AWS Certified Database – Specialty — Question 255

A company is using an Amazon Aurora PostgreSQL database for a project with a government agency. All database communications must be encrypted in transit. All non-SSL/TLS connection requests must be rejected.

What should a database specialist do to meet these requirements?

Answer options

• A. Set the rds.force_ssl parameter in the DB cluster parameter group to default.
• B. Set the rds.force_ssl parameter in the DB cluster parameter group to 1.
• C. Set the rds.force_ssl parameter in the DB cluster parameter group to 0.
• D. Set the SQLNET.SSL_VERSION option in the DB cluster option group to 1.2.

Correct answer: B

Explanation

Setting the rds.force_ssl parameter to 1 ensures that only SSL/TLS connections are accepted, thereby encrypting all database communications in transit. The other options are incorrect as setting it to default or 0 would allow non-encrypted connections, while option D pertains to a different parameter unrelated to the requirement for SSL enforcement.