit revealed an RDS instance that is not compliant with company policy for encrypting data at rest. A security engineer at the company needs to ensure that all existing RDS databases are encrypted using server-side encryption and that any future deviations from the policy are detected. Which combination of steps should the security engineer take to accomplish this? (Choose two.)
Options
- ACreate an AWS Config rule to detect the creation of unencrypted RDS databases. Create an
- BUse AWS System Manager State Manager to detect RDS database encryption configuration drift.
- CCreate a read replica for the existing unencrypted RDS database and enable replica encryption in
- DTake a snapshot of the unencrypted RDS database. Copy the snapshot and enable snapshot
- EEnable encryption for the identified unencrypted RDS instance by changing the configurations of
Explanation
https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/automatically-remediate- unencrypted-amazon-rds-db-instances-and-clusters.html
Community Discussion
No community discussion yet for this question.