ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Database - Specialty All Questions

View all questions & answers for the AWS Certified Database - Specialty exam
Go to Exam

Exam AWS Certified Database - Specialty topic 1 question 66 discussion

Exam question from Amazon's AWS Certified Database - Specialty
Question #: 66
Topic #: 1
[All AWS Certified Database - Specialty Questions]

A company wants to automate the creation of secure test databases with random credentials to be stored safely for later use. The credentials should have sufficient information about each test database to initiate a connection and perform automated credential rotations. The credentials should not be logged or stored anywhere in an unencrypted form.
Which steps should a Database Specialist take to meet these requirements using an AWS CloudFormation template?

  • A. Create the database with the MasterUserName and MasterUserPassword properties set to the default values. Then, create the secret with the user name and password set to the same default values. Add a Secret Target Attachment resource with the SecretId and TargetId properties set to the Amazon Resource Names (ARNs) of the secret and the database. Finally, update the secret's password value with a randomly generated string set by the GenerateSecretString property.
  • B. Add a Mapping property from the database Amazon Resource Name (ARN) to the secret ARN. Then, create the secret with a chosen user name and a randomly generated password set by the GenerateSecretString property. Add the database with the MasterUserName and MasterUserPassword properties set to the user name of the secret.
  • C. Add a resource of type AWS::SecretsManager::Secret and specify the GenerateSecretString property. Then, define the database user name in the SecureStringTemplate template. Create a resource for the database and reference the secret string for the MasterUserName and MasterUserPassword properties. Then, add a resource of type AWS::SecretsManagerSecretTargetAttachment with the SecretId and TargetId properties set to the Amazon Resource Names (ARNs) of the secret and the database.
  • D. Create the secret with a chosen user name and a randomly generated password set by the GenerateSecretString property. Add an SecretTargetAttachment resource with the SecretId property set to the Amazon Resource Name (ARN) of the secret and the TargetId property set to a parameter value matching the desired database ARN. Then, create a database with the MasterUserName and MasterUserPassword properties set to the previously created values in the secret.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by BillyC at July 27, 2020, 2:32 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BillyC
Highly Voted 3 years, 7 months ago
Ans C is correct
upvoted 11 times
BillyMadison
3 years, 7 months ago
BillyC, any idea why the AWS Database specialty exam is so hard to find on this site / why there are 404 errors?
upvoted 1 times
jyrajan
3 years, 5 months ago
New requirement, only visible if you have contributor access
upvoted 1 times
...
...
...
IhorK
Most Recent 1 year, 8 months ago
Selected Answer: C
"Add a resource of type AWS::SecretsManager::RotationSchedule" missing in answer C.
upvoted 1 times
...
IhorK
1 year, 8 months ago
Selected Answer: C
https://malsouli.medium.com/aws-secrets-manager-create-and-rotate-secrets-automatically-36719faa7e4f
upvoted 1 times
...
novice_expert
2 years, 12 months ago
Selected Answer: C
incomplete or wrong info but answer needs SecretsManager which is in C only Add a resource of type AWS::SecretsManager::Secret -> specify the GenerateSecretString property -> define the database user name in the SecureStringTemplate template. -> Create a resource for the database -> reference the secret string for the MasterUserName and MasterUserPassword properties. -> add a resource of type AWS::SecretsManagerSecretTargetAttachment with the SecretId and TargetId properties set to the Amazon Resource Names (ARNs) of the secret and the database.
upvoted 3 times
...
RotterDam
3 years, 1 month ago
(C) is correct
upvoted 1 times
...
Ashoks
3 years, 6 months ago
yes, it is C
upvoted 4 times
...
Ebi
3 years, 7 months ago
Answer is C
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago