AWS Certified SysOps Administrator SOA-C01 – Question501

In the context of AWS Security Best Practices for RDS, if you require encryption or data integrity authentication of data at rest for compliance or other purposes, you can add protection at the _____ using SQL cryptographic functions.

A.
physical layer
B. security layer
C. application layer
D. data-link layer

Correct Answer: C

Explanation:

Explanation: Amazon RDS leverages the same secure infrastructure as Amazon EC2. You can use the Amazon RDS service without additional protection, but if you require encryption or data integrity authenti-cation of data at rest for compliance or other purposes, you can add protection at the application layer, or at the platform layer using SQL cryptographic functions. Reference:
https://d0.awsstatic.com/whitepapers/aws-security-best-practices.pdf