Which solution addresses these requirements?

A financial company wants to store sensitive user data in an Amazon Aurora PostgreSQL DB cluster.The database will be accessed by multiple applications across the company.The company has mandated that all communications to the database be encrypted and the server identity must be validated.Any non-SSL- based connections should be disallowed access to the database.

Which solution addresses these requirements?

Set the rds.force_ssl=0 parameter in DB parameter groups. Download and use the Amazon RDS certificate bundle and configure the PostgreSQL connection string with sslmode=allow.

Set the rds.force_ssl=1 parameter in DB parameter groups. Download and use the Amazon RDS certificate bundle and configure the PostgreSQL connection string with sslmode=disable.

Set the rds.force_ssl=0 parameter in DB parameter groups. Download and use the Amazon RDS certificate bundle and configure the PostgreSQL connection string with sslmode=verify-ca.

Set the rds.force_ssl=1 parameter in DB parameter groups. Download and use the Amazon RDS certificate bundle and configure the PostgreSQL connection string with sslmode=verify-full.

Explanations:

Settingrds.force_ssl=0allows non-SSL connections, violating the mandate to disallow non-SSL connections.sslmode=allowdoes not enforce SSL and does not validate the server’s identity.

Settingrds.force_ssl=1ensures that SSL is required, butsslmode=disablewould disable SSL entirely, violating the requirement for encrypted communication and server identity validation.

Settingrds.force_ssl=0allows non-SSL connections, violating the requirement to disallow non-SSL connections.sslmode=verify-cadoes not validate the server’s full identity, which is required.

Settingrds.force_ssl=1enforces SSL connections.sslmode=verify-fullrequires SSL encryption and validates the server’s identity, meeting all the security requirements.

Learn & move to cloud

Which solution addresses these requirements?

Explanations:

Leave a Reply Cancel reply