AWS Certified Database – Specialty — Question 221

A company is using an Amazon Aurora PostgreSQL DB cluster for a project. A database specialist must ensure that the database is encrypted at rest. The database size is 500 GB.

What is the FASTEST way to secure the data through encryption at rest in the DB cluster?

Answer options

• A. Take a manual snapshot of the unencrypted DB cluster. Create an encrypted copy of that snapshot in the same AWS Region as the unencrypted snapshot. Restore a DB cluster from the encrypted snapshot.
• B. Create an AWS Key Management Service (AWS KMS) key in the same AWS Region and create a new encrypted Aurora cluster using this key.
• C. Take a manual snapshot of the unencrypted DB cluster. Restore the unencrypted snapshot to a new encrypted Aurora PostgreSQL DB cluster.
• D. Create a new encrypted Aurora PostgreSQL DB cluster. Use AWS Database Migration Service (AWS DMS) to migrate the data from the unencrypted DB cluster to the encrypted DB cluster.

Correct answer: C

Explanation

The fastest way to ensure encryption at rest is to take a manual snapshot of the unencrypted DB cluster and restore it directly to a new encrypted Aurora PostgreSQL DB cluster, which is option C. Option A involves creating an encrypted copy of a snapshot, which takes longer. Option B requires setting up a new cluster, which also does not offer immediate encryption of the existing database. Option D involves migrating the data, adding unnecessary complexity and time.