SAP-C02 第 393 题
题目
A company is migrating an on-premises application and a MySQL database to AWS. The application processes highly sensitive data, and new data is constantly updated in the database. The data must not be transferred over the internet. The company also must encrypt the data in transit and at rest. The database is 5 TB in size. The company already has created the database schema in an Amazon RDS for MySQL DB instance. The company has set up a 1 Gbps AWS Direct Connect connection to AWS. The company also has set up a public VIF and a private VIF. A solutions architect needs to design a solution that will migrate the data to AWS with the least possible downtime. Which solution will meet these requirements?
中文翻译:
一家公司正在将本地应用程序和 MySQL 数据库迁移到 AWS。应用程序处理高度敏感的数据,新数据在数据库中不断更新。数据不得通过互联网传输。公司还必须对传输中和静态的数据进行加密。该数据库大小为 5 TB。该公司已在 Amazon RDS for MySQL 数据库实例中创建了数据库架构。该公司已建立与 AWS 的 1 Gbps AWS Direct Connect 连接。该公司还设立了公共 VIF 和私人 VIF。解决方案架构师需要设计一种解决方案,以尽可能少的停机时间将数据迁移到 AWS。哪种解决方案可以满足这些要求?
选项
A. Perform a database backup. Copy the backup files to an AWS Snowball Edge Storage Optimized device. Import the backup to Amazon S3. Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) for encryption at rest. Use TLS for encryption in transit. Import the data from Amazon S3 to the DB instance.
中文翻译:
执行数据库备份。将备份文件复制到 AWS Snowball Edge Storage Optimized 设备。将备份导入到 Amazon S3。使用服务器端加密和 Amazon S3 托管加密密钥 (SSE-S3) 进行静态加密。使用 TLS 进行传输加密。将数据从 Amazon S3 导入到数据库实例。
B. Use AWS Database Migration Service (AWS DMS) to migrate the data to AWS. Create a DMS replication instance in a private subnet. Create VPC endpoints for AWS DMS. Configure a DMS task to copy data from the on-premises database to the DB instance by using full load plus change data capture (CDC). Use the AWS Key Management Service (AWS KMS) default key for encryption at rest. Use TLS for encryption in transit.
中文翻译:
使用 AWS Database Migration Service (AWS DMS) 将数据迁移到 AWS。在私有子网中创建 DMS 复制实例。为 AWS DMS 创建 VPC 终端节点。配置 DMS 任务以使用完全加载加更改数据捕获 (CDC) 将数据从本地数据库复制到数据库实例。使用 AWS Key Management Service (AWS KMS) 默认密钥进行静态加密。使用 TLS 进行传输加密。
C. Perform a database backup. Use AWS DataSync to transfer the backup files to Amazon S3. Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) for encryption at rest. Use TLS for encryption in transit. Import the data from Amazon S3 to the DB instance.
中文翻译:
执行数据库备份。使用 AWS DataSync 将备份文件传输到 Amazon S3。使用服务器端加密和 Amazon S3 托管加密密钥 (SSE-S3) 进行静态加密。使用 TLS 进行传输加密。将数据从 Amazon S3 导入到数据库实例。
D. Use Amazon S3 File Gateway. Set up a private connection to Amazon S3 by using AWS PrivateLink. Perform a database backup. Copy the backup files to Amazon S3. Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) for encryption at rest. Use TLS for encryption in transit. Import the data from Amazon S3 to the DB instance.
中文翻译:
使用 Amazon S3 文件网关。使用 AWS PrivateLink 设置与 Amazon S3 的私有连接。执行数据库备份。将备份文件复制到 Amazon S3。使用服务器端加密和 Amazon S3 托管加密密钥 (SSE-S3) 进行静态加密。使用 TLS 进行传输加密。将数据从 Amazon S3 导入到数据库实例。
答案
B
解析
正确答案:B 解析: 本题应选择 B。 正确选项: B. 使用 AWS Database Migration Service (AWS DMS) 将数据迁移到 AWS。在私有子网中创建 DMS 复制实例。为 AWS DMS 创建 VPC 终端节点。配置 DMS 任务以使用完全加载加更改数据捕获 (CDC) 将数据从本地数据库复制到数据库实例。使用 AWS Key Management Service (AWS KMS) 默认密钥进行静态...