AWS Certified Database – Specialty — Question 327

A company hosts an on-premises Microsoft SQL Server Enterprise edition database with Transparent Data Encryption (TDE) enabled. The database is 20 TB in size and includes sparse tables. The company needs to migrate the database to Amazon RDS for SQL Server during a maintenance window that is scheduled for an upcoming weekend. Data-at-rest encryption must be enabled for the target DB instance.
Which combination of steps should the company take to migrate the database to AWS in the MOST operationally efficient manner? (Choose two.)

Answer options

• A. Use AWS Database Migration Service (AWS DMS) to migrate from the on-premises source database to the RDS for SQL Server target database.
• B. Disable TDE. Create a database backup without encryption. Copy the backup to Amazon S3.
• C. Restore the backup to the RDS for SQL Server DB instance. Enable TDE for the RDS for SQL Server DB instance.
• D. Set up an AWS Snowball Edge device. Copy the database backup to the device. Send the device to AWS. Restore the database from Amazon S3.
• E. Encrypt the data with client-side encryption before transferring the data to Amazon RDS.

Correct answer: B, C

Explanation

Disabling TDE temporarily on-premises and creating an unencrypted backup allows for a native SQL Server backup and restore operation directly to Amazon S3, which is the most operationally efficient method for a database of this size. Once restored on Amazon RDS, TDE can be easily re-enabled on the target DB instance to fulfill the encryption requirement. Using AWS DMS (Option A) is not ideal for databases with sparse tables and a tight maintenance window, while shipping a Snowball device (Option D) cannot be completed within a single weekend.