AWS Certified Database – Specialty — Question 251

A database specialist needs to replace the encryption key for an Amazon RDS DB instance. The database specialist needs to take immediate action to ensure security of the database.

Which solution will meet these requirements?

Answer options

• A. Modify the DB instance to update the encryption key. Perform this update immediately without waiting for the next scheduled maintenance window.
• B. Export the database to an Amazon S3 bucket. Import the data to an existing DB instance by using the export file. Specify a new encryption key during the import process.
• C. Create a manual snapshot of the DB instance. Create an encrypted copy of the snapshot by using a new encryption key. Create a new DB instance from the encrypted snapshot.
• D. Create a manual snapshot of the DB instance. Restore the snapshot to a new DB instance. Specify a new encryption key during the restoration process.

Correct answer: C

Explanation

The correct answer is C because creating a manual snapshot and then making an encrypted copy with a new encryption key directly addresses the need for immediate security enhancement. Options A, B, and D either do not allow for immediate changes or involve additional steps that do not directly meet the requirement of replacing the encryption key swiftly.