Question #823
A company is deploying a high-transaction database on a cluster of Amazon EC2 instances. The database uses attached Amazon EBS volumes for storage, which are created during deployment. All stored data must be encrypted due to regulatory requirements, and the solution must not degrade database performance.
Which solution meets these requirements?
Use encrypted EBS volumes for the database storage.
Store all data in an encrypted Amazon RDS instance instead.
Implement a proprietary encryption method within the application to handle data encryption.
Use an AMI with an encrypted root volume and store data on instance store volumes.
Explanation
Answer A is correct because:
- Encrypted EBS Volumes: AWS EBS volumes support encryption at rest using AWS KMS. Data, snapshots, and volumes created from snapshots are automatically encrypted, ensuring compliance with regulatory requirements.
- Performance: Encryption/decryption is handled transparently by AWS with minimal latency, avoiding performance degradation for high-transaction databases.
Other options are incorrect because:
- B: Amazon RDS shifts the architecture away from EC2/EBS, which contradicts the question's setup.
- C: Proprietary encryption adds application overhead, risking performance and security gaps.
- D: Instance store volumes are ephemeral and not encrypted by default, failing compliance.
Key Points: Use AWS-managed encryption (EBS encryption) for compliance and performance. Avoid application-layer encryption or non-persistent storage.
Answer
The correct answer is: A