AWS Certified Solutions Architect - Professional
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
A company is planning to migrate an on-premises application and a MySQL database to AWS. The application handles highly sensitive data that is continuously updated in the database. The migration must not involve data transfer over the internet, and both data in transit and at rest must be encrypted. The database size is 5 TB. The company has already established the database schema in an Amazon RDS for MySQL DB instance and has set up a 1 Gbps AWS Direct Connect connection with both a public VIF and a private VIF. A solutions architect is tasked with designing a solution to migrate the data to AWS with minimal downtime. Which solution meets these stringent requirements?
A
Perform a database backup, copy the backup files to an AWS Snowball Edge Storage Optimized device, import the backup to Amazon S3, use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) for encryption at rest, use TLS for encryption in transit, and import the data from Amazon S3 to the DB instance.
B
Use AWS Database Migration Service (AWS DMS) to migrate the data to AWS, create a DMS replication instance in a private subnet, create VPC endpoints for AWS DMS, configure a DMS task to copy data from the on-premises database to the DB instance using full load plus change data capture (CDC), use the AWS Key Management Service (AWS KMS) default key for encryption at rest, and use TLS for encryption in transit.
C
Perform a database backup, use AWS DataSync to transfer the backup files to Amazon S3, use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) for encryption at rest, use TLS for encryption in transit, and import the data from Amazon S3 to the DB instance.
D
Use Amazon S3 File Gateway, set up a private connection to Amazon S3 using AWS PrivateLink, perform a database backup, copy the backup files to Amazon S3, use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) for encryption at rest, use TLS for encryption in transit, and import the data from Amazon S3 to the DB instance.