DBS-C01 Practice Test

A Database Specialist migrated an existing production MySQL database from on-premises to an Amazon RDS
for MySQL DB instance. However, after the migration, the database needed to be encrypted at rest using AWS
KMS. Due to the size of the database, reloading, the data into an encrypted database would be too
time-consuming, so it is not an option.
How should the Database Specialist satisfy this new requirement?

A.

Create a snapshot of the unencrypted RDS DB instance. Create an encrypted copy of the unencryptedsnapshot. Restore the encrypted snapshot copy.

B.

Modify the RDS DB instance. Enable the AWS KMS encryption option that leverages the AWS CLI.

C.

Restore an unencrypted snapshot into a MySQL RDS DB instance that is encrypted.

D.

Create an encrypted read replica of the RDS DB instance. Promote it the master

An AWS CloudFormation stack that included an Amazon RDS DB instance was accidentally deleted and
recent data was lost. A Database Specialist needs to add RDS settings to the CloudFormation template to
reduce the chance of accidental instance data loss in the future.
Which settings will meet this requirement? (Choose three.)

A.

Set DeletionProtection to True

B.

Set MultiAZ to True

C.

Set TerminationProtection to True

D.

Set DeleteAutomatedBackups to False

E.

Set DeletionPolicy to Delete

F.

Set DeletionPolicy to Retain

A company is hosting critical business data in an Amazon Redshift cluster. Due to the sensitive nature of the
data, the cluster is encrypted at rest using AWS KMS. As a part of disaster recovery requirements, the
company needs to copy the Amazon Redshift snapshots to another Region.
Which steps should be taken in the AWS Management Console to meet the disaster recovery requirements?

A.

Create a new KMS customer master key in the source Region. Switch to the destination Region, enable
Amazon Redshift cross-Region snapshots, and use the KMS key of the source Region.

B.

Create a new IAM role with access to the KMS key. Enable Amazon Redshift cross-Region replication
using the new IAM role, and use the KMS key of the source Region

C.

Enable Amazon Redshift cross-Region snapshots in the source Region, and create a snapshot copy grant
and use a KMS key in the destination Region.

D.

Create a new KMS customer master key in the destination Region and create a new IAM role with
access to the new KMS key. Enable Amazon Redshift cross-Region replication in the source Region and
use the KMS key of the destination Region

A Database Specialist is designing a disaster recovery strategy for a production Amazon DynamoDB table.
The table uses provisioned read/write capacity mode, global secondary indexes, and time to live (TTL). The
Database Specialist has restored the latest backup to a new table.
To prepare the new table with identical settings, which steps should be performed? (Choose two.)

A.

Re-create global secondary indexes in the new table

B.

Define IAM policies for access to the new table

C.

Define the TTL settings

D.

Encrypt the table from the AWS Management Console or use the update-table command

E.

Set the provisioned read and write capacity

A company is going to use an Amazon Aurora PostgreSQL DB cluster for an application backend. The DBcluster contains some tables with sensitive data. A Database Specialist needs to control the access privileges at
the table level.
How can the Database Specialist meet these requirements?

A.

Use AWS IAM database authentication and restrict access to the tables using an IAM policy.

B.

Configure the rules in a NACL to restrict outbound traffic from the Aurora DB cluster.

C.

Execute GRANT and REVOKE commands that restrict access to the tables containing sensitive data.

D.

Define access privileges to the tables containing sensitive data in the pg_hba.conf file.