Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam DBS-C01 Topic 1 Question 89 Discussion

Actual exam question for Amazon's DBS-C01 exam
Question #: 89
Topic #: 1
[All DBS-C01 Questions]

A company uses an Amazon Redshift cluster to run its analytical workloads. Corporate policy requires that the company's data be encrypted at rest with customer managed keys. The company's disaster recovery plan requires that backups of the cluster be copied into another AWS Region on a regular basis.

How should a database specialist automate the process of backing up the cluster data in compliance with these policies?

Show Suggested Answer Hide Answer
Suggested Answer: B

According to the Amazon Redshift documentation1, you can enable database encryption for your clusters to help protect data at rest. You can use either AWS Key Management Service (AWS KMS) or a hardware security module (HSM) to manage the top-level encryption keys in this hierarchy. The process that Amazon Redshift uses for encryption differs depending on how you manage keys.

To copy encrypted snapshots across Regions, you need to create a snapshot copy grant in the destination Region and specify a CMK in that Region. You also need to configure cross-Region snapshots in the source Region and provide the destination Region, the snapshot copy grant, and retention periods for the snapshots. This way, you can automate the process of backing up the cluster data in compliance with the corporate policies.


by Alishia at Apr 11, 2024, 12:53 PM

Limited Time Offer

25%

Off

Get Premium DBS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Mitzie
8 months ago
That's a good point. Maybe option C is the way to go after all.
upvoted 0 times
...
Noe
8 months ago
That's true, but configuring cross-Region snapshots with S3 replication in option C provides redundancy.
upvoted 0 times
...
Berry
8 months ago
But wouldn't copying the KMS key to the destination Region be more secure?
upvoted 0 times
...
Mitzie
8 months ago
I'm leaning towards option D because it seems simpler to manage.
upvoted 0 times
...
Noe
8 months ago
I disagree, I believe option C is more suitable for our needs.
upvoted 0 times
...
Berry
8 months ago
I think option B is the best choice.
upvoted 0 times
...
Jacki
8 months ago
I think option C is the most secure option as it involves replicating the snapshots with specified KMS key IDs.
upvoted 0 times
...
Catina
9 months ago
But with option C, we can use EventBridge to automate the process with Lambda function.
upvoted 0 times
...
Matt
9 months ago
I prefer option A. It's more straightforward to copy the key and use AWS Glue job.
upvoted 0 times
...
Frederic
10 months ago
I agree with Option C seems to be the most efficient solution.
upvoted 0 times
...
Catina
10 months ago
I think option C is the best choice.
upvoted 0 times
...
An
11 months ago
Yeah, I like the elegance of option C as well. Leveraging existing AWS services like Eventbridge, Lambda, and S3 replication makes a lot of sense here.
upvoted 0 times
...
Levi
11 months ago
I'm leaning towards option C. Using EventBridge and Lambda to automate the snapshot process, along with S3 Cross-Region Replication, seems like a robust and comprehensive solution.
upvoted 0 times
...
Edna
11 months ago
Hmm, I'm leaning towards option C. Copying the KMS key to the destination region and using S3 Cross-Region Replication seems like a robust and automated solution.
upvoted 0 times
Kristal
9 months ago
I agree, it's important to have a secure and automated backup process in place.
upvoted 0 times
...
Rosendo
9 months ago
Yeah, having the KMS key in both regions and using Lambda to copy the snapshots sounds efficient.
upvoted 0 times
...
Jaime
9 months ago
Option C seems like a good choice. Using S3 Cross-Region Replication can help automate the process.
upvoted 0 times
...
...
Willodean
11 months ago
I agree. The key is to properly set up the KMS keys and configure the cross-region snapshot replication. It's a good thing they're giving us multiple options to consider.
upvoted 0 times
...
Willie
11 months ago
You know, I'm a little concerned about the complexity of some of these solutions. Wouldn't it be simpler to just backup to an S3 bucket and let S3 handle the encryption and replication?
upvoted 0 times
...
Suzan
11 months ago
That's a good point. Option D does seem more straightforward in terms of the key management. But I'm not sure if that fully meets the requirement of using 'customer-managed' keys in both regions.
upvoted 0 times
...
Leslee
11 months ago
I think option B is the way to go. Creating a new KMS key in the destination Region and configuring cross-Region snapshots seems like the most straightforward approach.
upvoted 0 times
...
Buddy
11 months ago
Oh man, I hope they don't ask us to explain the intricacies of AWS KMS and cross-Region replication. That stuff always makes my head spin.
upvoted 0 times
Marci
10 months ago
Option D could work too, as long as the CMK is properly configured.
upvoted 0 times
...
Lezlie
10 months ago
D
upvoted 0 times
...
Josefa
10 months ago
I'm leaning towards option C because it involves using Amazon EventBridge and S3 Cross-Region Replication.
upvoted 0 times
...
Arlene
10 months ago
C
upvoted 0 times
...
Timothy
10 months ago
But option A also seems like a viable solution.
upvoted 0 times
...
Julio
10 months ago
A
upvoted 0 times
...
Glennis
10 months ago
I think option B sounds like the best choice.
upvoted 0 times
...
Wilford
10 months ago
B
upvoted 0 times
...
...
Yvonne
11 months ago
Hmm, this is a tricky one. We need to make sure the backup process is fully automated and complies with the company's data encryption and disaster recovery policies.
upvoted 0 times
...
Mariko
11 months ago
This is a great question that really tests our understanding of AWS Redshift backup and encryption best practices. I'm feeling confident about this one.
upvoted 0 times
...

Save Cancel