AWS Certified Database – Specialty – Question204

A company conducted a security audit of its AWS infrastructure. The audit identified that data was not encrypted in transit between application servers and a MySQL database that is hosted in Amazon RDS.
After the audit, the company updated the application to use an encrypted connection. To prevent this problem from occurring again, the company's database team needs to configure the database to require in- transit encryption for all connections.
Which solution will meet this requirement?

A.
Update the parameter group in use by the DB instance, and set the require_secure_transport parameter to ON.
B. Connect to the database, and use ALTER USER to enable the REQUIRE SSL option on the database user.
C. Update the security group in use by the DB instance, and remove port 80 to prevent unencrypted connections from being established.
D. Update the DB instance, and enable the Require Transport Layer Security option.

Correct Answer: A

Explanation:

Explanation:
You can set the require_secure_transport parameter to ON to require SSL/TLS for connections to your DB cluster.
Reference: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora…