AWS Certified Data Analytics – Specialty DAS-C01 – Question027

A banking company is currently using Amazon Redshift for sensitive data. An audit found that the current cluster is unencrypted. Compliance requires that a database with sensitive data must be encrypted using a hardware security module (HSM) with customer managed keys.
Which modifications are required in the cluster to ensure compliance?

A.
Create a new HSM-encrypted Amazon Redshift cluster and migrate the data to the new cluster.
B. Modify the DB parameter group with the appropriate encryption settings and then restart the cluster.
C. Enable HSM encryption in Amazon Redshift using the command line.
D. Modify the Amazon Redshift cluster from the console and enable encryption using the HSM option.

Correct Answer: A

Explanation:

Explanation:
When you modify your cluster to enable AWS KMS encryption, Amazon Redshift automatically migrates your data to a new encrypted cluster.
Reference: https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-db-encryption.html