Question

What is true about RDS Read Replicas encryption?

a) RDS Read Replicas cannot be encrypted
b) RDS Read Replicas are always encrypted using the same key as the primary instance
c) RDS Read Replicas can be encrypted with a different key than the primary instance
d) RDS Read Replicas are encrypted only if the primary instance is also encrypted

Answer 1

In Amazon RDS, Read Replicas can be encrypted with a different key than the primary instance. However, encryption of Read Replicas is contingent on the primary instance being encrypted first.

Step-by-step explanation:

The question pertains to the encryption options for Read Replicas in Amazon Relational Database Service (RDS). The correct answer is: RDS Read Replicas can be encrypted with a different key than the primary instance. This means that if you choose to, you can use a separate encryption key for the Read Replicas, allowing for additional security management flexibility. It is also important to note that RDS Read Replicas are only encrypted if the primary instance is encrypted. AWS does not allow an unencrypted primary instance to have encrypted Read Replicas.