Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam DBS-C01 Topic 4 Question 82 Discussion

Actual exam question for Amazon's DBS-C01 exam
Question #: 82
Topic #: 4
[All DBS-C01 Questions]

A company uses an Amazon Redshift cluster to run its analytical workloads. Corporate policy requires that the company's data be encrypted at rest with customer managed keys. The company's disaster recovery plan requires that backups of the cluster be copied into another AWS Region on a regular basis.

How should a database specialist automate the process of backing up the cluster data in compliance with these policies?

Show Suggested Answer Hide Answer
Suggested Answer: B

According to the Amazon Redshift documentation1, you can enable database encryption for your clusters to help protect data at rest. You can use either AWS Key Management Service (AWS KMS) or a hardware security module (HSM) to manage the top-level encryption keys in this hierarchy. The process that Amazon Redshift uses for encryption differs depending on how you manage keys.

To copy encrypted snapshots across Regions, you need to create a snapshot copy grant in the destination Region and specify a CMK in that Region. You also need to configure cross-Region snapshots in the source Region and provide the destination Region, the snapshot copy grant, and retention periods for the snapshots. This way, you can automate the process of backing up the cluster data in compliance with the corporate policies.


Contribute your Thoughts:

Vincent
8 months ago
I'm not a big fan of option A. Copying the KMS key between regions just sounds like a security nightmare waiting to happen.
upvoted 0 times
...
Susana
8 months ago
Option C is also interesting, using S3 buckets and cross-region replication. That way we don't have to worry about copying the KMS key itself.
upvoted 0 times
...
Margo
8 months ago
Haha, yeah, no kidding. Imagine if someone accidentally deleted that key - goodbye data!
upvoted 0 times
...
Thora
8 months ago
Hmm, this is a tricky question. We need to make sure the backup process is fully compliant with the company's policies on data encryption and cross-region backups.
upvoted 0 times
Natalya
8 months ago
C
upvoted 0 times
...
Annabelle
8 months ago
B
upvoted 0 times
...
Cassi
8 months ago
A
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77