Question #1264
A company uses Amazon Aurora and wants to ensure that both the primary database instance and its automated backups are encrypted. According to the AWS shared responsibility model, which party is responsible for enabling encryption for the database instances and their backups?
AWS
The company
AWS Marketplace partners
Third-party partners
Explanation
Under the AWS shared responsibility model, AWS manages the security of the cloud (e.g., infrastructure, hardware, and software), while the customer (the company) is responsible for security in the cloud, including data encryption. For Amazon Aurora, encryption for database instances and automated backups is optional and must be explicitly enabled by the customer during database creation. AWS cannot retroactively encrypt existing unencrypted instances or backups. Since encryption configuration is a customer-controlled setting, the company bears the responsibility for enabling it. Options A, C, and D are incorrect because AWS only provides the tools (e.g., AWS KMS), and third parties are not involved in this process. Key takeaway: Customers must enable encryption for Aurora instances and backups; AWS does not enforce it by default.
Answer
The correct answer is: B