AWS Certified Database – Specialty — Question 209

A company uses an Amazon Aurora MySQL DB cluster with the most recent version of the MySQL database engine. The company wants all data that is transferred between clients and the DB cluster to be encrypted.

What should a database specialist do to meet this requirement?

Answer options

• A. Turn on data encryption when modifying the DB cluster by using the AWS Management Console or by using the AWS CLI to call the modify-db-cluster command.
• B. Download the key pair for the DB instance. Reference that file from the --key-name option when connecting with a MySQL client.
• C. Turn on data encryption by using AWS Key Management Service (AWS KMS). Use the AWS KMS key to encrypt the connections between a MySQL client and the Aurora DB cluster.
• D. Turn on the require_secure_transport parameter in the DB cluster parameter group. Download the root certificate for the DB instance. Reference that file from the --ssl-ca option when connecting with a MySQL client.

Correct answer: D

Explanation

The correct answer is D because enabling the require_secure_transport parameter ensures that all connections to the Aurora DB cluster use SSL/TLS encryption, providing secure data transmission. The option to download the root certificate and reference it with --ssl-ca is necessary for establishing a secure connection. The other options do not specifically address the requirement for encrypting the data in transit between clients and the DB cluster.