aws-certified-database-specialty-dbs-c01 question 228 discussion
View all AWS Certified Database - Specialty here
back to amazon forumQuestion 228
A finance company migrated its 3 on-premises PostgreSQL database to an Amazon Aurora PostgreSQL DB cluster.
During a review after the migration, a database specialist discovers that the database is not encrypted at rest. The database
must be encrypted at rest as soon as possible to meet security requirements. The database specialist must enable
encryption for the DB cluster with minimal downtime.
Which solution will meet these requirements?
- A. Modify the unencrypted DB cluster using the AWS Management Console. Enable encryption and choose to apply the change immediately.
- B. Take a snapshot of the unencrypted DB cluster and restore it to a new DB cluster with encryption enabled. Update any database connection strings to reference the new DB cluster endpoint, and then delete the unencrypted DB cluster.
- C. Create an encrypted Aurora Replica of the unencrypted DB cluster. Promote the Aurora Replica as the new master.
- D. Create a new DB cluster with encryption enabled and use the pg_dump and pg_restore utilities to load data to the new DB cluster. Update any database connection strings to reference the new DB cluster endpoint, and then delete the unencrypted DB cluster.
Answer:
A
Explanation:
To enable encryption for a new DB cluster, choose Enable encryption on the console. For information on creating a DB
cluster.
Reference: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Overview.Encryption.html
You can't convert an unencrypted DB cluster to an encrypted one. However, you can restore an unencrypted snapshot to an encrypted Aurora DB cluster. To do this, specify a KMS key when you restore from the unencrypted snapshot.