Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 701 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 701
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A security engineer determined that an existing application retrieves credentials to an Amazon RDS for MySQL database from an encrypted file in Amazon S3. For the next version of the application, the security engineer wants to implement the following application design changes to improve security:
✑ The database must use strong, randomly generated passwords stored in a secure AWS managed service.
✑ The application resources must be deployed through AWS CloudFormation.
✑ The application must rotate credentials for the database every 90 days.
A solutions architect will generate a CloudFormation template to deploy the application.
Which resources specified in the CloudFormation template will meet the security engineer's requirements with the LEAST amount of operational overhead?

  • A. Generate the database password as a secret resource using AWS Secrets Manager. Create an AWS Lambda function resource to rotate the database password. Specify a Secrets Manager RotationSchedule resource to rotate the database password every 90 days.
  • B. Generate the database password as a SecureString parameter type using AWS Systems Manager Parameter Store. Create an AWS Lambda function resource to rotate the database password. Specify a Parameter Store RotationSchedule resource to rotate the database password every 90 days.
  • C. Generate the database password as a secret resource using AWS Secrets Manager. Create an AWS Lambda function resource to rotate the database password. Create an Amazon EventBridge scheduled rule resource to trigger the Lambda function password rotation every 90 days.
  • D. Generate the database password as a SecureString parameter type using AWS Systems Manager Parameter Store. Specify an AWS AppSync DataSource resource to automatically rotate the database password every 90 days.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by sek12324 at March 15, 2021, 2:28 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
sek12324
Highly Voted 3 years ago
A https://aws.amazon.com/blogs/security/how-to-securely-provide-database-credentials-to-lambda-functions-by-using-aws-secrets-manager/
upvoted 13 times
...
nitinz
Highly Voted 3 years ago
Sure Answer is A, but I do not see the need of lambda to do the rotation when secret manager can do the rotation. can some one enlighten me?
upvoted 10 times
kalyan_krishna742020
2 years, 12 months ago
Nope. You need to choose a Lambda function in order to rotate the secret.
upvoted 5 times
...
...
Amac1979
Most Recent 1 year, 7 months ago
https://aws.amazon.com/blogs/security/rotate-amazon-rds-database-credentials-automatically-with-aws-secrets-manager/ Outdated question.. you don't need lambda to rotate RDS MySQL password
upvoted 2 times
...
BlueSpark
1 year, 9 months ago
I am agree with A
upvoted 1 times
...
hilft
2 years, 2 months ago
A. AWS secret manager with lambda.
upvoted 1 times
...
TechX
2 years, 3 months ago
Selected Answer: A
A 100%, AWS Secret Manager auto rotate, you don't need to trigger a lambda function
upvoted 1 times
...
tartarus23
2 years, 5 months ago
Selected Answer: A
A. as AWS secrets manager supports passport rotation through Lambda functions and rotation schedule. C. is not correct since there is no need to use Amazon EventBridge to meet the requirements https://aws.amazon.com/secrets-manager/
upvoted 2 times
...
shotty1
2 years, 8 months ago
Selected Answer: A
It is A
upvoted 1 times
...
weurseuk
2 years, 8 months ago
A : secret manager can rotate on console but here it's with cloudformation, and it's done with the lambda, see AWS::SecretsManager::RotationSchedule
upvoted 1 times
...
GeniusMikeLiu
2 years, 9 months ago
why we need lambda to rotate database password???
upvoted 2 times
...
cldy
2 years, 10 months ago
A. Generate the database password as a secret resource using AWS Secrets Manager. Create an AWS Lambda function resource to rotate the database password. Specify a Secrets Manager RotationSchedule resource to rotate the database password every 90 days.
upvoted 1 times
...
AzureDP900
2 years, 10 months ago
I will go with A
upvoted 1 times
...
andylogan
2 years, 11 months ago
It's A
upvoted 1 times
...
mrphuongbn
2 years, 11 months ago
Both A & C are ok. But "with the LEAST amount of operational overhead" => A. https://aws.amazon.com/blogs/security/how-to-securely-provide-database-credentials-to-lambda-functions-by-using-aws-secrets-manager/
upvoted 1 times
...
tgv
2 years, 11 months ago
AAA ---
upvoted 1 times
...
WhyIronMan
2 years, 11 months ago
I'll go with A
upvoted 1 times
...
blackgamer
2 years, 11 months ago
The answer is A. it can configure AWS Secret Manager to rotate key automatically, not necessary to use EventBridge for that. https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html
upvoted 3 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel