A: Enable encryption
B: KMS is for storage and doesn't directly integrate to DB without further work
C and D are for data encryption in transit not at rest
KMS only generates and manages encryption keys. That's it. That's all it does. It's a fundamental service that you as well as other AWS Services (like Secrets Manager) use it to encrypt or decrypt.
Key Management Service. Secrets Manager is for database connection strings.
upvoted 3 times
KMS only generates and manages encryption keys. That's it. That's all it does. It's a fundamental service that you as well as other AWS Services (like Secrets Manager) use it to encrypt or decrypt.
Secrets Manager stores actual secrets like passwords, pass phrases, and anything else you want encrypted. SM uses KMS to encrypt its secrets, it would be circular to get an encryption key from KMS to use SM to encrypt the encryption key.
A is the correct solution to meet the requirement of encrypting the data at rest.
To encrypt data at rest in Amazon RDS, you can use the encryption feature of Amazon RDS, which uses AWS Key Management Service (AWS KMS). With this feature, Amazon RDS encrypts each database instance with a unique key. This key is stored securely by AWS KMS. You can manage your own keys or use the default AWS-managed keys. When you enable encryption for a DB instance, Amazon RDS encrypts the underlying storage, including the automated backups, read replicas, and snapshots.
A. Create a key in AWS Key Management Service (AWS KMS). Enable encryption for the DB instances is the correct answer to encrypt the data at rest in Amazon RDS DB instances.
Amazon RDS provides multiple options for encrypting data at rest. AWS Key Management Service (KMS) is used to manage the keys used to encrypt and decrypt the data. Therefore, a solution architect should create a key in AWS KMS and enable encryption for the DB instances to encrypt the data at rest.
A. Create a key in AWS Key Management Service (AWS KMS). Enable encryption for the DB instances.
https://www.examtopics.com/discussions/amazon/view/80753-exam-aws-certified-solutions-architect-associate-saa-c02/
upvoted 3 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
awsgeek75
5 months, 3 weeks agoawsgeek75
5 months, 1 week agorobpalacios1
7 months agoantropaws
1 year agoaaroncelestin
10 months agoSkyZeroZx
1 year, 1 month agodatz
1 year, 3 months agoPRASAD180
1 year, 3 months agoSteve_4542636
1 year, 3 months agoLuckyAro
1 year, 4 months agobdp123
1 year, 4 months agopbpally
1 year, 4 months agoNolaHOla
1 year, 4 months agojennyka76
1 year, 4 months agoBhawesh
1 year, 4 months ago