A SysOps administrator wants to encrypt an existing Amazon RDS DB instance with AWS Key Management Service (AWS KMS). How should the SysOps administrator accomplish this goal?
A) Copy the data volumes of the unencrypted instance. Apply the KMS key to the copied data volumes. Start the instance with the encrypted volumes.
B) Create a read replica of the unencrypted instance. Encrypt the read replica with the KMS key. Promote the read replica to become the primary instance.
C) Take a snapshot of the unencrypted instance. Apply the KMS key to the existing instance using the modify-db-instance command. Restart the instance.
D) Take a snapshot of the unencrypted instance. Create an encrypted copy of the snapshot with the KMS key. Restore the instance from the encrypted snapshot.

Question

Quizplus · Accepted Answer

The Answer of A SysOps administrator wants to encrypt an existing Amazon RDS DB instance with AWS Key Management Service (AWS KMS). How should the SysOps administrator accomplish this goal?
A) Copy the data volumes of the unencrypted instance. Apply the KMS key to the copied data volumes. Start the instance with the encrypted volumes.
B) Create a read replica of the unencrypted instance. Encrypt the read replica with the KMS key. Promote the read replica to become the primary instance.
C) Take a snapshot of the unencrypted instance. Apply the KMS key to the existing instance using the modify-db-instance command. Restart the instance.
D) Take a snapshot of the unencrypted instance. Create an encrypted copy of the snapshot with the KMS key. Restore the instance from the encrypted snapshot.

A SysOps Administrator Wants to Encrypt an Existing Amazon RDS