Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

AWS Cloud Practitioner Sale - Get a Chance to Win FREE Access to our new DEA Practice Exams

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Solutions Architect Associate Category: CSAA – Design Secure Architectures Question 8

  • Category: CSAA – Design Secure Architectures Question 8

  • Denzil77777

    Member
    April 11, 2024 at 5:47 pm

    Good day to you,

    Please see the attached. Question 8 from Category: CSAA – Design Secure Architectures.

    Clarification please, in relation to RDS, or any given database, while I think of a live airport and AWS Services!!

    Say for example, if Lufthansa, Emirates, Qantas, to name a few, who has now migrated to AWS, RDS.

    After the migration, if the airline IT, comes up with a requirement that all in-flight data between your web servers and RDS should be secured, I would say, as option One and Two, (1) obtain Amazon RDS Root CA certificate. Import the certificate to the related servers and configure the application to use SSL to encrypt the connection to RDS, and (2) Specify the (Transparent Data Encryption ) TDE option in an RDS option group that is associated with that DB instance to enable transparent data encryption (TDE). Correct me if I am wrong please.

    On the other hand, commenting on the CORRECT answer by dopo, if we are use rds.force_ssl, where the db instance must be rebooted. Though can be a valid approach, in terms of an AWS SAA C03, use, to fix the isse!!

    However, if the DB instance, which is holding all the Flight Data, in millions, plus more incoming data by the second, is now rebooting. While in this reboot process, there will be blackout in the airline operations. Air Traffic Controlled shall have zero visibility of the Flights!!

    Hence, which is the most appropriate approach, please?

    Kind Regards,

    Denzil

  • Neil-TutorialsDojo

    Member
    April 12, 2024 at 12:57 pm

    Hi Denzil,

    Thank you for posting here.

    Can you pls copy and paste the question for us to clearly see the Question? The image you attached is too small for me to see.

    Lastly, have you already seen the explanation provided for the answer to the question? Kindly check it again and let us know if exactly what’s the issue.

    Thank you

    Regards,
    Neil @ Tutorials Dojo

  • Denzil77777

    Member
    April 12, 2024 at 3:32 pm

    Hello Neil,

    Thank you for your response.

    The dojo practice question 08, is in short; After the migration, if the airline IT, comes up with a requirement that
    all in-flight data between your web servers and RDS should be secured,

    Then in other words I was clarifying, why “TDE option in an RDS option group that is associated with that DB
    instance to enable transparent data encryption (TDE)” is incorrect?

    Indeed, I read the “correct reply” from dojo; and what I was clarifying was, and commenting on the CORRECT answer provided by dopo, if we are to use, rds.force_ssl, where the db instance must be rebooted.


    Could a live instance be rebooted, in a live airport, a credit card RDS, or a bank which are having 24×7 operations?

    Kind Regards,

    Denzil

    • Neil-TutorialsDojo

      Member
      April 15, 2024 at 1:16 pm

      Hi Denzil,

      Thank you for clarifying your question.

      The scenario doesn’t mention that the application is from an airline or bank. I think you misunderstood the meaning of “all in-flight data.” Just to give you an idea, in-flight data is another term for data in transit or data in motion. The question is about the application, ASG, and the RDS DB instance.

      The option that says: Specifying the TDE option in an RDS option group that is associated with that DB instance to enable transparent data encryption (TDE) is incorrect because transparent data encryption (TDE) is primarily used to encrypt stored data on your DB instances running Microsoft SQL Server and not the data that is in transit. (as explained in the explanation)

      I hope this helps. Thank you

      Regards,
      Neil

  • Denzil77777

    Member
    April 15, 2024 at 4:12 pm

    Good day to you, Neil,

    Well now it is clear to me. It was confusing to me, (a) since 18 I am working for the aviation industry, airports, Air Traffic Control, Baggage Handling System, ICT for airports. Hence, my utter misunderstanding over ” in-flight data”. (b) In the SAA C03 training video, I cannot recall this term, ” in-flight data” . Or was a different term used in dojo training video’s?

    As regards to “ transparent data encryption (TDE) i” thank you clarifying that too. Quite honestly, I read, transparent as TRANSPORT!!! Severe mistake from me!!! I have to be careful at the exam.

    Appreciate you bearing with me and making matters clear to me.

    Kind Regards,

    Denzil

    • Neil-TutorialsDojo

      Member
      April 15, 2024 at 8:57 pm

      Hi Denzil,

      I see. There’s no problem with that. It’s my pleasure to help a fellow learner. If you have more questions or need clarification, please don’t hesitate to post here or on our Slack channel.

      Happy learning, Denzil!

      Cheers,
      Neil @ Tutorials Dojo

  • Denzil77777

    Member
    April 16, 2024 at 2:59 pm

    Good day to you, Neil

    Why thank you so much for that! Bless you for that.

    I have 53 days for my SAA C03 exam, and your response inspired me, to a GREAT, GREAT extend.

    You may have to bear up with me, because I might end up asking the same question thrice, I might ask stupid and foolish questions.

    For the kind of help you are offering, though I might not be able to reward you on Earth, you will be rewarded in the Kingdom!!

    Kind Regards,

    Denzil

Viewing 1 - 5 of 5 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now