A user is using MySQL to connect to Amazon Aurora MySQL DB Cluster. How should the user configure the connection parameters so that the client connection is protected against man-in-the-middle attack?

Answer options:

A.--ssl-ca=/home/myuser/rds-combined-ca-bundle.pem --ssl-mode=require
B.--ssl-ca=/home/myuser/rds-combined-ca-bundle.pem --ssl-mode=verify-full
C.encrypt=true;trustServerCertificate=true
D.Set ssl_server_dn_match property to true

Answer: B
Option A is incorrect because –ssl_mode=require parameter ensures that the connection is encrypted. However, it does not perform verification of the certificate to ensure that the server is trusted.
Option B is CORRECT because –ssl_mode=verify-full ensures that the client connection is encrypted and performs validation of the certificate to ensure that the server is trusted.
Option C is incorrect because these parameters are used in the connection string to a SQL Server database.
Option D is incorrect because these parameters are used when connecting to an Oracle database.
Reference:
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Security.html#AuroraPostgreSQL.Security.SSL
https://www.postgresql.org/docs/9.1/libpq-ssl.html