Which solution will meet this requirement?

By:
In: DBS-C01
Tagged:
With: 1 Comment
A company conducted a security audit of its AWS infrastructure. The audit identified that data was not encrypted in transit between application servers and aMySQL database that is hosted in Amazon RDS.After the audit, the company updated the application to use an encrypted connection. To prevent this problem from occurring again, the company’s database team needs to configure the database to require in-transit encryption for all connections.

Which solution will meet this requirement?

Update the parameter group in use by the DB instance, and set the require_secure_transport parameter to ON.

Connect to the database, and use ALTER USER to enable the REQUIRE SSL option on the database user.

Update the security group in use by the DB instance, and remove port 80 to prevent unencrypted connections from being established.

Update the DB instance, and enable the Require Transport Layer Security option.

Explanations:

Therequire_secure_transportparameter enforces SSL/TLS encryption for all connections to the RDS instance, ensuring that all communications are encrypted in transit.

TheREQUIRE SSLoption is an SQL command used for MySQL user-level SSL enforcement, but it does not enforce encryption at the RDS instance level, which is required in this case.

Security groups control network traffic, not encryption. Removing port 80 only blocks HTTP traffic, but does not enforce encryption for MySQL connections.

There is noRequire Transport Layer Securityoption in RDS settings. The encryption enforcement is done via therequire_secure_transportparameter.

2025-10-02

1 Comment

  1. Arthur
    Author

    My best guess is:
    Update the parameter group in use by the DB instance, and set the require_secure_transport parameter to ON.

Leave a Reply

Your email address will not be published. Required fields are marked *

3 + nine =