You want to secure an RDS instance so only your application servers in a private subnet can connect, and data is encrypted at rest. Which combination is best?

hard📝 Application Q15 of 15

AWS - RDS and Relational Databases

ADisable encryption and allow inbound from 0.0.0.0/0 for easy access.

Enable <code>storage_encrypted</code> on RDS and configure security group to allow inbound from private subnet CIDR only.

CEnable encryption but allow inbound from all IPs to avoid connection issues.

DUse a public subnet for RDS and restrict access by username only.

Step-by-Step Solution

Solution:

Step 1: Enable storage encryption for data safety
Setting storage_encrypted ensures data is encrypted at rest.
Step 2: Restrict access via security group to private subnet
Allowing inbound only from private subnet CIDR limits access to trusted app servers.
Final Answer:
Enable storage_encrypted on RDS and configure security group to allow inbound from private subnet CIDR only. -> Option B
Quick Check:
Encryption + restricted SG = secure RDS [OK]

Quick Trick: Encrypt data and restrict SG to private subnet [OK]

Common Mistakes:

Allowing open access (0.0.0.0/0) to RDS
Disabling encryption for convenience
Using public subnet exposing RDS to internet

Master "RDS and Relational Databases" in AWS

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions

More AWS Quizzes

You want to secure an RDS instance so only your application servers in a private subnet can connect, and data is encrypted at rest. Which combination is best?

Step 1: Enable storage encryption for data safety

Step 2: Restrict access via security group to private subnet

Final Answer:

Quick Check:

Want More Practice?