Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam DBS-C01 Topic 1 Question 89 Discussion

Actual exam question for Amazon's DBS-C01 exam
Question #: 89
Topic #: 1
[All DBS-C01 Questions]

A company uses an Amazon Redshift cluster to run its analytical workloads. Corporate policy requires that the company's data be encrypted at rest with customer managed keys. The company's disaster recovery plan requires that backups of the cluster be copied into another AWS Region on a regular basis.

How should a database specialist automate the process of backing up the cluster data in compliance with these policies?

Show Suggested Answer Hide Answer
Suggested Answer: B

According to the Amazon Redshift documentation1, you can enable database encryption for your clusters to help protect data at rest. You can use either AWS Key Management Service (AWS KMS) or a hardware security module (HSM) to manage the top-level encryption keys in this hierarchy. The process that Amazon Redshift uses for encryption differs depending on how you manage keys.

To copy encrypted snapshots across Regions, you need to create a snapshot copy grant in the destination Region and specify a CMK in that Region. You also need to configure cross-Region snapshots in the source Region and provide the destination Region, the snapshot copy grant, and retention periods for the snapshots. This way, you can automate the process of backing up the cluster data in compliance with the corporate policies.


by Alishia at Apr 11, 2024, 12:53 PM

Limited Time Offer

25%

Off

Get Premium DBS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
An
Yeah, I like the elegance of option C as well. Leveraging existing AWS services like Eventbridge, Lambda, and S3 replication makes a lot of sense here.
upvoted 0 times
...
Levi
I'm leaning towards option C. Using EventBridge and Lambda to automate the snapshot process, along with S3 Cross-Region Replication, seems like a robust and comprehensive solution.
upvoted 0 times
...
Edna
24 hours ago
Hmm, I'm leaning towards option C. Copying the KMS key to the destination region and using S3 Cross-Region Replication seems like a robust and automated solution.
upvoted 0 times
...
Willodean
2 days ago
I agree. The key is to properly set up the KMS keys and configure the cross-region snapshot replication. It's a good thing they're giving us multiple options to consider.
upvoted 0 times
...
Willie
2 days ago
You know, I'm a little concerned about the complexity of some of these solutions. Wouldn't it be simpler to just backup to an S3 bucket and let S3 handle the encryption and replication?
upvoted 0 times
...
Suzan
3 days ago
That's a good point. Option D does seem more straightforward in terms of the key management. But I'm not sure if that fully meets the requirement of using 'customer-managed' keys in both regions.
upvoted 0 times
...
Leslee
3 days ago
I think option B is the way to go. Creating a new KMS key in the destination Region and configuring cross-Region snapshots seems like the most straightforward approach.
upvoted 0 times
...
Buddy
4 days ago
Oh man, I hope they don't ask us to explain the intricacies of AWS KMS and cross-Region replication. That stuff always makes my head spin.
upvoted 0 times
...
Yvonne
6 days ago
Hmm, this is a tricky one. We need to make sure the backup process is fully automated and complies with the company's data encryption and disaster recovery policies.
upvoted 0 times
...
Mariko
8 days ago
This is a great question that really tests our understanding of AWS Redshift backup and encryption best practices. I'm feeling confident about this one.
upvoted 0 times
...

Save Cancel