Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

$2 OFF ALL AWS, Azure, Google Cloud & Kubernetes Practice Exams!

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Security – Specialty Section-Based – Data Protection (Security)

  • Section-Based – Data Protection (Security)

  • Zackn

    Member
    October 7, 2021 at 4:08 am

    The question is:

    An application hosted in an Amazon ECS Cluster is using an Amazon RDS database instance encrypted at rest with AWS Key Management Service (KMS). To improve data resiliency, the Security Administrator must create a cross-region read replica of the database instance in another AWS Region.

    What should the Administrator do to complete this task?

    The correct answer was:

    Set up a new CMK in the other region using AWS KMS. Create the encrypted read replica in another AWS Region by specifying the key identifier of the newly created CMK in the other Region.

    Please note that KMS does now support multi-region KMS keys, which renders the answer wrong as we wont need to setup a new CMK in another region:

    https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html

  • Carlo-TutorialsDojo

    Administrator
    October 8, 2021 at 3:18 am

    Hello Zackn,

    Thanks for the feedback.

    It appears that this change is quite new. It was added last August 30. Take note that it’ll take around 6 months for new services/features to be incorporated into the actual exam as per AWS Certification FAQs.

    We will eventually update this item once we’ve confirmed it in the exam.

    Regards,

    Carlo @ Tutorials Dojo

Viewing 1 - 2 of 2 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now