AWS Certified Database – Specialty — Question 193

A company recently launched a mobile app that has grown in popularity during the last week. The company started development in the cloud and did not initially follow security best practices during development of the mobile app. The mobile app gives customers the ability to use the platform anonymously. Platform architects use Amazon ElastiCache for Redis in a VPC to manage session affinity (sticky sessions) and cookies for customers.

The company's security team now mandates encryption in transit and encryption at rest for all traffic. A database specialist is using the AWS CLI to comply with this mandate.

Which combination of steps should the database specialist take to meet these requirements? (Choose three.)

Answer options

• A. Create a manual backup of the existing Redis replication group by using the create-snapshot command. Restore from the backup by using the create-replication-group command
• B. Use the --transit-encryption-enabled parameter on the new Redis replication group
• C. Use the --at-rest-encryption-enabled parameter on the existing Redis replication group
• D. Use the --transit-encryption-enabled parameter on the existing Redis replication group
• E. Use the --at-rest-encryption-enabled parameter on the new Redis replication group
• F. Create a manual backup of the existing Redis replication group by using the CreateBackupSelection command. Restore from the backup by using the StartRestoreJob command

Correct answer: A, B, E

Explanation

The correct steps involve creating a backup of the existing Redis replication group and enabling encryption for both transit and at rest. Option A ensures the backup is made, while options B and E enable the necessary encryption settings for the new replication group. Options C and D are incorrect because they do not apply to the new replication group as required by the security mandate.