Which step will provide additional security?

By:
In: DBS-C01
Tagged:
With: 1 Comment
A company is running a finance application on an Amazon RDS for MySQL DB instance.The application is governed by multiple financial regulatory agencies.The RDS DB instance is set up with security groups to allow access to certain Amazon EC2 servers only.AWS KMS is used for encryption at rest.

Which step will provide additional security?

Set up NACLs that allow the entire EC2 subnet to access the DB instance

Disable the master user account

Set up a security group that blocks SSH to the DB instance

Set up RDS to use SSL for data in transit

Explanations:

Allowing the entire EC2 subnet to access the DB instance weakens security by giving broader access than necessary. Security best practices recommend restricting access to only the required EC2 instances.

Disabling the master user account is not recommended. The master account is necessary for managing the DB instance, and disabling it would prevent necessary administrative operations.

Blocking SSH to the DB instance using security groups is unnecessary and could interfere with legitimate administrative tasks. RDS instances do not use SSH for administration.

Enabling SSL for data in transit ensures that data transmitted between the application and the RDS DB instance is encrypted, protecting it from interception or tampering, which enhances overall security.

2025-10-03

1 Comment

  1. Martha
    Author

    I conclude that the answer is:
    Set up RDS to use SSL for data in transit

Leave a Reply

Your email address will not be published. Required fields are marked *

5 × 1 =