Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 475 discussion

Agreed answer is (A), only service that rotates credentials automatically is secrets manager. https://aws.amazon.com/secrets-manager/ https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html (reference note)

A - we need to store a DB password, with automatic rotation every few months A. Store the password in AWS Secrets Manager. Enable automatic rotation on the secret. - Correct. https://aws.amazon.com/secrets-manager/ B. Store the password in AWS Systems Manager Parameter Store. Enable automatic rotation on the parameter. - Wrong. Systems Manager is for monitoring and configuring resources (e.g. S3, EC2, RDS instances), not for storing sensitive credentials C. Store the password in AWS Systems Manager Parameter Store. Write an AWS Lambda function that rotates the password. - Wrong. Manual rotation is not ideal D. Store the password in AWS Key Management Service (AWS KMS). Enable automatic rotation on the customer master key (CMK). - KMS is for managing keys used for the encryption / decryption of data, NOT for storing authentication credentials

AAAAAAAAAAAA

Vote A

Only Secrets Manager supports automatic rotation

A - correct answer view the AWS rotate password screenshot from AWS - shows the enable button https://aws.amazon.com/blogs/aws/aws-secrets-manager-store-distribute-and-rotate-credentials-securely/

Rta es A. Secrets Manager las funciones claves son: Rotar secretos de forma segura, Proteja y gestione secretos de forma centralizada, Supervise y audite fácilmente, Pague por los secretos que almacena

=> A Parameter store : no support rotate key AWS KMS: generates, encrypts, and decrypts data keys. However, AWS KMS does not store, manage, or track your data keys, or perform cryptographic operations with data keys. https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html

Answer A Database passwords are secrets, not keys. Parameter store does not support auto rotation

Answer-A Secrets Manager This question is testing Secrets Manager vs Parameter Store. A very short read:https://medium.com/awesome-cloud/aws-difference-between-secrets-manager-and-parameter-store-systems-manager-f02686604eae Secrets Manager: It was designed specifically for confidential information (like database credentials, API keys) that needs to be encrypted, so the creation of a secret entry has encryption enabled by default. It also gives additional functionality like rotation of keys. Systems Manager Parameter Store: It was designed to cater to a wider use case, not just secrets or passwords, but also application configuration variables like URLs, Custom settings, AMI IDs, License keys, etc. Secrets Manager offers rotation of keys inbuilt. It is integrated well with RDS. B is invalid-notinbuilt for Parameter Store C-adds more overhead compared to inbuilt feature in A D-KMS is altogether different concept.

Answer is A AWS Secrets Manager enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets through their lifecycle

A) secret manager

New Question: A company is running a publicly accessible serverless application that uses Amazon API Gateway and AWS Lambda. The application's traffic recently spiked due to fraudulent requests from botnets. Which steps should a solutions architect take to block requests from unauthorized users? (Choose two.) a Create a usage plan with an API key that is shared with genuine users only. b Integrate logic within the Lambda function to ignore the requests from fraudulent IP addresses. c Implement an AWS WAF rule to target malicious requests and trigger actions to filter them out. d Convert the existing public API to a private API. Update the DNS records to redirect users to the new API endpoint. e Create an IAM role for each user attempting to access the API. A user will assume the role when making the API call.