ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 947 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 947
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company runs a Node js function on a server in its on-premises data center. The data center stores data in a PostgreSQL database. The company stores the credentials in a connection string in an environment variable on the server. The company wants to migrate its application to AWS and to replace the Node.js application server with AWS Lambda. The company also wants to migrate to Amazon RDS for PostgreSQL and to ensure that the database credentials are securely managed.

Which solution will meet these requirements with the LEAST operational overhead?

  • A. Store the database credentials as a parameter in AWS Systems Manager Parameter Store Configure Parameter Store to automatically rotate the secrets every 30 days. Update the Lambda function to retrieve the credentials from the parameter.
  • B. Store the database credentials as a secret in AWS Secrets Manager. Configure Secrets Manager to automatically rotate the credentials every 30 days. Update the Lambda function to retrieve the credentials from the secret.
  • C. Store the database credentials as an encrypted Lambda environment variable. Write a custom Lambda function to rotate the credentials. Schedule the Lambda function to run every 30 days.
  • D. Store the database credentials as a key in AWS Key Management Service (AWS KMS). Configure automatic rotation for the key. Update the Lambda function to retneve the credentials from the KMS key.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by [deleted] at Aug. 17, 2024, 7:27 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
LeonSauveterre
3 months, 3 weeks ago
Selected Answer: B
A - Parameter Store doesn't support automatic rotation. C - Don't write a custom function when you can use off-the-rack ones. D - AWS KMS is a service for managing encryption keys, not for managing secrets like database credentials. Also it doesn't provide direct support for managing or rotating database credentials.
upvoted 2 times
...
aragon_saa
8 months, 1 week ago
Selected Answer: B
Answer is B
upvoted 1 times
...
[Removed]
8 months, 1 week ago
Selected Answer: B
Secrets Manager: AWS Secrets Manager is specifically designed to store and manage sensitive information like database credentials. It provides built-in functionality for securely storing, retrieving, and automatically rotating credentials. Automatic Rotation: Secrets Manager can be configured to automatically rotate the database credentials at regular intervals (e.g., every 30 days). This reduces operational overhead by eliminating the need for manual credential rotation or custom rotation logic. Integration with Lambda: Lambda functions can easily retrieve credentials stored in Secrets Manager by calling the Secrets Manager API, which simplifies the application code and enhances security.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago