AWS Certified Database – Specialty — Question 165

A company is running a finance application on an Amazon RDS for MySQL DB instance. The application is governed by multiple financial regulatory agencies.
The RDS DB instance is set up with security groups to allow access to certain Amazon EC2 servers only. AWS KMS is used for encryption at rest.
Which step will provide additional security?

Answer options

• A. Set up NACLs that allow the entire EC2 subnet to access the DB instance
• B. Disable the master user account
• C. Set up a security group that blocks SSH to the DB instance
• D. Set up RDS to use SSL for data in transit

Correct answer: D

Explanation

Using SSL for data in transit (option D) ensures that sensitive information is encrypted while it travels between the application and the RDS instance, which is vital for compliance with financial regulations. The other options do not enhance security in the same way; for example, disabling the master user account (option B) could hinder management access, while blocking SSH (option C) does not impact data transmission security. Additionally, allowing access from the entire EC2 subnet (option A) could increase exposure to potential security threats.