CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. DBS-C01

Free DBS-C01 Exam Braindumps (page: 18)

Page 17 of 82
PDF with 359 Questions

A company is using 5 TB Amazon RDS DB instances and needs to maintain 5 years of monthly database backups for compliance purposes. A Database Administrator must provide Auditors with data within 24 hours.
Which solution will meet these requirements and is the MOST operationally efficient?

  1. Create an AWS Lambda function to run on the first day of every month to take a manual RDS snapshot. Move the snapshot to the company’s Amazon S3 bucket.
  2. Create an AWS Lambda function to run on the first day of every month to take a manual RDS snapshot.
  3. Create an RDS snapshot schedule from the AWS Management Console to take a snapshot every 30 days.
  4. Create an AWS Lambda function to run on the first day of every month to create an automated RDS snapshot.

Answer(s): A



A company wants to automate the creation of secure test databases with random credentials to be stored safely for later use. The credentials should have sufficient information about each test database to initiate a connection and perform automated credential rotations. The credentials should not be logged or stored anywhere in an unencrypted form.
Which steps should a Database Specialist take to meet these requirements using an AWS CloudFormation template?

  1. Create the database with the MasterUserName and MasterUserPassword properties set to the default values. Then, create the secret with the user name and password set to the same default values. Add a Secret Target Attachment resource with the SecretId and TargetId properties set to the Amazon Resource Names (ARNs) of the secret and the database. Finally, update the secret’s password value with a randomly generated string set by the GenerateSecretString property.
  2. Add a Mapping property from the database Amazon Resource Name (ARN) to the secret ARN. Then, create the secret with a chosen user name and a randomly generated password set by the GenerateSecretString property. Add the database with the MasterUserName and MasterUserPassword properties set to the user name of the secret.
  3. Add a resource of type AWS::SecretsManager::Secret and specify the GenerateSecretString property. Then, define the database user name in the SecureStringTemplate template. Create a resource for the database and reference the secret string for the MasterUserName and MasterUserPassword properties. Then, add a resource of type AWS::SecretsManagerSecretTargetAttachment with the SecretId and TargetId properties set to the Amazon Resource Names (ARNs) of the secret and the database.
  4. Create the secret with a chosen user name and a randomly generated password set by the GenerateSecretString property. Add an SecretTargetAttachment resource with the SecretId property set to the Amazon Resource Name (ARN) of the secret and the TargetId property set to a parameter value matching the desired database ARN. Then, create a database with the MasterUserName and MasterUserPassword properties set to the previously created values in the secret.

Answer(s): C

Explanation:


Reference:

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource- secretsmanager-secrettargetattachment.html



A company is going to use an Amazon Aurora PostgreSQL DB cluster for an application backend. The DB cluster contains some tables with sensitive data. A Database Specialist needs to control the access privileges at the table level.
How can the Database Specialist meet these requirements?

  1. Use AWS IAM database authentication and restrict access to the tables using an IAM policy.
  2. Configure the rules in a NACL to restrict outbound traffic from the Aurora DB cluster.
  3. Execute GRANT and REVOKE commands that restrict access to the tables containing sensitive data.
  4. Define access privileges to the tables containing sensitive data in the pg_hba.conf file.

Answer(s): C


Reference:

https://aws.amazon.com/blogs/database/managing-postgresql-users-and-roles/



A Database Specialist is working with a company to launch a new website built on Amazon Aurora with several Aurora Replicas. This new website will replace an on-premises website connected to a legacy relational database. Due to stability issues in the legacy database, the company would like to test the resiliency of Aurora.
Which action can the Database Specialist take to test the resiliency of the Aurora DB cluster?

  1. Stop the DB cluster and analyze how the website responds
  2. Use Aurora fault injection to crash the master DB instance
  3. Remove the DB cluster endpoint to simulate a master DB instance failure
  4. Use Aurora Backtrack to crash the DB cluster

Answer(s): B


Reference:

https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Managing.FaultInjectionQueries.html






Post your Comments and Discuss Amazon DBS-C01 exam with other Community members:

DBS-C01 Exam Discussions & Posts