WHY A IS False? |
CONCEPT: Key Management Service (KMS) |
- .AWS Key Management Service (KMS) makes it easy for you to create and manage cryptographic keys and control their use. AWS KMS is a secure and resilient service that uses hardware security modules that have been validated under FIPS 140-2, or are in the process of being validated, to protect your keys.
- You cannot create an encrypted Read Replica from an unencrypted master DB instance. You also cannot enable encryption after launch time for the master DB instance. That's why we can't enable encryption using Key Management Service (KMS) when creating the cross-region Read Replica.
|
WHY B IS False? |
CONCEPT: Cross-Region Read Replica |
- You cannot create an encrypted Read Replica from an unencrypted master DB instance. You also cannot enable encryption after launch time for the master DB instance. That's why we can't encrypt a snapshot from the master DB instance, create an encrypted cross-region Read Replica from the snapshot.
|
WHY C IS False? |
CONCEPT: Cross-Region Read Replica |
.Similar reason as above.
|
WHY D IS True? |
CONCEPT: .Encrypted Master DB |
You cannot create an encrypted Read Replica from an unencrypted master DB instance. You also cannot enable encryption after launch time for the master DB instance. Therefore, you must create a new master DB by taking a snapshot of the existing DB, encrypting it, and then creating the new DB from the snapshot. You can then create the encrypted cross-region Read Replica of the master DB.
|
Short Trick |
"Master database is not encrypted" - For this you must create a new master DB by taking a snapshot of the existing DB, encrypting it, and then creating the new DB from the snapshot. You can then create the encrypted cross-region Read Replica of the master DB.
|
References: |
REFERNCED
DOCS
|