ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 13 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 13
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company performs monthly maintenance on its AWS infrastructure. During these maintenance activities, the company needs to rotate the credentials for its Amazon RDS for MySQL databases across multiple AWS Regions.
Which solution will meet these requirements with the LEAST operational overhead?

  • A. Store the credentials as secrets in AWS Secrets Manager. Use multi-Region secret replication for the required Regions. Configure Secrets Manager to rotate the secrets on a schedule.
  • B. Store the credentials as secrets in AWS Systems Manager by creating a secure string parameter. Use multi-Region secret replication for the required Regions. Configure Systems Manager to rotate the secrets on a schedule.
  • C. Store the credentials in an Amazon S3 bucket that has server-side encryption (SSE) enabled. Use Amazon EventBridge (Amazon CloudWatch Events) to invoke an AWS Lambda function to rotate the credentials.
  • D. Encrypt the credentials as secrets by using AWS Key Management Service (AWS KMS) multi-Region customer managed keys. Store the secrets in an Amazon DynamoDB global table. Use an AWS Lambda function to retrieve the secrets from DynamoDB. Use the RDS API to rotate the secrets.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by rein_chau at Oct. 8, 2022, 3:28 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
rein_chau
Highly Voted 2 years, 6 months ago
Selected Answer: A
A is correct.
upvoted 24 times
...
PhucVuu
Highly Voted 7 months ago
Selected Answer: A
Keywords: - rotate the credentials for its Amazon RDS for MySQL databases across multiple AWS Regions - LEAST operational overhead A: Correct - AWS Secrets Manager supports - Encrypt credential for RDS, DocumentDb, Redshift, other DBs and key/value secret. - multi-region replication. - Remote base on schedule B: Incorrect - Secure string parameter only apply for Parameter Store. All the data in AWS Secrets Manager is encrypted C: Incorrect - don't mention about replicate S3 across region. D: Incorrect - So many steps compare to answer A =))
upvoted 14 times
...
MundiChor
Most Recent 1 month, 3 weeks ago
Selected Answer: A
Capability to rotate secrets and tight coupling with RDS
upvoted 1 times
...
Vandaman
2 months ago
Selected Answer: A
No other explanation necessary
upvoted 1 times
...
Mrigraj12
3 months ago
Selected Answer: A
A is the right answer as it takes minutes to setup. so least operational head
upvoted 1 times
...
trinh_le
5 months, 2 weeks ago
Selected Answer: A
A: correct - the secret manager supports rotating credentials B: incorrect - Parameter Store does not perform any cryptographic operations. Instead, it relies on AWS KMS to encrypt and decrypt secure string parameter values C and D: incorrect - handles through Lambda, require more operational overhead
upvoted 1 times
...
SilentMilli
7 months ago
Selected Answer: A
AWS Secrets Manager is a secrets management service that enables you to store, manage, and rotate secrets such as database credentials, API keys, and SSH keys. Secrets Manager can help you minimize the operational overhead of rotating credentials for your Amazon RDS for MySQL databases across multiple Regions. With Secrets Manager, you can store the credentials as secrets and use multi-Region secret replication to replicate the secrets to the required Regions. You can then configure Secrets Manager to rotate the secrets on a schedule so that the credentials are rotated automatically without the need for manual intervention. This can help reduce the risk of secrets being compromised and minimize the operational overhead of credential management.
upvoted 5 times
...
Buruguduystunstugudunstuy
7 months ago
Selected Answer: A
Option A, storing the credentials as secrets in AWS Secrets Manager and using multi-Region secret replication for the required Regions, and configuring Secrets Manager to rotate the secrets on a schedule, would meet the requirements with the least operational overhead. AWS Secrets Manager allows you to store, manage, and rotate secrets, such as database credentials, across multiple AWS Regions. By enabling multi-Region secret replication, you can replicate the secrets across the required Regions to allow for seamless rotation of the credentials during maintenance activities. Additionally, Secrets Manager provides automatic rotation of secrets on a schedule, which would minimize the operational overhead of rotating the credentials on a monthly basis.
upvoted 3 times
Buruguduystunstugudunstuy
2 years, 3 months ago
Option B, storing the credentials as secrets in AWS Systems Manager and using multi-Region secret replication, would not provide automatic rotation of secrets on a schedule. Option C, storing the credentials in an S3 bucket with SSE enabled and using EventBridge to invoke an AWS Lambda function to rotate the credentials, would not provide automatic rotation of secrets on a schedule. Option D, encrypting the credentials as secrets using KMS multi-Region customer managed keys and storing the secrets in a DynamoDB global table, would not provide automatic rotation of secrets on a schedule and would require additional operational overhead to retrieve the secrets from DynamoDB and use the RDS API to rotate the secrets.
upvoted 2 times
...
...
Musti35
7 months ago
Selected Answer: A
With Secrets Manager, you can store, retrieve, manage, and rotate your secrets, including database credentials, API keys, and other secrets. When you create a secret using Secrets Manager, it’s created and managed in a Region of your choosing. Although scoping secrets to a Region is a security best practice, there are scenarios such as disaster recovery and cross-Regional redundancy that require replication of secrets across Regions. Secrets Manager now makes it possible for you to easily replicate your secrets to one or more Regions to support these scenarios.
upvoted 3 times
...
linux_admin
7 months ago
Selected Answer: A
A. Store the credentials as secrets in AWS Secrets Manager. Use multi-Region secret replication for the required Regions. Configure Secrets Manager to rotate the secrets on a schedule. This solution is the best option for meeting the requirements with the least operational overhead. AWS Secrets Manager is designed specifically for managing and rotating secrets like database credentials. Using multi-Region secret replication, you can easily replicate the secrets across the required AWS Regions. Additionally, Secrets Manager allows you to configure automatic secret rotation on a schedule, further reducing the operational overhead.
upvoted 1 times
...
PaulGa
8 months, 2 weeks ago
Selected Answer: A
Ans A. What's to debate...?
upvoted 1 times
...
creamymangosauce
9 months, 2 weeks ago
Selected Answer: A
A - Secrets Manager automates the rotation of secrets for RDS without own implementation required, the options require effort to implement the secret rotation logic
upvoted 1 times
...
ics_911
1 year, 2 months ago
Selected Answer: A
A is correct.
upvoted 1 times
...
A_jaa
1 year, 3 months ago
Selected Answer: A
Answer-A
upvoted 1 times
...
gldiazcardenas
1 year, 6 months ago
Selected Answer: A
Clearly A is the correct one.
upvoted 1 times
...
TariqKipkemei
1 year, 9 months ago
Selected Answer: A
'The company needs to rotate the credentials for its Amazon RDS for MySQL databases across multiple AWS Regions' = AWS Secrets Manager
upvoted 1 times
...
miki111
1 year, 9 months ago
Option A MET THE REQUIREMENT
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago