AWS Certified SysOps Administrator – Associate — Question 109

A company is hosting applications on Amazon EC2 instances. The company is hosting a database on an Amazon RDS for PostgreSQL DB instance. The company requires all connections to the DB instance to be encrypted.

What should a SysOps administrator do to meet this requirement?

Answer options

• A. Allow SSL connections to the database by using an inbound security group rule.
• B. Encrypt the database by using an AWS Key Management Service (AWS KMS) encryption key.
• C. Enforce SSL connections to the database by using a custom parameter group.
• D. Patch the database with SSL/TLS by using a custom PostgreSQL extension.

Correct answer: C

Explanation

The correct answer is C because enforcing SSL connections through a custom parameter group ensures that all connections to the database are secured with encryption. Option A only allows SSL connections but does not enforce them, while option B focuses on data encryption at rest rather than encrypting connections. Option D is not a standard method for enabling SSL connections in PostgreSQL.