AWS Certified Database – Specialty — Question 84

A company uses an Amazon RDS for PostgreSQL DB instance for its customer relationship management (CRM) system. New compliance requirements specify that the database must be encrypted at rest.
Which action will meet these requirements?

Answer options

• A. Create an encrypted copy of manual snapshot of the DB instance. Restore a new DB instance from the encrypted snapshot.
• B. Modify the DB instance and enable encryption.
• C. Restore a DB instance from the most recent automated snapshot and enable encryption.
• D. Create an encrypted read replica of the DB instance. Promote the read replica to a standalone instance.

Correct answer: A

Explanation

The correct answer is A, as creating an encrypted copy of a manual snapshot and restoring a new DB instance from it ensures that the new instance is encrypted at rest. Options B and C cannot be used to enable encryption on an existing DB instance, and option D does not directly address the requirement of encrypting the existing database at rest.