Which of these configuration or deployment practices is…

Which of these configuration or deployment practices is a security risk for RDS?

Which of these configuration or deployment practices is a security risk for RDS?

A.
Storing SQL function code in plaintext

B.
Non-Multi-AZ RDS instance

C.
Having RDS and EC2 instances exist in the same subnet

D.
RDS in a public subnet

Explanation:
Making RDS accessible to the public internet in a public subnet poses a security risk, by making your database directly
addressable and spammable. DB instances deployed within a VPC can be configured to be accessible from the Internet
or from EC2 instances outside the VPC. If a VPC security group specifies a port access such as TCP port 22, you would
not be able to access the DB instance because the firewall for the DB instance provides access only via the IP addresses
specified by the DB security groups the instance is a member of and the port defined when the DB instance was created.
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.RDSSecurityGroups.html



Leave a Reply 1

Your email address will not be published. Required fields are marked *


Sadeel Anjum

Sadeel Anjum

D
DB’s are deployed in private subnets so its a security risk to deploy them in public subnet.
PS: The question asks about security risk not ‘Performance risk’ So B is not the answer 🙂