What should a database specialist do to meet these requirements?

By:
On:
In: DBS-C01
Tagged:
With: 0 Comments
A company is using an Amazon Aurora PostgreSQL database for a project with a government agency.All database communications must be encrypted in transit.All non-SSL/TLS connection requests must be rejected.

What should a database specialist do to meet these requirements?

Set the rds.force_ssl parameter in the DB cluster parameter group to default.

Set the rds.force_ssl parameter in the DB cluster parameter group to 1.

Set the rds.force_ssl parameter in the DB cluster parameter group to 0.

Set the SQLNET.SSL_VERSION option in the DB cluster option group to 1.2.

Explanations:

Therds.force_sslparameter set to “default” does not ensure SSL/TLS enforcement, and it doesn’t reject non-SSL connections.

Settingrds.force_sslto 1 forces SSL/TLS encryption and rejects non-SSL/TLS connections, meeting the requirements.

Settingrds.force_sslto 0 allows non-SSL/TLS connections, which violates the requirement to reject non-SSL connections.

TheSQLNET.SSL_VERSIONis an Oracle-specific parameter, not relevant to PostgreSQL, so it does not apply in this case.

Leave a Reply

Your email address will not be published. Required fields are marked *

one × 2 =