Home › Forums › AWS › AWS Certified Security – Specialty › Section-Based – Data Protection (Security)
-
Section-Based – Data Protection (Security)
-
The question is:
An application hosted in an Amazon ECS Cluster is using an Amazon RDS database instance encrypted at rest with AWS Key Management Service (KMS). To improve data resiliency, the Security Administrator must create a cross-region read replica of the database instance in another AWS Region.
What should the Administrator do to complete this task?
The correct answer was:
Set up a new CMK in the other region using AWS KMS. Create the encrypted read replica in another AWS Region by specifying the key identifier of the newly created CMK in the other Region.
Please note that KMS does now support multi-region KMS keys, which renders the answer wrong as we wont need to setup a new CMK in another region:
https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html
-
Hello Zackn,
Thanks for the feedback.
It appears that this change is quite new. It was added last August 30. Take note that it’ll take around 6 months for new services/features to be incorporated into the actual exam as per AWS Certification FAQs.
We will eventually update this item once we’ve confirmed it in the exam.
Regards,
Carlo @ Tutorials Dojo
Log in to reply.