AWS Certified Database – Specialty — Question 159

A company is running a two-tier ecommerce application in one AWS account. The application is backed by an Amazon RDS for MySQL Multi-AZ DB instance. A developer mistakenly deleted the DB instance in the production environment. The company restores the database, but this event results in hours of downtime and lost revenue.
Which combination of changes would minimize the risk of this mistake occurring in the future? (Choose three.)

Answer options

• A. Grant least privilege to groups, IAM users, and roles.
• B. Allow all users to restore a database from a backup.
• C. Enable deletion protection on existing production DB instances.
• D. Use an ACL policy to restrict users from DB instance deletion.
• E. Enable AWS CloudTrail logging and Enhanced Monitoring.

Correct answer: A, C, D

Explanation

Option A is correct as granting least privilege helps limit user capabilities, reducing the chance of accidental deletions. Option C is also appropriate since enabling deletion protection on production DB instances prevents them from being deleted without explicit steps. Option D is relevant as it restricts users from performing destructive actions on DB instances. Options B and E do not directly address the risk of accidental deletion.