Answer-first summary for fast verification
Answer: Use AWS Database Migration Service (AWS DMS) to migrate the data to AWS, create a DMS replication instance in a private subnet, create VPC endpoints for AWS DMS, configure a DMS task to copy data from the on-premises database to the DB instance using full load plus change data capture (CDC), use the AWS Key Management Service (AWS KMS) default key for encryption at rest, and use TLS for encryption in transit.
The correct answer is B. AWS Database Migration Service (AWS DMS) is designed for this exact use case. It can efficiently handle the migration of databases to AWS with minimal downtime using full load plus change data capture (CDC). This ensures that the database remains up-to-date during the migration process. By creating a DMS replication instance in a private subnet and configuring VPC endpoints for AWS DMS, the data transfer is made secure without transiting over the public internet. Additionally, using AWS Key Management Service (AWS KMS) for encryption at rest and TLS for encryption in transit fulfills the security requirements. Options A, C, and D involve more steps and complexity, making them less efficient compared to using AWS DMS.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company is planning to migrate an on-premises application and a MySQL database to AWS. The application handles highly sensitive data that is continuously updated in the database. The migration must not involve data transfer over the internet, and both data in transit and at rest must be encrypted. The database size is 5 TB. The company has already established the database schema in an Amazon RDS for MySQL DB instance and has set up a 1 Gbps AWS Direct Connect connection with both a public VIF and a private VIF. A solutions architect is tasked with designing a solution to migrate the data to AWS with minimal downtime. Which solution meets these stringent requirements?
A
Perform a database backup, copy the backup files to an AWS Snowball Edge Storage Optimized device, import the backup to Amazon S3, use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) for encryption at rest, use TLS for encryption in transit, and import the data from Amazon S3 to the DB instance.
B
Use AWS Database Migration Service (AWS DMS) to migrate the data to AWS, create a DMS replication instance in a private subnet, create VPC endpoints for AWS DMS, configure a DMS task to copy data from the on-premises database to the DB instance using full load plus change data capture (CDC), use the AWS Key Management Service (AWS KMS) default key for encryption at rest, and use TLS for encryption in transit.
C
Perform a database backup, use AWS DataSync to transfer the backup files to Amazon S3, use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) for encryption at rest, use TLS for encryption in transit, and import the data from Amazon S3 to the DB instance.
D
Use Amazon S3 File Gateway, set up a private connection to Amazon S3 using AWS PrivateLink, perform a database backup, copy the backup files to Amazon S3, use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) for encryption at rest, use TLS for encryption in transit, and import the data from Amazon S3 to the DB instance.