Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam DBS-C01 Topic 6 Question 94 Discussion

Actual exam question for Amazon's DBS-C01 exam
Question #: 94
Topic #: 6
[All DBS-C01 Questions]

A healthcare company is running an application on Amazon EC2 in a public subnet and using Amazon DocumentDB (with MongoDB compatibility) as the storage layer. An audit reveals that the traffic between the application and Amazon DocumentDB is not encrypted and that the DocumentDB cluster is not encrypted at rest. A database specialist must correct these issues and ensure that the data in transit and the data at rest are encrypted.

Which actions should the database specialist take to meet these requirements? (Select TWO.)

Show Suggested Answer Hide Answer
Suggested Answer: B, C

Contribute your Thoughts:

Wynell
5 months ago
I like how C and E both focus on encrypting the data, either by restoring or modifying the cluster. Seems like the most robust solutions to the problem.
upvoted 0 times
...
Dorthy
6 months ago
Ha! Downloading an SSH key for a managed service like DocumentDB? That's like trying to dig a tunnel to China. Definitely not the right way to go about this.
upvoted 0 times
Essie
5 months ago
B: E) Activate encryption at rest using the modify-db-cluster command with the ---storage-encrypted parameter set to true. Set the security group of the cluster to allow only the application instance's security group to connect.
upvoted 0 times
...
Wilburn
5 months ago
A: B) Download the SSL .pem public key for Amazon DocumentDB. Add the key to the application package and make sure the application is using the key while connecting to the cluster.
upvoted 0 times
...
...
Junita
6 months ago
D and E both sound like good options to secure the connection. Creating a VPC endpoint and restricting access with a security group policy is a nice approach.
upvoted 0 times
Carol
5 months ago
Yes, setting encryption at rest and controlling access through security groups seems like a solid plan.
upvoted 0 times
...
Theodora
5 months ago
Creating a VPC endpoint and restricting access with a security group policy is a nice approach.
upvoted 0 times
...
Nieves
6 months ago
D and E both sound like good options to secure the connection.
upvoted 0 times
...
...
Silva
6 months ago
I agree with you, Cletus. We also need to create an Amazon DocumentDB VPC endpoint to secure the traffic.
upvoted 0 times
...
Cletus
6 months ago
I think we should definitely activate encryption at rest for the Amazon DocumentDB cluster.
upvoted 0 times
...
Twana
6 months ago
I'm not sure about using SSH for the connection. Isn't that a bit of a hacky solution? B looks like the better option for encrypting the data in transit.
upvoted 0 times
...
Melita
6 months ago
Option C seems the most straightforward way to encrypt the data at rest. Restoring the cluster with encryption enabled is a clean solution.
upvoted 0 times
Glory
5 months ago
E) Activate encryption at rest using the modify-db-cluster command with the ---storage-encrypted parameter set to true. Set the security group of the cluster to allow only the application instance's security group to connect.
upvoted 0 times
...
Cherry
6 months ago
B) Download the SSL .pem public key for Amazon DocumentDB. Add the key to the application package and make sure the application is using the key while connecting to the cluster.
upvoted 0 times
...
Donte
6 months ago
E) Activate encryption at rest using the modify-db-cluster command with the ---storage-encrypted parameter set to true. Set the security group of the cluster to allow only the application instance's security group to connect.
upvoted 0 times
...
Tashia
6 months ago
I agree, Option E is also important to activate encryption at rest. We need to make sure data is secure both in transit and at rest.
upvoted 0 times
...
Ashanti
6 months ago
Yes, activating encryption at rest during the restore process is a simple and effective solution.
upvoted 0 times
...
Rodney
6 months ago
I agree, that seems like the most efficient way to ensure the data at rest is encrypted.
upvoted 0 times
...
Lucina
6 months ago
B) Download the SSL .pem public key for Amazon DocumentDB. Add the key to the application package and make sure the application is using the key while connecting to the cluster.
upvoted 0 times
...
Narcisa
6 months ago
Option C is definitely a good choice. Restoring the cluster with encryption enabled is a clean solution.
upvoted 0 times
...
Lashandra
6 months ago
Option C is definitely the way to go. Restoring the cluster with encryption enabled is the best approach.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77