Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam DBS-C01 Topic 3 Question 96 Discussion

Actual exam question for Amazon's DBS-C01 exam
Question #: 96
Topic #: 3
[All DBS-C01 Questions]

A healthcare company is running an application on Amazon EC2 in a public subnet and using Amazon DocumentDB (with MongoDB compatibility) as the storage layer. An audit reveals that the traffic between the application and Amazon DocumentDB is not encrypted and that the DocumentDB cluster is not encrypted at rest. A database specialist must correct these issues and ensure that the data in transit and the data at rest are encrypted.

Which actions should the database specialist take to meet these requirements? (Select TWO.)

Show Suggested Answer Hide Answer
Suggested Answer: B, C

Contribute your Thoughts:

Tawna
5 months ago
Haha, A and D? What is this, the 1990s? We're talking about a modern cloud database, not some ancient on-premise system.
upvoted 0 times
Whitney
4 months ago
E) Activate encryption at rest using the modify-db-cluster command with the ---storage-encrypted parameter set to true. Set the security group of the cluster to allow only the application instance's security group to connect.
upvoted 0 times
...
Deangelo
4 months ago
B) Download the SSL .pem public key for Amazon DocumentDB. Add the key to the application package and make sure the application is using the key while connecting to the cluster.
upvoted 0 times
...
...
Amber
5 months ago
Creating an Amazon DocumentDB VPC endpoint to control traffic sounds like a good idea too.
upvoted 0 times
...
Valentine
5 months ago
This is a no-brainer. C and E are the clear choices. Restoring an encrypted cluster and setting up encryption at rest - that's the way to go!
upvoted 0 times
...
Jeannetta
5 months ago
A and D? Seriously? Using SSH for database connections is just overkill. And a VPC endpoint won't encrypt the data itself.
upvoted 0 times
Eleonore
4 months ago
Exactly, focusing on encrypting the data itself and controlling access through security groups is the way to go.
upvoted 0 times
...
Donette
4 months ago
True, using SSH for database connections can be unnecessary. Encryption at rest and in transit are the key here.
upvoted 0 times
...
Marshall
5 months ago
E) Activate encryption at rest using the modify-db-cluster command with the ---storage-encrypted parameter set to true. Set the security group of the cluster to allow only the application instance's security group to connect.
upvoted 0 times
...
Matthew
5 months ago
B) Download the SSL .pem public key for Amazon DocumentDB. Add the key to the application package and make sure the application is using the key while connecting to the cluster.
upvoted 0 times
...
...
Anabel
5 months ago
We should also activate encryption at rest for the data in Amazon DocumentDB.
upvoted 0 times
...
Nichelle
5 months ago
I'm leaning towards B and E. The SSL certificate is important for secure communication, and encryption at rest is a must-have for sensitive data.
upvoted 0 times
Sharika
4 months ago
Yes, and encrypting data at rest adds an extra layer of security to protect sensitive information.
upvoted 0 times
...
Annelle
5 months ago
I agree, using the SSL certificate for secure communication is crucial.
upvoted 0 times
...
...
Alexis
5 months ago
Hmm, I think C and E are the correct options here. Encrypting the data at rest and in transit is crucial for maintaining data security.
upvoted 0 times
Nobuko
5 months ago
Yes, C and E seem like the best options to ensure the data is encrypted both in transit and at rest.
upvoted 0 times
...
Yolando
5 months ago
I agree, encrypting the data at rest and in transit is essential for security.
upvoted 0 times
...
...
Denny
5 months ago
I agree. We could download the SSL .pem public key for Amazon DocumentDB and update the application to use it.
upvoted 0 times
...
Tiffiny
6 months ago
I think we should definitely encrypt the traffic between the application and Amazon DocumentDB.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77