Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Amazon Exam DBS-C01 Topic 6 Question 98 Discussion

Actual exam question for Amazon's DBS-C01 exam
Question #: 98
Topic #: 6
[All DBS-C01 Questions]

A healthcare company is running an application on Amazon EC2 in a public subnet and using Amazon DocumentDB (with MongoDB compatibility) as the storage layer. An audit reveals that the traffic between the application and Amazon DocumentDB is not encrypted and that the DocumentDB cluster is not encrypted at rest. A database specialist must correct these issues and ensure that the data in transit and the data at rest are encrypted.

Which actions should the database specialist take to meet these requirements? (Select TWO.)

Show Suggested Answer Hide Answer
Suggested Answer: B, C

by Eladia at Jul 16, 2024, 11:41 AM

Limited Time Offer

25%

Off

Get Premium DBS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Tabetha
4 months ago
Wow, this is a tough one. I'm going to have to go with C and E. Encrypting the data at rest and updating the application to use the new cluster seems like the way to go. Though I do wonder if the database specialist has any experience with 'magic the gathering' - that might come in handy here!
upvoted 0 times
Rupert
2 months ago
Haha, that would be interesting! Let's hope the database specialist can work some magic and protect our data. Thanks for your input!
upvoted 0 times
...
Reta
2 months ago
I agree with you, C and E seem like the best options to ensure data encryption. As for 'magic the gathering', maybe the specialist can use some magic to secure the data!
upvoted 0 times
...
Jacquelyne
3 months ago
E) Activate encryption at rest using the modify-db-cluster command with the ---storage-encrypted parameter set to true. Set the security group of the cluster to allow only the application instance's security group to connect.
upvoted 0 times
...
Malissa
3 months ago
C) Create a snapshot of the unencrypted cluster. Restore the unencrypted snapshot as a new cluster with the ---storage-encrypted parameter set to true. Update the application to point to the new cluster.
upvoted 0 times
...
...
Gaston
4 months ago
And we should make sure to update the security group of the cluster to only allow connections from the application instance's security group.
upvoted 0 times
...
Mari
4 months ago
Yes, we can do that by setting the ---storage-encrypted parameter to true using the modify-db-cluster command.
upvoted 0 times
...
Novella
4 months ago
We should also activate encryption at rest for the data in Amazon DocumentDB.
upvoted 0 times
...
Carlee
4 months ago
C and D for sure! Creating an encrypted snapshot and restoring it, along with setting up a VPC endpoint to secure the connection, sounds like the best approach to me.
upvoted 0 times
Nickolas
3 months ago
Yes, creating an encrypted snapshot and setting up a VPC endpoint will ensure that the data is encrypted both at rest and in transit.
upvoted 0 times
...
Laticia
3 months ago
I agree, C and D seem like the most appropriate actions to take in this situation.
upvoted 0 times
...
Annelle
3 months ago
C and D are good options. Creating an encrypted snapshot and setting up a VPC endpoint will definitely help secure the data.
upvoted 0 times
...
...
Vernell
4 months ago
I'd say B and E are the right choices. Downloading the SSL .pem key and adding it to the application, and then modifying the cluster to enable encryption at rest, should do the trick.
upvoted 0 times
Shawnee
3 months ago
Definitely, those actions will ensure the data is encrypted properly.
upvoted 0 times
...
Carol
4 months ago
That makes sense, it's important to protect data in transit and at rest.
upvoted 0 times
...
Mitsue
4 months ago
Agreed, downloading the SSL .pem key and enabling encryption at rest should secure the data.
upvoted 0 times
...
Fletcher
4 months ago
I think B and E are the best options.
upvoted 0 times
...
...
Renato
5 months ago
Hmm, I think options C and E are the way to go here. We need to encrypt the data at rest and in transit, so restoring an encrypted snapshot and modifying the cluster to enable encryption at rest seem like the best solutions.
upvoted 0 times
Flo
4 months ago
Yes, and option E will help encrypt the data in transit by modifying the cluster settings.
upvoted 0 times
...
Jade
4 months ago
I agree, option C seems like a good choice to encrypt the data at rest.
upvoted 0 times
...
...
Gaston
5 months ago
I agree. We could download the SSL .pem public key for Amazon DocumentDB and update the application to use it.
upvoted 0 times
...
Mari
5 months ago
I think we should definitely encrypt the traffic between the application and Amazon DocumentDB.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77