Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam DBS-C01 Topic 1 Question 89 Discussion

Actual exam question for Amazon's DBS-C01 exam
Question #: 89
Topic #: 1
[All DBS-C01 Questions]

A company uses an Amazon Redshift cluster to run its analytical workloads. Corporate policy requires that the company's data be encrypted at rest with customer managed keys. The company's disaster recovery plan requires that backups of the cluster be copied into another AWS Region on a regular basis.

How should a database specialist automate the process of backing up the cluster data in compliance with these policies?

Show Suggested Answer Hide Answer
Suggested Answer: B

According to the Amazon Redshift documentation1, you can enable database encryption for your clusters to help protect data at rest. You can use either AWS Key Management Service (AWS KMS) or a hardware security module (HSM) to manage the top-level encryption keys in this hierarchy. The process that Amazon Redshift uses for encryption differs depending on how you manage keys.

To copy encrypted snapshots across Regions, you need to create a snapshot copy grant in the destination Region and specify a CMK in that Region. You also need to configure cross-Region snapshots in the source Region and provide the destination Region, the snapshot copy grant, and retention periods for the snapshots. This way, you can automate the process of backing up the cluster data in compliance with the corporate policies.


Contribute your Thoughts:

Mitzie
5 months ago
That's a good point. Maybe option C is the way to go after all.
upvoted 0 times
...
Noe
5 months ago
That's true, but configuring cross-Region snapshots with S3 replication in option C provides redundancy.
upvoted 0 times
...
Berry
5 months ago
But wouldn't copying the KMS key to the destination Region be more secure?
upvoted 0 times
...
Mitzie
6 months ago
I'm leaning towards option D because it seems simpler to manage.
upvoted 0 times
...
Noe
6 months ago
I disagree, I believe option C is more suitable for our needs.
upvoted 0 times
...
Berry
6 months ago
I think option B is the best choice.
upvoted 0 times
...
Jacki
6 months ago
I think option C is the most secure option as it involves replicating the snapshots with specified KMS key IDs.
upvoted 0 times
...
Catina
6 months ago
But with option C, we can use EventBridge to automate the process with Lambda function.
upvoted 0 times
...
Matt
6 months ago
I prefer option A. It's more straightforward to copy the key and use AWS Glue job.
upvoted 0 times
...
Frederic
7 months ago
I agree with Option C seems to be the most efficient solution.
upvoted 0 times
...
Catina
7 months ago
I think option C is the best choice.
upvoted 0 times
...
An
8 months ago
Yeah, I like the elegance of option C as well. Leveraging existing AWS services like Eventbridge, Lambda, and S3 replication makes a lot of sense here.
upvoted 0 times
...
Levi
8 months ago
I'm leaning towards option C. Using EventBridge and Lambda to automate the snapshot process, along with S3 Cross-Region Replication, seems like a robust and comprehensive solution.
upvoted 0 times
...
Edna
8 months ago
Hmm, I'm leaning towards option C. Copying the KMS key to the destination region and using S3 Cross-Region Replication seems like a robust and automated solution.
upvoted 0 times
Kristal
7 months ago
I agree, it's important to have a secure and automated backup process in place.
upvoted 0 times
...
Rosendo
7 months ago
Yeah, having the KMS key in both regions and using Lambda to copy the snapshots sounds efficient.
upvoted 0 times
...
Jaime
7 months ago
Option C seems like a good choice. Using S3 Cross-Region Replication can help automate the process.
upvoted 0 times
...
...
Willodean
8 months ago
I agree. The key is to properly set up the KMS keys and configure the cross-region snapshot replication. It's a good thing they're giving us multiple options to consider.
upvoted 0 times
...
Willie
8 months ago
You know, I'm a little concerned about the complexity of some of these solutions. Wouldn't it be simpler to just backup to an S3 bucket and let S3 handle the encryption and replication?
upvoted 0 times
...
Suzan
8 months ago
That's a good point. Option D does seem more straightforward in terms of the key management. But I'm not sure if that fully meets the requirement of using 'customer-managed' keys in both regions.
upvoted 0 times
...
Leslee
8 months ago
I think option B is the way to go. Creating a new KMS key in the destination Region and configuring cross-Region snapshots seems like the most straightforward approach.
upvoted 0 times
...
Buddy
8 months ago
Oh man, I hope they don't ask us to explain the intricacies of AWS KMS and cross-Region replication. That stuff always makes my head spin.
upvoted 0 times
Marci
7 months ago
Option D could work too, as long as the CMK is properly configured.
upvoted 0 times
...
Lezlie
7 months ago
D
upvoted 0 times
...
Josefa
7 months ago
I'm leaning towards option C because it involves using Amazon EventBridge and S3 Cross-Region Replication.
upvoted 0 times
...
Arlene
8 months ago
C
upvoted 0 times
...
Timothy
8 months ago
But option A also seems like a viable solution.
upvoted 0 times
...
Julio
8 months ago
A
upvoted 0 times
...
Glennis
8 months ago
I think option B sounds like the best choice.
upvoted 0 times
...
Wilford
8 months ago
B
upvoted 0 times
...
...
Yvonne
8 months ago
Hmm, this is a tricky one. We need to make sure the backup process is fully automated and complies with the company's data encryption and disaster recovery policies.
upvoted 0 times
...
Mariko
8 months ago
This is a great question that really tests our understanding of AWS Redshift backup and encryption best practices. I'm feeling confident about this one.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77