exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 743 discussion

To meet security requirements, a company needs to encrypt all of its application data in transit while communicating with an Amazon RDS MySQL DB instance. A recent security audit revealed that encryption at rest is enabled using AWS Key Management Service (AWS KMS), but data in transit is not enabled.

What should a solutions architect do to satisfy the security requirements?

  • A. Enable IAM database authentication on the database.
  • B. Provide self-signed certificates. Use the certificates in all connections to the RDS instance.
  • C. Take a snapshot of the RDS instance. Restore the snapshot to a new instance with encryption enabled.
  • D. Download AWS-provided root certificates. Provide the certificates in all connections to the RDS instance.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
BillaRanga
Highly Voted 1 year, 1 month ago
Selected Answer: D
Amazon RDS creates an SSL certificate and installs the certificate on the DB instance when the instance is provisioned. So it is AWS provided.
upvoted 13 times
...
Andy_09
Highly Voted 1 year, 1 month ago
Option D
upvoted 5 times
...
Arad
Most Recent 4 months ago
Selected Answer: A
A is the correct answer
upvoted 1 times
...
JA2018
4 months ago
Selected Answer: D
Why D is correct: To encrypt data in transit to an RDS MySQL instance, you need to configure the database connection to use TLS/SSL, which requires using AWS-provided root certificates to establish a secure connection.
upvoted 2 times
JA2018
4 months ago
Why other options are incorrect: A (IAM database authentication): While important for user access control, this does not address data encryption in transit. B (Self-signed certificates): Using self-signed certificates is not recommended for production environments as they cannot be verified by the client and might raise security concerns. C (Snapshot and restore): Taking a snapshot and restoring to a new instance with encryption enabled only affects data at rest, not data in transit.
upvoted 1 times
JA2018
4 months ago
From Google AI Search: Key point: To encrypt data in transit to an RDS instance, ensure your application uses the appropriate AWS-provided root certificates to establish a secure TLS/SSL connection.
upvoted 1 times
...
...
...
Scheldon
9 months, 1 week ago
Selected Answer: D
AnswerD
upvoted 2 times
...
DAIYL
10 months, 3 weeks ago
Selected Answer: D
Even if IAM database authentication is enabled, clients still need to download and configure the AWS-provided root certificate to ensure a secure connection using SSL/TLS encryption. Without configuring the certificate, communication may not be fully encrypted, even with IAM authentication enabled. https://docs.aws.amazon.com/zh_cn/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html
upvoted 4 times
Nm55569
10 months ago
That's not in any of the answers - "Provide the certificates in all connections to the RDS instance." this doesn't make sense with option D - it's not saying configure to trust the CA. Answer can only be option A. Your link includes this "Optionally, your SSL/TLS connection can perform server identity verification by validating the server certificate installed on your database.". This you don't actually need to trust the using CA and can configure the app that way - the traffic is still encrypted though.
upvoted 3 times
...
...
Kezuko
1 year ago
Selected Answer: A
A https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html
upvoted 4 times
...
Sivaeas
1 year ago
Optiona A: IAM database authentication provides the following benefits: Network traffic to and from the database is encrypted using Secure Socket Layer (SSL) or Transport Layer Security (TLS). For more information about using SSL/TLS with Amazon RDS, see Using SSL/TLS to encrypt a connection to a DB instance or cluster.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago