ExpertHard1 markMultiple Choice
AWS SAA-C03 · Question 11 · Domain 1.2: Secure Workloads
An application uses an Amazon RDS MySQL database. The security team requires that all database connections use SSL/TLS encryption in transit. How can a solutions architect enforce this requirement?
An application uses an Amazon RDS MySQL database. The security team requires that all database connections use SSL/TLS encryption in transit. How can a solutions architect enforce this requirement?
Answer options:
A.
Modify the RDS instance to use a custom KMS key.
B.
Configure the database parameter group to set the 'require_secure_transport' parameter to ON.
C.
Attach an IAM policy to the RDS instance denying non-SSL connections.
D.
Update the security group to only allow traffic on port 443.
How to approach this question
Understand how RDS engines enforce SSL. For MySQL and PostgreSQL, this is done via parameter groups.
Full Answer
B.Configure the database parameter group to set the 'require_secure_transport' parameter to ON.✓ Correct
To enforce SSL connections to an RDS MySQL DB instance, you use the require_secure_transport parameter in the DB parameter group.
Common mistakes
Thinking security groups or IAM can inspect and enforce SSL on the database protocol level.
Practice the full AWS SAA-C03 Practice Exam 7
65 questions · hints · full answers · grading
More questions from this exam
Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team needs...MediumQ02An application runs on Amazon EC2 instances and needs to access an Amazon S3 bucket. What is the ...EasyQ03A company wants to implement federated access to the AWS Management Console for its employees usi...MediumQ04A company is building a mobile application that requires users to sign in using their social medi...EasyQ05A security team wants to enforce MFA for all IAM users before they can terminate EC2 instances. H...Medium