AWS Certified SysOps Administrator – Associate (legacy) — Question 838

In the context of AWS Security Best Practices for RDS, if you require encryption or data integrity authentication of data at rest for compliance or other purposes, you can add protection at the _____ using SQL cryptographic functions.

Answer options

• A. physical layer
• B. security layer
• C. application layer
• D. data-link layer

Correct answer: C

Explanation

Using SQL cryptographic functions allows you to encrypt data before it is written, implementing security at the application layer. Other layers like the physical or data-link layers handle infrastructure and network transport, which cannot directly execute SQL cryptographic functions for data-at-rest protection. The security layer is not a standard OSI model layer where SQL functions are applied for database encryption.