How should the Data...
Clear all

How should the Database Specialist satisfy this new requirement?

1 Posts
1 Users
Noble Member
Joined: 7 months ago
Posts: 362
Topic starter  

A Database Specialist migrated an existing production MySQL database from on-premises to an Amazon RDS for MySQL DB instance. However, after the migration, the database needed to be encrypted at rest using AWS KMS. Due to the size of the database, reloading, the data into an encrypted database would be too time-consuming, so it is not an option.

How should the Database Specialist satisfy this new requirement?

  • A . Create a snapshot of the unencrypted RDS DB instance. Create an encrypted copy of the unencrypted snapshot. Restore the encrypted snapshot copy.
  • B . Modify the RDS DB instance. Enable the AWS KMS encryption option that leverages the AWS CL
  • D . Restore an unencrypted snapshot into a MySQL RDS DB instance that is encrypted.
  • E . Create an encrypted read replica of the RDS DB instance. Promote it the master.

Show Answer Hide Answer

Suggested Answer: A


"However, because you can encrypt a copy of an unencrypted DB snapshot, you can effectively add encryption to an unencrypted DB instance. That is, you can create a snapshot of your DB instance, and then create an encrypted copy of that snapshot. You can then restore a DB instance from the encrypted snapshot, and thus you have an encrypted copy of your original DB instance. For more information, see Copying a Snapshot."