Learn how to migrate your transactional and sensitive databases to AWS using Amazon RDS with encryption at rest, ensuring data security and compliance while reducing operational overhead.
Table of Contents
Question
A company is migrating its workloads to AWS. The company has transactional and sensitive data in its databases. The company wants to use AWS Cloud solutions to increase security and reduce operational overhead for the databases.
Which solution will meet these requirements?
A. Migrate the databases to Amazon EC2. Use an AWS Key Management Service (AWS KMS) AWS managed key for encryption.
B. Migrate the databases to Amazon RDS Configure encryption at rest.
C. Migrate the data to Amazon S3 Use Amazon Macie for data security and protection
D. Migrate the database to Amazon RDS. Use Amazon CloudWatch Logs for data security and protection.
Answer
B. Migrate the databases to Amazon RDS Configure encryption at rest.
Explanation
Amazon Relational Database Service (Amazon RDS) is a fully managed database service that simplifies the setup, operation, and scaling of relational databases in the cloud. RDS supports encryption at rest, which automatically encrypts the underlying storage for the databases using AWS Key Management Service (AWS KMS) encryption keys. This ensures that the company’s sensitive and transactional data stored in the databases is encrypted at rest, providing a secure and compliant storage solution.
Encryption at rest in Amazon RDS offers several benefits that meet the company’s requirements:
- Increased data security: The data stored in the RDS databases is automatically encrypted, protecting it from unauthorized access or theft.
- Compliance: Encryption at rest helps meet various regulatory and industry compliance requirements for data protection, such as HIPAA, PCI-DSS, and GDPR.
- Reduced operational overhead: Amazon RDS manages the encryption keys, key rotation, and the encryption/decryption processes, offloading the operational burden from the company.
- Scalability and durability: RDS provides automatic scalability and high availability for databases, ensuring the encrypted data remains accessible and durable.
Other options:
A. Migrating databases to Amazon EC2 and using an AWS KMS key for encryption is a valid approach, but it requires more operational overhead compared to Amazon RDS. The company would need to manage the database instances, backups, high availability, and encryption key management.
C. Amazon S3 is an object storage service primarily designed for storing and retrieving data objects, not for running databases. Amazon Macie is a data security and compliance service that can help discover and protect sensitive data in S3, but it does not provide a database solution.
D. Amazon CloudWatch Logs is a monitoring and log management service, not a data security solution. It can be used to monitor database logs, but it does not provide encryption or data protection capabilities for the databases themselves.
Amazon AWS Certified Solutions Architect – Associate SAA-C03 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Solutions Architect – Associate SAA-C03 exam and earn Amazon AWS Certified Solutions Architect – Associate SAA-C03 certification.