Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam DBS-C01 Topic 8 Question 90 Discussion

Actual exam question for Amazon's DBS-C01 exam
Question #: 90
Topic #: 8
[All DBS-C01 Questions]

A healthcare company is running an application on Amazon EC2 in a public subnet and using Amazon DocumentDB (with MongoDB compatibility) as the storage layer. An audit reveals that the traffic between the application and Amazon DocumentDB is not encrypted and that the DocumentDB cluster is not encrypted at rest. A database specialist must correct these issues and ensure that the data in transit and the data at rest are encrypted.

Which actions should the database specialist take to meet these requirements? (Select TWO.)

Show Suggested Answer Hide Answer
Suggested Answer: B, C

by Antione at Apr 26, 2024, 06:45 AM

Limited Time Offer

25%

Off

Get Premium DBS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Tasia
8 months ago
Candidate 2: That's a good point. Setting a VPC endpoint policy to restrict access to only the application instance's security group adds an extra layer of security.
upvoted 0 times
...
Orville
8 months ago
Candidate 4: Creating an Amazon DocumentDB VPC endpoint also seems like a good idea to prevent traffic from the public endpoint.
upvoted 0 times
...
Marilynn
9 months ago
Candidate 1: Yeah, that combined with setting the security group of the cluster to only allow connections from the application instance's security group should secure the data.
upvoted 0 times
...
Salina
9 months ago
Candidate 3: Option E seems like a good choice. Activating encryption at rest with the modify-db-cluster command sounds like the right solution.
upvoted 0 times
...
Cletus
9 months ago
Candidate 2: I agree. It's crucial for ensuring the security of the data stored in Amazon DocumentDB.
upvoted 0 times
...
Theresia
10 months ago
Candidate 1: I think we should definitely enable encryption of data in transit and at rest.
upvoted 0 times
...
Suzan
10 months ago
Eliseo: We can activate encryption at rest using the modify-db-cluster command with the storage-encrypted parameter set to true.
upvoted 0 times
...
Eliseo
10 months ago
Krystal: Got it. And what about encrypting the data at rest in Amazon DocumentDB?
upvoted 0 times
...
Krystal
10 months ago
We need to update the application configuration to use the instance endpoint and run queries over SSH.
upvoted 0 times
...
Reed
10 months ago
What should we do to encrypt the traffic between the application and Amazon DocumentDB?
upvoted 0 times
Lashandra
10 months ago
D) Create an Amazon DocumentDB VPC endpoint to prevent the traffic from going to the Amazon DocumentDB public endpoint. Set a VPC endpoint policy to allow only the application instance's security group to connect.
upvoted 0 times
...
Ronnie
10 months ago
E) Activate encryption at rest using the modify-db-cluster command with the ---storage-encrypted parameter set to true. Set the security group of the cluster to allow only the application instance's security group to connect.
upvoted 0 times
...
...

Save Cancel