Answer-first summary for fast verification
Answer: Replace the current DB instance with one restored from an encrypted version of the latest snapshot.
Option A is correct because to ensure that both the database and its snapshots are encrypted moving forward, you need to take the latest unencrypted snapshot, create an encrypted copy of it, and then restore an encrypted DB instance from that snapshot. This way, the restored instance and its future snapshots will be encrypted. Simply enabling encryption on the existing DB instance is not possible directly, and transferring snapshots to a different storage type like EBS or S3, as mentioned in other options, does not fully ensure that future snapshots will be encrypted.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
An AWS-based OLTP workload utilizes an unencrypted RDS Multi-AZ DB instance with daily snapshots. How should encryption be implemented for the DB instance and its snapshots?
A
Replace the current DB instance with one restored from an encrypted version of the latest snapshot.
B
Create an encrypted EBS volume, transfer snapshots, and apply encryption to the DB instance.
C
Encrypt the DB instance and restore from an encrypted snapshot using AWS KMS.
D
Transfer snapshots to an S3 bucket with SSE-KMS for encryption.
No comments yet.