Happy to Announce Our New Discussion Forum | Join Now

WhizQuiz Nov 26th, 2018


#1

You design an EMR system where you will be processing highly confidential data and for auditing purpose. What can you do to ensure encryption of data both at rest and in-flight?
Choose the 2 possible correct answers:

  • A. Data moving between nodes in a cluster and Data moving from EMR to S3, or vice versa
  • B. Data residing on Amazon S3 or Data resigned in attached EBS Volumes on the EC2 Instances.
  • C. EC2 instance store volumes except the root volume and the attached Amazon EBS volumes of cluster instances
  • D. All EC2 instance disk volumes of cluster instances

0 voters


#2

Answers - A and C

Answer A is correct since they are data in-transient (in-flight). See below the AWS document

Answer B is partial correct: Encrypt Data residing on Amazon S3; Encrypt EBS Volumes instead the data

Answer C is correct: Encrypt EC2 instance store volumes (except boot volumes) and the attached EBS volumes of cluster instances

Answer D is incorrect: EC2 instance store boot volume is not Encrypted

The AWS Documentation mentions the following for encryption of data in rest and transit when using the EMR service

Data at rest
Data residing on Amazon S3—S3 client-side encryption with EMR
Data residing on disk—the Amazon EC2 instance store volumes (except boot volumes) and the attached Amazon EBS volumes of cluster instances are encrypted using Linux Unified Key System (LUKS)
Data in transit

Data in transit from EMR to S3, or vice versa—S3 client-side encryption with EMR
Data in transit between nodes in a cluster—in-transit encryption via Secure Sockets Layer (SSL) for MapReduce and Simple Authentication and Security Layer (SASL) for Spark shuffle encryption
Data being spilled to disk or cached during a shuffle phase—Spark shuffle encryption or LUKS encryption
For more information on securing EMR, please refer to the below URL:


And General information for EMR

https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-instances.html#w2ab1c18c25c17

The correct answers are: Data moving between nodes in a cluster and Data moving from EMR to S3, or vice versa, EC2 instance store volumes except the root volume and the attached Amazon EBS volumes of cluster instances


#3

Hi,
Using security configuration we can encrypt data both at rest and in-transit. The following blog form Amazon provides us the steps to configure.


So, the answers for this question are A & C.

Thanks
Viswanath


#4

Option A and C correct.

Option A

  • Data in transit from EMR to S3, or vice versa—S3 client side encryption with EMR
  • Data in transit between nodes in a cluster—in-transit encryption via Secure Sockets Layer (SSL) for MapReduce and Simple Authentication and Security Layer (SASL) for Spark shuffle encryption

Option B states Data residing in S3 is encrypted which is correct. But data residing in attached EBS volume of an EC2 instance will be encrypted only if the volume is encrypted . So it is not a complete solution. But please note that the attached EBS volumes of cluster instances are encrypted using LUKS.


Option A is correct.
Option B is incorrect.
Option C is correct.


#5

Good Blog.
Spark and Scala Online Training