RDS 3 Flashcards

1
Q

Security

Is traffic encrypted in transit to RDS?

A

Not by default, but you can turn it on

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security

Can you make encryption in transit mandatory?

A

Yes, even on a per-user basis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Security

How does RDS encrypt data at rest?

A

KMS encryption of EBS volume.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Security

How do you remove encryption after you turn it on?

A

Can’t: it’s EBS under the covers with KMS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Security

What is TDE?

A

Transparent Data Encryption: standard for databases doing encryption at rest from inside their products

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Security

Which databases support TDE?

A

Microsoft SQL Server and Oracle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Security

Is TDE better or worse security than EBS-based?

A

Better: data is encrypted before it goes through the underlying OS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Security

What’s the most secure way to encrypt at-rest in RDS?

A

Oracle with TDE backed by CloudHSM: AWS has no access to any key material

How well did you know this?
1
Not at all
2
3
4
5
Perfectly