Encrypt database

[aravind_hariharaputran]

A Database Specialist migrated an on-premises MySQL database to an Amazon RDS for MySQL DB instance using AWS DMS. The RDS database needed to be encrypted at rest using a CMK in AWS KMS. Due to time constraints, the database encryption must be done immediately for the project to proceed.

What approach must the Database Specialist implement to meet this requirement?
Options

1.On the Amazon RDS console, select the unencrypted database and toggle the Enable encryption option to automatically encrypt the existing database.

2.Create an encrypted read replica of the Amazon RDS MySQL DB instance. Promote the read replica as an encrypted standalone DB instance then terminate the unencrypted RDS DB instance.

3.Launch a new encrypted Amazon RDS MySQL DB instance. Use AWS DMS to migrate the data of the unencrypted Amazon RDS MySQL DB instance to the encrypted database.

4.Create a snapshot of the unencrypted Amazon RDS MySQL DB instance and then create an encrypted copy of that snapshot. Launch a new RDS instance by restoring the encrypted snapshot copy then terminate the unencrypted RDS DB instance.

As per Dojo tutorial Right answer is option 4.

Create a snapshot of the unencrypted Amazon RDS MySQL DB instance and then create an encrypted copy of that snapshot. Launch a new RDS instance by restoring the encrypted snapshot copy then terminate the unencrypted RDS DB instance.

CONFLICT : In multiple other questions it is mentioned that ,”you cannot create an encrypted copy from an uncrypted copy snapshot”. Which make sense. we can encrypt during the snapshot copy process but just can’t simply change uncrypted to encyrpted. if that is true shouldnt the answer be option 3 ?????