Free DBS-C01 Exam Braindumps (page: 40)

Page 40 of 82

A financial services company uses Amazon RDS for Oracle with Transparent Data Encryption (TDE). The company is required to encrypt its data at rest at all times. The key required to decrypt the data has to be highly available, and access to the key must be limited. As a regulatory requirement, the company must have the ability to rotate the encryption key on demand. The company must be able to make the key unusable if any potential security breaches are spotted. The company also needs to accomplish these tasks with minimum overhead.
What should the database administrator use to set up the encryption to meet these requirements?

  1. AWS CloudHSM
  2. AWS Key Management Service (AWS KMS) with an AWS managed key
  3. AWS Key Management Service (AWS KMS) with server-side encryption
  4. AWS Key Management Service (AWS KMS) CMK with customer-provided material

Answer(s): D



A company is setting up a new Amazon RDS for SQL Server DB instance. The company wants to enable SQL Server auditing on the database.
Which combination of steps should a database specialist take to meet this requirement? (Choose two.)

  1. Create a service-linked role for Amazon RDS that grants permissions for Amazon RDS to store audit logs on Amazon S3.
  2. Set up a parameter group to configure an IAM role and an Amazon S3 bucket for audit log storage. Associate the parameter group with the DB instance.
  3. Disable Multi-AZ on the DB instance, and then enable auditing. Enable Multi-AZ after auditing is enabled.
  4. Disable automated backup on the DB instance, and then enable auditing. Enable automated backup after auditing is enabled.
  5. Set up an options group to configure an IAM role and an Amazon S3 bucket for audit log storage. Associate the options group with the DB instance.

Answer(s): A,E

Explanation:

To do this, you create an IAM role and delegate permissions so that the Amazon RDS service can use your Amazon S3 bucket.

RDS uploads the completed audit logs to your S3 bucket, using the IAM role that you provide. If you enable retention, RDS keeps your audit logs on your DB instance for the configured period of time.


Reference:

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.SQLServer.Options.Audit.html



A database specialist is creating an AWS CloudFormation stack. The database specialist wants to prevent accidental deletion of an Amazon RDS ProductionDatabase resource in the stack.
Which solution will meet this requirement?

  1. Create a stack policy to prevent updates. Include Effect: ProductionDatabase Resource: Deny in the policy.
  2. Create an AWS CloudFormation stack in XML format. Set xAttribute as false.
  3. Create an RDS DB instance without the DeletionPolicy attribute. Disable termination protection.
  4. Create a stack policy to prevent updates. IncludeEffect : Deny and Resource : ProductionDatabase in the policy.

Answer(s): D


Reference:

https://aws.amazon.com/premiumsupport/knowledge-center/cloudformation-accidental-updates/



An ecommerce company migrates an on-premises MongoDB database to Amazon DocumentDB (with MongoDB compatibility). After the migration, a database specialist realizes that encryption at rest has not been turned on for the Amazon DocumentDB cluster.
What should the database specialist do to enable encryption at rest for the Amazon DocumentDB cluster?

  1. Take a snapshot of the Amazon DocumentDB cluster. Restore the unencrypted snapshot as a new cluster while specifying the encryption option, and provide an AWS Key Management Service (AWS KMS) key.
  2. Enable encryption for the Amazon DocumentDB cluster on the AWS Management Console. Reboot the cluster.
  3. Modify the Amazon DocumentDB cluster by using the modify-db-cluster command with the – storageencryptedparameter set to true.
  4. Add a new encrypted instance to the Amazon DocumentDB cluster, and then delete an unencrypted instance from the cluster. Repeat until all instances are encrypted.

Answer(s): A

Explanation:

You can enable or disable encryption at rest on an Amazon DocumentDB cluster when the cluster is provisioned using either the AWS Management Console.


Reference:

https://docs.aws.amazon.com/documentdb/latest/developerguide/encryption-at-rest.html



Page 40 of 82



Post your Comments and Discuss Amazon DBS-C01 exam with other Community members:

Pedro commented on April 27, 2024
Thanks for the dumps. It was an easy pass.
UNITED STATES
upvote

Keran commented on April 26, 2024
All of these questions are in the real exam. I just wrote my test yesterday. This is a valid exam dumps.
Anonymous
upvote

Mungara commented on March 14, 2023
thanks to this exam dumps, i felt confident and passed my exam with ease.
UNITED STATES
upvote

Mungara commented on March 14, 2023
Thanks to this exam dumps, I felt confident and passed my exam with ease.
UNITED STATES
upvote

otaku commented on August 11, 2022
just passed my dbs-c01 exam this site is really helped a lot.
Anonymous
upvote

Erik commented on March 02, 2022
These braindumps questions make passing very easy.
UNITED KINGDOM
upvote

Sanjev commented on January 12, 2022
This is the easiest way to get a 90%. Perfect exam dumps.
UNITED STATES
upvote

Abigail commented on September 20, 2021
I know using prep course are not ethical but I had to do this as this exam is way too hard to pass on your own. Thid prep course got me out of trouble.
UNITED STATES
upvote