ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified SysOps Administrator - Associate All Questions

View all questions & answers for the AWS Certified SysOps Administrator - Associate exam
Go to Exam

Exam AWS Certified SysOps Administrator - Associate topic 1 question 255 discussion

Exam question from Amazon's AWS Certified SysOps Administrator - Associate
Question #: 255
Topic #: 1
[All AWS Certified SysOps Administrator - Associate Questions]

A SysOps administrator is helping a development team deploy an application to AWS. The AWS CloudFormation template includes an Amazon Linux EC2 instance, an Amazon Aurora DB cluster, and a hardcoded database password that must be rotated every 90 days.

What is the MOST secure way to manage the database password?

  • A. Use the AWS::SecretsManager::Secret resource with the GenerateSecretString property to automatically generate a password. Use the AWS::SecretsManager::RotationSchedule resource to define a rotation schedule for the password. Configure the application to retrieve the secret from AWS Secrets Manager to access the database.
  • B. Use the AWS::SecretsManager::Secret resource with the SecretString property Accept a password as a CloudFormation parameter Use the AllowedPattern property of the CloudFormation parameter to require a minimum length, uppercase and lowercase letters, and special characters. Configure the application to retrieve the secret from AWS Secrets Manager to access the database.
  • C. Use the AWS::SSM::Parameter resource. Accept input as a CloudFormation parameter to store the parameter as a secure string. Configure the application to retrieve the parameter from AWS Systems Manager Parameter Store to access the database.
  • D. Use the AWS::SSM::Parameter resource. Accept input as a CloudFormation parameter to store the parameter as a string. Configure the application to retrieve the parameter from AWS Systems Manager Parameter Store to access the database.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by csG13 at March 8, 2023, 6:03 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
csG13
Highly Voted 2 years, 1 month ago
Selected Answer: A
A - although B looks plausible as well, using the pattern in B won’t rotate the secret every 90 days.
upvoted 6 times
...
Aamee
Most Recent 5 months, 3 weeks ago
Selected Answer: A
Question specifically asks for this: "a hardcoded database password that must be rotated every 90 days." , means the method for rotating the hardcoded password every 90 days is mentioned only in option A. Whereas, all other options don't have that method defined in their methods so a big clue already in option A for those who get it.
upvoted 1 times
...
Gomer
2 years ago
Selected Answer: A
The AWS::SecretsManager::Secret directive is only used to "Creates a new secret". Doesn't sound right that it would be used to accept an existing password (originating from where?). The question and response "B" seems to suggest you are just wanting to re-use an existing password in SecretsManager for a new DB Cluster (which is plausible). If so, rotation would already be configured for existing secret, but you shouldn't also be parsing for length, etc. I also think response has to be "A", but not just because it specifies rotation schedule. There is more to this than that.
upvoted 3 times
...
AndyMartinez
2 years ago
Selected Answer: A
Option A!
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago