Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Amazon Exam DBS-C01 Topic 3 Question 88 Discussion

Actual exam question for Amazon's DBS-C01 exam
Question #: 88
Topic #: 3
[All DBS-C01 Questions]

A healthcare company is running an application on Amazon EC2 in a public subnet and using Amazon DocumentDB (with MongoDB compatibility) as the storage layer. An audit reveals that the traffic between the application and Amazon DocumentDB is not encrypted and that the DocumentDB cluster is not encrypted at rest. A database specialist must correct these issues and ensure that the data in transit and the data at rest are encrypted.

Which actions should the database specialist take to meet these requirements? (Select TWO.)

Show Suggested Answer Hide Answer
Suggested Answer: B, C

by Ressie at Mar 21, 2024, 08:32 PM

Limited Time Offer

25%

Off

Get Premium DBS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Corinne
10 months ago
Candidate 1: Definitely. It's crucial to have data encryption in place to protect sensitive information.
upvoted 0 times
...
Jessenia
10 months ago
Candidate 2: So, it seems like we all agree that option E is the way to go to address the encryption issues with the Amazon DocumentDB cluster.
upvoted 0 times
...
Carey
10 months ago
Candidate 4: I would also choose option E. It covers both data in transit and data at rest encryption requirements.
upvoted 0 times
...
Michel
11 months ago
Candidate 3: I think option E is the best choice as it specifically mentions activating encryption at rest and setting the security group to control access.
upvoted 0 times
...
Geoffrey
11 months ago
Candidate 2: I agree with Candidate 1. It's important to ensure that data at rest is encrypted and that only specific security groups can connect to the cluster.
upvoted 0 times
...
Dick
11 months ago
Candidate 1: I think the correct actions to take are to activate encryption at rest and set the security group of the cluster to allow only the application instance's security group to connect.
upvoted 0 times
...
Leonida
11 months ago
I heard we can do that by setting the ---storage-encrypted parameter to true when modifying the DB cluster.
upvoted 0 times
...
Tammy
11 months ago
Agreed. We should also activate encryption at rest for the data in Amazon DocumentDB.
upvoted 0 times
...
Malcolm
11 months ago
Yes, that's important for security. We can download the SSL .pem public key for Amazon DocumentDB.
upvoted 0 times
...
Leonida
1 years ago
I think we need to encrypt the traffic between the application and Amazon DocumentDB.
upvoted 0 times
...
Elouise
1 years ago
Hmm, I'm not sure about Option A. Using SSH to run queries doesn't really address the encryption requirements, in my opinion.
upvoted 0 times
...
Reta
1 years ago
Yeah, I'm thinking either option C or E could be the way to go. Encrypting the cluster at rest is a must-have.
upvoted 0 times
Nadine
1 years ago
Definitely, setting the cluster to only allow the application instance's security group to connect is important too
upvoted 0 times
...
Javier
1 years ago
Yes, activating encryption at rest seems like the right solution
upvoted 0 times
...
Alva
1 years ago
I think option E sounds like the best choice
upvoted 0 times
...
Filiberto
1 years ago
I agree, encrypting the cluster at rest is crucial
upvoted 0 times
...
...
Edelmira
1 years ago
I agree, this isn't a straightforward one. We need to focus on the two main issues - the unencrypted traffic and the unencrypted cluster.
upvoted 0 times
...
Lisha
1 years ago
This is a tricky question. The key requirements are to encrypt the data in transit and at rest. Looks like we have a few options to consider here.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77