ANS-C01 Network Implementation • Set 21
ANS-C01 Network Implementation Practice Test 21 — 15 questions with explanations. Free, no signup.
A financial services company is migrating its on-premises data center to AWS. The company has a three-tier application that consists of web servers, application servers, and a database. The application servers must communicate with the database using a private IP address. The database is hosted on an Amazon RDS for MySQL instance in a private subnet. The application servers are in a public subnet. The company has a security requirement that all traffic between the application servers and the database must be encrypted in transit. The network engineer has created a security group for the RDS instance that allows inbound traffic on port 3306 from the security group of the application servers. The engineer has also enabled encryption at rest for the RDS instance. During a security audit, it is discovered that traffic between the application servers and the database is not encrypted. The application team confirms that the application is configured to connect to the database using standard MySQL client library without any SSL/TLS options. The network engineer must ensure that all traffic between the application servers and the database is encrypted without modifying the application code. What should the network engineer do?