Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam DBS-C01 Topic 8 Question 90 Discussion

Actual exam question for Amazon's DBS-C01 exam
Question #: 90
Topic #: 8
[All DBS-C01 Questions]

A healthcare company is running an application on Amazon EC2 in a public subnet and using Amazon DocumentDB (with MongoDB compatibility) as the storage layer. An audit reveals that the traffic between the application and Amazon DocumentDB is not encrypted and that the DocumentDB cluster is not encrypted at rest. A database specialist must correct these issues and ensure that the data in transit and the data at rest are encrypted.

Which actions should the database specialist take to meet these requirements? (Select TWO.)

Show Suggested Answer Hide Answer
Suggested Answer: B, C

Contribute your Thoughts:

Tasia
5 months ago
Candidate 2: That's a good point. Setting a VPC endpoint policy to restrict access to only the application instance's security group adds an extra layer of security.
upvoted 0 times
...
Orville
6 months ago
Candidate 4: Creating an Amazon DocumentDB VPC endpoint also seems like a good idea to prevent traffic from the public endpoint.
upvoted 0 times
...
Marilynn
6 months ago
Candidate 1: Yeah, that combined with setting the security group of the cluster to only allow connections from the application instance's security group should secure the data.
upvoted 0 times
...
Salina
6 months ago
Candidate 3: Option E seems like a good choice. Activating encryption at rest with the modify-db-cluster command sounds like the right solution.
upvoted 0 times
...
Cletus
7 months ago
Candidate 2: I agree. It's crucial for ensuring the security of the data stored in Amazon DocumentDB.
upvoted 0 times
...
Theresia
7 months ago
Candidate 1: I think we should definitely enable encryption of data in transit and at rest.
upvoted 0 times
...
Suzan
8 months ago
Eliseo: We can activate encryption at rest using the modify-db-cluster command with the storage-encrypted parameter set to true.
upvoted 0 times
...
Eliseo
8 months ago
Krystal: Got it. And what about encrypting the data at rest in Amazon DocumentDB?
upvoted 0 times
...
Krystal
8 months ago
We need to update the application configuration to use the instance endpoint and run queries over SSH.
upvoted 0 times
...
Reed
8 months ago
What should we do to encrypt the traffic between the application and Amazon DocumentDB?
upvoted 0 times
Lashandra
8 months ago
D) Create an Amazon DocumentDB VPC endpoint to prevent the traffic from going to the Amazon DocumentDB public endpoint. Set a VPC endpoint policy to allow only the application instance's security group to connect.
upvoted 0 times
...
Ronnie
8 months ago
E) Activate encryption at rest using the modify-db-cluster command with the ---storage-encrypted parameter set to true. Set the security group of the cluster to allow only the application instance's security group to connect.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77