Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
Scrum
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. DBS-C01

Free DBS-C01 Exam Braindumps (page: 41)

Page 40 of 82
PDF with 359 Questions

A financial services company uses Amazon RDS for Oracle with Transparent Data Encryption (TDE). The company is required to encrypt its data at rest at all times. The key required to decrypt the data has to be highly available, and access to the key must be limited. As a regulatory requirement, the company must have the ability to rotate the encryption key on demand. The company must be able to make the key unusable if any potential security breaches are spotted. The company also needs to accomplish these tasks with minimum overhead.
What should the database administrator use to set up the encryption to meet these requirements?

  1. AWS CloudHSM
  2. AWS Key Management Service (AWS KMS) with an AWS managed key
  3. AWS Key Management Service (AWS KMS) with server-side encryption
  4. AWS Key Management Service (AWS KMS) CMK with customer-provided material

Answer(s): D



A company is setting up a new Amazon RDS for SQL Server DB instance. The company wants to enable SQL Server auditing on the database.
Which combination of steps should a database specialist take to meet this requirement? (Choose two.)

  1. Create a service-linked role for Amazon RDS that grants permissions for Amazon RDS to store audit logs on Amazon S3.
  2. Set up a parameter group to configure an IAM role and an Amazon S3 bucket for audit log storage. Associate the parameter group with the DB instance.
  3. Disable Multi-AZ on the DB instance, and then enable auditing. Enable Multi-AZ after auditing is enabled.
  4. Disable automated backup on the DB instance, and then enable auditing. Enable automated backup after auditing is enabled.
  5. Set up an options group to configure an IAM role and an Amazon S3 bucket for audit log storage. Associate the options group with the DB instance.

Answer(s): A,E

Explanation:

To do this, you create an IAM role and delegate permissions so that the Amazon RDS service can use your Amazon S3 bucket.

RDS uploads the completed audit logs to your S3 bucket, using the IAM role that you provide. If you enable retention, RDS keeps your audit logs on your DB instance for the configured period of time.


Reference:

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.SQLServer.Options.Audit.html



A database specialist is creating an AWS CloudFormation stack. The database specialist wants to prevent accidental deletion of an Amazon RDS ProductionDatabase resource in the stack.
Which solution will meet this requirement?

  1. Create a stack policy to prevent updates. Include Effect: ProductionDatabase Resource: Deny in the policy.
  2. Create an AWS CloudFormation stack in XML format. Set xAttribute as false.
  3. Create an RDS DB instance without the DeletionPolicy attribute. Disable termination protection.
  4. Create a stack policy to prevent updates. IncludeEffect : Deny and Resource : ProductionDatabase in the policy.

Answer(s): D


Reference:

https://aws.amazon.com/premiumsupport/knowledge-center/cloudformation-accidental-updates/



An ecommerce company migrates an on-premises MongoDB database to Amazon DocumentDB (with MongoDB compatibility). After the migration, a database specialist realizes that encryption at rest has not been turned on for the Amazon DocumentDB cluster.
What should the database specialist do to enable encryption at rest for the Amazon DocumentDB cluster?

  1. Take a snapshot of the Amazon DocumentDB cluster. Restore the unencrypted snapshot as a new cluster while specifying the encryption option, and provide an AWS Key Management Service (AWS KMS) key.
  2. Enable encryption for the Amazon DocumentDB cluster on the AWS Management Console. Reboot the cluster.
  3. Modify the Amazon DocumentDB cluster by using the modify-db-cluster command with the – storageencryptedparameter set to true.
  4. Add a new encrypted instance to the Amazon DocumentDB cluster, and then delete an unencrypted instance from the cluster. Repeat until all instances are encrypted.

Answer(s): A

Explanation:

You can enable or disable encryption at rest on an Amazon DocumentDB cluster when the cluster is provisioned using either the AWS Management Console.


Reference:

https://docs.aws.amazon.com/documentdb/latest/developerguide/encryption-at-rest.html






Post your Comments and Discuss Amazon DBS-C01 exam with other Community members:

Exam Discussions & Posts