exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 382 discussion

A company is running an online transaction processing (OLTP) workload on AWS. This workload uses an unencrypted Amazon RDS DB instance in a Multi-AZ deployment. Daily database snapshots are taken from this instance.
What should a solutions architect do to ensure the database and snapshots are always encrypted moving forward?

  • A. Encrypt a copy of the latest DB snapshot. Replace existing DB instance by restoring the encrypted snapshot.
  • B. Create a new encrypted Amazon Elastic Block Store (Amazon EBS) volume and copy the snapshots to it. Enable encryption on the DB instance.
  • C. Copy the snapshots and enable encryption using AWS Key Management Service (AWS KMS). Restore encrypted snapshot to an existing DB instance.
  • D. Copy the snapshots to an Amazon S3 bucket that is encrypted using server-side encryption with AWS Key Management Service (AWS KMS) managed keys (SSE-KMS).
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
lovelyone
Highly Voted 3 years, 2 months ago
You can't restore from a DB snapshot to an existing DB instance; a new DB instance is created when you restore. https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_RestoreFromSnapshot.html#USER_RestoreFromSnapshot.CON So answer A is right
upvoted 53 times
Rajjay
3 years, 1 month ago
Agreed - Option C- "Restore encrypted snapshot to an existing DB instance" is not correct. Answer is A
upvoted 7 times
...
user0001
2 years, 9 months ago
true , you have to read the full answer , in C they don mention to same instance otherwise it could be valid option
upvoted 2 times
...
...
dmscountera
Highly Voted 3 years, 3 months ago
A. Encrypt a copy of the latest DB snapshot. Replace existing DB instance by restoring the encrypted snapshot. When you restore from a snapshot a new DB instance is provisioned
upvoted 16 times
...
Rupak10
Most Recent 1 year, 10 months ago
Most commonly used question. Available in every dump almost.
upvoted 1 times
...
sofiella
1 year, 10 months ago
Option A: Encrypt a copy of the latest DB snapshot. Replace existing DB instance by restoring the encrypted snapshot, could be a valid solution, but it is less preferred compared to Option C. The reason is that in Option A, you would need to replace the existing DB instance, which would require downtime and potentially cause disruption to the online transaction processing (OLTP) workload. Also, this option may require additional steps to ensure that the new DB instance has the same configuration as the original instance, such as security groups, subnets, and parameter groups. These steps could add complexity and risk to the migration process. On the other hand, Option C avoids these issues by encrypting the snapshots while they are stored and preserving the existing DB instance. This minimizes the risk of disruption and provides a more straightforward and secure solution for encrypting the database and its snapshots.
upvoted 1 times
...
sofiella
1 year, 10 months ago
The best option to ensure the database and snapshots are always encrypted moving forward would be option C: Copy the snapshots and enable encryption using AWS Key Management Service (AWS KMS). Restore encrypted snapshot to an existing DB instance. In this option, the snapshots would be encrypted using AWS KMS, ensuring that the data is secure both during the snapshot process and when the data is stored. Once the snapshots are encrypted, they can be restored to an existing DB instance, preserving the existing Multi-AZ deployment and avoiding the need to create a new DB instance or perform any other complex steps. This would provide a straightforward and secure solution for encrypting the database and its snapshots.
upvoted 2 times
AkaGS
1 year, 8 months ago
Agree, here is link, https://repost.aws/knowledge-center/encrypt-rds-snapshots so the answer is clear, option C
upvoted 1 times
...
...
sofiella
1 year, 10 months ago
The best option to ensure the database and snapshots are always encrypted moving forward would be option C: Copy the snapshots and enable encryption using AWS Key Management Service (AWS KMS). Restore encrypted snapshot to an existing DB instance. In this option, the snapshots would be encrypted using AWS KMS, ensuring that the data is secure both during the snapshot process and when the data is stored. Once the snapshots are encrypted, they can be restored to an existing DB instance, preserving the existing Multi-AZ deployment and avoiding the need to create a new DB instance or perform any other complex steps. This would provide a straightforward and secure solution for encrypting the database and its snapshots.
upvoted 2 times
...
Ekie
2 years, 2 months ago
C... B is tricky and wrong...we are not replacing existing DB instance. we are creating new encrypted DB instance from it, and then repointing app to use new endpoint
upvoted 3 times
...
queen101
2 years, 4 months ago
Encrypt the latest snapshot taken......AAAAA
upvoted 1 times
...
Alfene
2 years, 4 months ago
Agreed with A
upvoted 1 times
...
marklovesaws143
2 years, 5 months ago
Selected Answer: A
AAAAAAAAAAAAAAAAAAA
upvoted 2 times
...
naveenagurjara
2 years, 6 months ago
Selected Answer: A
Not C coz cannot restore into an existing live instance.
upvoted 1 times
...
slcheng
2 years, 6 months ago
Selected Answer: A
agreed with A
upvoted 1 times
...
Kaisv
2 years, 7 months ago
Answer is A
upvoted 1 times
...
Gagan_Atri
2 years, 8 months ago
A is correct
upvoted 1 times
...
yelhani
2 years, 10 months ago
Selected Answer: A
Restore encrypted snapshot to an existing DB instance!! WE CAN'T RESTORE A SNAPSHOT TO AN EXISTING DB INSTANCE
upvoted 3 times
...
sayed
2 years, 10 months ago
Selected Answer: A
A is correct
upvoted 1 times
...
PrinceMughal
2 years, 11 months ago
Selected Answer: A
A is right.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago