-
Category: CSAA – Design Secure Architectures Question 8
updated 1 week, 6 days ago
2 Members
·
7
Posts
-
Good day to you,
Please see the attached. Question 8 from Category: CSAA – Design Secure Architectures.
Clarification please, in relation to RDS, or any given database, while I think of a live airport and AWS Services!!
Say for example, if Lufthansa, Emirates, Qantas, to name a few, who has now migrated to AWS, RDS.
After the migration, if the airline IT, comes up with a requirement that all in-flight data between your web servers and RDS should be secured, I would say, as option One and Two, (1) obtain Amazon RDS Root CA certificate. Import the certificate to the related servers and configure the application to use SSL to encrypt the connection to RDS, and (2) Specify the (Transparent Data Encryption ) TDE option in an RDS option group that is associated with that DB instance to enable transparent data encryption (TDE). Correct me if I am wrong please.
On the other hand, commenting on the CORRECT answer by dopo, if we are use rds.force_ssl, where the db instance must be rebooted. Though can be a valid approach, in terms of an AWS SAA C03, use, to fix the isse!!
However, if the DB instance, which is holding all the Flight Data, in millions, plus more incoming data by the second, is now rebooting. While in this reboot process, there will be blackout in the airline operations. Air Traffic Controlled shall have zero visibility of the Flights!!
Hence, which is the most appropriate approach, please?
Kind Regards,
Denzil
-
Hi Denzil,
Thank you for posting here.
Can you pls copy and paste the question for us to clearly see the Question? The image you attached is too small for me to see.
Lastly, have you already seen the explanation provided for the answer to the question? Kindly check it again and let us know if exactly what’s the issue.
Thank you
Regards,
Neil @ Tutorials Dojo
-
Hello Neil,
Thank you for your response.
The dojo practice question 08, is in short; After the migration, if the airline IT, comes up with a requirement that
all in-flight data between your web servers and RDS should be secured,Then in other words I was clarifying, why “TDE option in an RDS option group that is associated with that DB
instance to enable transparent data encryption (TDE)” is incorrect?Indeed, I read the “correct reply” from dojo; and what I was clarifying was, and commenting on the CORRECT answer provided by dopo, if we are to use, rds.force_ssl, where the db instance must be rebooted.
Could a live instance be rebooted, in a live airport, a credit card RDS, or a bank which are having 24×7 operations?
Kind Regards,
Denzil
-
Hi Denzil,
Thank you for clarifying your question.
The scenario doesn’t mention that the application is from an airline or bank. I think you misunderstood the meaning of “all in-flight data.” Just to give you an idea, in-flight data is another term for data in transit or data in motion. The question is about the application, ASG, and the RDS DB instance.
The option that says: Specifying the TDE option in an RDS option group that is associated with that DB instance to enable transparent data encryption (TDE) is incorrect because transparent data encryption (TDE) is primarily used to encrypt stored data on your DB instances running Microsoft SQL Server and not the data that is in transit. (as explained in the explanation)
I hope this helps. Thank you
Regards,
Neil
-
-
Good day to you, Neil,
Well now it is clear to me. It was confusing to me, (a) since 18 I am working for the aviation industry, airports, Air Traffic Control, Baggage Handling System, ICT for airports. Hence, my utter misunderstanding over ” in-flight data”. (b) In the SAA C03 training video, I cannot recall this term, ” in-flight data” . Or was a different term used in dojo training video’s?
As regards to “ transparent data encryption (TDE) i” thank you clarifying that too. Quite honestly, I read, transparent as TRANSPORT!!! Severe mistake from me!!! I have to be careful at the exam.
Appreciate you bearing with me and making matters clear to me.
Kind Regards,
Denzil
-
Hi Denzil,
I see. There’s no problem with that. It’s my pleasure to help a fellow learner. If you have more questions or need clarification, please don’t hesitate to post here or on our Slack channel.
Happy learning, Denzil!
Cheers,
Neil @ Tutorials Dojo
-
-
Good day to you, Neil
Why thank you so much for that! Bless you for that.
I have 53 days for my SAA C03 exam, and your response inspired me, to a GREAT, GREAT extend.
You may have to bear up with me, because I might end up asking the same question thrice, I might ask stupid and foolish questions.
For the kind of help you are offering, though I might not be able to reward you on Earth, you will be rewarded in the Kingdom!!
Kind Regards,
Denzil
Log in to reply.