exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 11 discussion

A company has an application that runs on Amazon EC2 instances and uses an Amazon Aurora database. The EC2 instances connect to the database by using user names and passwords that are stored locally in a file. The company wants to minimize the operational overhead of credential management.
What should a solutions architect do to accomplish this goal?

  • A. Use AWS Secrets Manager. Turn on automatic rotation.
  • B. Use AWS Systems Manager Parameter Store. Turn on automatic rotation.
  • C. Create an Amazon S3 bucket to store objects that are encrypted with an AWS Key Management Service (AWS KMS) encryption key. Migrate the credential file to the S3 bucket. Point the application to the S3 bucket.
  • D. Create an encrypted Amazon Elastic Block Store (Amazon EBS) volume for each EC2 instance. Attach the new EBS volume to each EC2 instance. Migrate the credential file to the new EBS volume. Point the application to the new EBS volume.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Sinaneos
Highly Voted 2 years, 5 months ago
Selected Answer: A
B is wrong because parameter store does not support auto rotation, unless the customer writes it themselves, A is the answer.
upvoted 101 times
17Master
2 years, 5 months ago
READ!!! AWS Secrets Manager is a secrets management service that helps you protect access to your applications, services, and IT resources. This service enables you to rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.
upvoted 29 times
...
hro
1 year ago
A - additionally, Aurora manages the settings for the secret and rotates the secret every seven days by default.
upvoted 3 times
...
iCcma
2 years, 5 months ago
ty bro, I was confused about that and you just mentioned the "key" phrase, B doesn't support autorotation
upvoted 3 times
...
...
cookieMr
Highly Voted 1 year, 9 months ago
Selected Answer: A
Option A: Using AWS Secrets Manager and enabling automatic rotation is the recommended solution for minimizing the operational overhead of credential management. AWS Secrets Manager provides a secure and centralized service for storing and managing secrets, such as database credentials. By leveraging Secrets Manager, the application can retrieve the database credentials programmatically at runtime, eliminating the need to store them locally in a file. Enabling automatic rotation ensures that the database credentials are regularly rotated without manual intervention, enhancing security and compliance.
upvoted 8 times
...
Kamatchi
Most Recent 4 days, 23 hours ago
Selected Answer: A
This is asked in the exam I have taken today
upvoted 1 times
...
MundiChor
1 month ago
Selected Answer: A
Order of elimination: B. Parameter Store can store secrets. You can enforce TTL to expire credentials but you cannot auto rotate C and D are plan overhead and not secure enough.
upvoted 1 times
...
ak240519
1 month, 2 weeks ago
Selected Answer: A
A is the correct answer. as Instance store doesn't support auto rotation
upvoted 1 times
...
adamatic
1 month, 3 weeks ago
Selected Answer: A
AWS Secrets Manager is a service that helps users manage, rotate, and retrieve secrets for applications, services, and IT resources. It can be used to secure secrets for AWS Cloud, third-party services, and on-premises -Automatic rotation: Secrets can be automatically rotated
upvoted 1 times
...
MGKYAING
3 months ago
Selected Answer: A
AWS Secrets Manager: Is a managed service specifically designed to securely store and retrieve secrets, such as database credentials, API keys, and SSH keys. Provides features like automatic rotation, which helps to reduce the risk of compromised credentials. Integrates seamlessly with many AWS services, including Amazon RDS (which Aurora is a part of).
upvoted 2 times
...
Gizmo2022
4 months, 2 weeks ago
Answer is A https://aws.amazon.com/cn/blogs/security/how-to-connect-to-aws-secrets-manager-service-within-a-virtual-private-cloud/ https://aws.amazon.com/blogs/security/rotate-amazon-rds-database-credentials-automatically-with-aws-secrets-manager/
upvoted 1 times
...
Abishek016
6 months ago
Selected Answer: A
This is an ideal solution. Secrets Manager can rotate credentials automatically and ensures that the EC2 instances retrieve the most recent credentials securely.
upvoted 3 times
...
Buruguduystunstugudunstuy
6 months, 1 week ago
Selected Answer: A
Option A, using AWS Secrets Manager and turning on automatic rotation, would be the best solution to minimize the operational overhead of credential management. AWS Secrets Manager is a service that makes it easier to manage secrets, such as database credentials, by storing and rotating them automatically. By turning on automatic rotation, you can ensure that the secrets are regularly rotated, reducing the risk of unauthorized access to the database. This would minimize the operational overhead of credential management, as you would not have to manually rotate the secrets or update the EC2 instances with the new credentials.
upvoted 3 times
Buruguduystunstugudunstuy
2 years, 3 months ago
Option B, using AWS Systems Manager Parameter Store and turning on automatic rotation, would not be suitable for storing secrets, such as database credentials, as it is intended for storing system parameters. Option C, creating an S3 bucket to store objects that are encrypted with an AWS KMS encryption key and migrating the credential file to the S3 bucket, would not provide automatic rotation of the secrets. Option D, creating an encrypted EBS volume and migrating the credential file to the new EBS volume, would not provide automatic rotation of the secrets.
upvoted 1 times
...
...
Ruffyit
6 months, 1 week ago
A: READ!!! AWS Secrets Manager is a secrets management service that helps you protect access to your applications, services, and IT resources. This service enables you to rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. It says SSM Parameter store cant rotate automatically.
upvoted 2 times
...
jallaix
6 months, 1 week ago
Everybody here voting A, but only the master user's password of the Aurora database can be automatically stored and rotated. Who uses the master user's credentials in their application ? It looks to me like a serious security issue... Moreover answer A is not complete, missing steps are: - create IAM role to get secret - assign IAM role to EC2 instance - adapt the application to retrieve the secret from Secrets Manager instead of erading the file - make sure retrieval occurs every week I dont' call that minimizing operational overhead... Answer D is a lot more simple. In a real situation, none of these answers are relevant.
upvoted 3 times
iyiola_daniel
7 months ago
Same thing I thought. Answer D seems simpler, but option A is the best approach.
upvoted 1 times
...
...
griggrig
7 months ago
Selected Answer: A
Option A , because of leas overhead.
upvoted 1 times
...
parth_g_mehta
8 months, 2 weeks ago
Selected Answer: A
Parameter Store: Storing and managing a database connection string or API endpoint URL that doesn’t require frequent rotation. Secrets Manager: Storing and managing database credentials that need to be rotated regularly for security compliance.
upvoted 1 times
...
JalimRabeiBR
10 months ago
Answer A is correct
upvoted 1 times
...
OctavioBatera
1 year ago
Selected Answer: A
Secrets Manager, as The Mandalorian would say "this is the way!"
upvoted 1 times
...
TilTil
1 year ago
Selected Answer: A
SSM has no automatic rotation.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago