A user is connecting to a SQL Server on the Amazon RDS database. How should the user configure the connection parameters so that the client connection is protected against man-in-the-middle attack?

Answer options:

A.--ssl-ca=/home/myuser/rds-combined-ca-bundle.pem --ssl-mode=require
B.--ssl-ca=/home/myuser/rds-combined-ca-bundle.pem --ssl-mode=verify-full
C.encrypt=true;trustServerCertificate=true
D.encrypt=true;trustServerCertificate=false
E.Set ssl_server_dn_match property to true

Answer: D
Option A is incorrect because –ssl_mode parameter is used for client connection to MySQL databases using MySQL client.
Option B is incorrect because–ssl_mode parameter is used for client connection to MySQL databases using MySQL client.
Option C is incorrect because if the trustServerCertificate property is set to true, the client will skip validation of the server TLS certificate.
Option D is CORRECT because setting the trustServerCertificate property to false ensures that the client will validate the TLS certificate and confirm that the server is the correct server to connect to.
Option D is incorrect because these parameters are used when connecting to an Oracle database.
Reference:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/ssl-certificate-rotation-sqlserver.html
https://docs.microsoft.com/en-us/sql/connect/jdbc/connecting-with-ssl-encryption?view=sql-server-ver15