exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 85 discussion

A security engineer is building a Java application that is running on Amazon EC2. The application communicates with an Amazon RDS instance and authenticates with a user name and password.

Which combination of steps can the engineer take to protect the credentials and minimize downtime when the credentials are rotated? (Choose two.)

  • A. Have a database administrator encrypt the credentials and store the ciphertext in Amazon S3. Grant permission to the instance role associated with the EC2 instance to read the object and decrypt the ciphertext.
  • B. Configure a scheduled job that updates the credential in AWS Systems Manager Parameter Store and notifies the engineer that the application needs to be restarted.
  • C. Configure automatic rotation of credentials in AWS Secrets Manager.
  • D. Store the credential in an encrypted string parameter in AWS Systems Manager Parameter Store. Grant permission to the instance role associated with the EC2 instance to access the parameter and the AWS KMS key that is used to encrypt it.
  • E. Configure the Java application to catch a connection failure and make a call to AWS Secrets Manager to retrieve updated credentials when the password is rotated. Grant permission to the instance role associated with the EC2 instance to access Secrets Manager.
Show Suggested Answer Hide Answer
Suggested Answer: CE 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
aescudero51
5 months, 4 weeks ago
Selected Answer: CE
My answer is C - E Configure automatic rotation of credentials in AWS Secrets Manager (Option C): This ensures that the credentials are updated automatically without requiring manual intervention. AWS Secrets Manager provides secure, managed secrets for applications, and it can be configured to rotate credentials at regular intervals. Configure the Java application to catch a connection failure and make a call to AWS Secrets Manager to retrieve updated credentials when the password is rotated (Option E): This approach ensures that the application can seamlessly switch to the new credentials when they are rotated, minimizing downtime. The Java application can be designed to catch connection failures and then retrieve the updated credentials from AWS Secrets Manager, ensuring continuous operation.
upvoted 1 times
...
vikasj1in
10 months, 3 weeks ago
AWS Secrets Manager (Option C and E): AWS Secrets Manager provides a solution for managing and rotating sensitive information, such as database credentials. You can configure automatic rotation of credentials in AWS Secrets Manager, and the Java application can catch a connection failure and make a call to Secrets Manager to retrieve updated credentials when the password is rotated. Systems Manager Parameter Store (Option D): While storing credentials in an encrypted string parameter in AWS Systems Manager Parameter Store is a valid approach, Secrets Manager provides a more specialized solution for credential rotation. Option A involves storing ciphertext in Amazon S3, which adds complexity and may not be as secure as using dedicated services like AWS Secrets Manager. Option B suggests manually updating the credential in Systems Manager Parameter Store and notifying the engineer, which is less automated and may introduce downtime.
upvoted 2 times
...
3633f8f
11 months, 3 weeks ago
Selected Answer: CE
Systems Manager provides integration with RDS and in combination with Java Try and Catch makes possible rotate credentials as frequent as required.
upvoted 1 times
rxhan
9 months, 2 weeks ago
Secrets*
upvoted 1 times
...
...
Aamee
1 year ago
Selected Answer: CE
Def. C and E makes perfect comb.
upvoted 1 times
...
Aamee
1 year ago
V confusing btw CE and DE. The question states about protecting the creds which gives the hint towards option D since it talks about leveraging KMS keys with SSM parameter store options too... No doubt on option E cuz that looks more reasonable but there's a confusion over option C or D... :(
upvoted 1 times
AgboolaKun
1 year ago
C is correct because Systems Manager Parameter Store cannot be used for key rotation. Key rotation is a feature of Secrets Manager. I hope that helps.
upvoted 4 times
Aamee
1 year ago
Ah ok, got it now, thanks so much AgboolaKun! :)
upvoted 1 times
...
...
...
[Removed]
1 year ago
Selected Answer: CE
I'll vote C and E. Secrets Manager for rotation
upvoted 2 times
...
oioi
1 year ago
Selected Answer: CE
correct
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...