Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 61 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 61
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company is developing a two-tier web application on AWS. The company's developers have deployed the application on an Amazon EC2 instance that connects directly to a backend Amazon RDS database. The company must not hardcode database credentials in the application. The company must also implement a solution to automatically rotate the database credentials on a regular basis.
Which solution will meet these requirements with the LEAST operational overhead?

  • A. Store the database credentials in the instance metadata. Use Amazon EventBridge (Amazon CloudWatch Events) rules to run a scheduled AWS Lambda function that updates the RDS credentials and instance metadata at the same time.
  • B. Store the database credentials in a configuration file in an encrypted Amazon S3 bucket. Use Amazon EventBridge (Amazon CloudWatch Events) rules to run a scheduled AWS Lambda function that updates the RDS credentials and the credentials in the configuration file at the same time. Use S3 Versioning to ensure the ability to fall back to previous values.
  • C. Store the database credentials as a secret in AWS Secrets Manager. Turn on automatic rotation for the secret. Attach the required permission to the EC2 role to grant access to the secret.
  • D. Store the database credentials as encrypted parameters in AWS Systems Manager Parameter Store. Turn on automatic rotation for the encrypted parameters. Attach the required permission to the EC2 role to grant access to the encrypted parameters.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by KVK16 at Oct. 16, 2022, 10:49 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
KVK16
Highly Voted 1 year, 11 months ago
Selected Answer: C
Secrets manager supports Autorotation unlike Parameter store.
upvoted 24 times
JesseeS
1 year, 11 months ago
Parameter store does not support autorotation.
upvoted 10 times
...
...
Buruguduystunstugudunstuy
Highly Voted 1 year, 9 months ago
Selected Answer: C
The correct solution is C. Store the database credentials as a secret in AWS Secrets Manager. Turn on automatic rotation for the secret. Attach the required permission to the EC2 role to grant access to the secret. AWS Secrets Manager is a service that enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. By storing the database credentials as a secret in Secrets Manager, you can ensure that they are not hardcoded in the application and that they are automatically rotated on a regular basis. To grant the EC2 instance access to the secret, you can attach the required permission to the EC2 role. This will allow the application to retrieve the secret from Secrets Manager as needed.
upvoted 15 times
Buruguduystunstugudunstuy
1 year, 9 months ago
Option A, storing the database credentials in the instance metadata and using a Lambda function to update them, would not meet the requirement of not hardcoding the credentials in the application. Option B, storing the database credentials in an encrypted S3 bucket and using a Lambda function to update them, would also not meet this requirement, as the application would still need to access the credentials from the configuration file. Option D, storing the database credentials as encrypted parameters in AWS Systems Manager Parameter Store, would also not meet this requirement, as the application would still need to access the encrypted parameters in order to use them.
upvoted 9 times
...
...
PaulGa
Most Recent 1 week, 2 days ago
Selected Answer: C
Ans C - Secrets Manager, provides rotation - and also a lot more API calls
upvoted 1 times
...
soufiyane
5 months, 3 weeks ago
Selected Answer: C
parameter store does not have auto rotation
upvoted 1 times
...
Atul6969
7 months ago
Selected Answer: C
test kjlshfjkh jfskjfnkj kj bskjfb kj kjs bfkjs b kjf
upvoted 1 times
...
awsgeek75
8 months, 1 week ago
Selected Answer: C
Secrets Manager is purpose built for this scenario AB are wrong and insecure way of doing this D Parameter store with encrypted string can be used for this but is not ideal choice and AFAIK it does not support automatic rotation without extra programming
upvoted 1 times
...
1Alpha1
9 months ago
Selected Answer: C
C - "Auto Rotation"
upvoted 1 times
...
Ruffyit
10 months, 4 weeks ago
AWS Secrets Manager is a service that enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. By storing the database credentials as a secret in Secrets Manager, you can ensure that they are not hardcoded in the application and that they are automatically rotated on a regular basis. To grant the EC2 instance access to the secret, you can attach the required permission to the EC2 role.
upvoted 1 times
...
Guru4Cloud
1 year, 1 month ago
Selected Answer: C
Storing the credentials in AWS Secrets Manager and enabling automatic rotation meets the requirements with the least operational overhead. The EC2 instance role just needs permission to access the secret, and Secrets Manager handles rotating the credentials automatically on a schedule.
upvoted 1 times
...
TariqKipkemei
1 year, 1 month ago
Selected Answer: C
Key Autorotation = AWS Secrets Manager
upvoted 2 times
...
miki111
1 year, 2 months ago
Option C is the right answer.
upvoted 1 times
...
cookieMr
1 year, 3 months ago
Selected Answer: C
Storing the credentials in Secrets Manager provides dedicated and secure management. With automatic rotation enabled, Secrets Manager handles the credential updates automatically. Attaching the necessary permissions to the EC2 role allows the application to securely access the secret. This approach minimizes operational overhead and provides a secure and managed solution for credential management.
upvoted 2 times
...
Bmarodi
1 year, 3 months ago
Selected Answer: C
The solution that meets the requirements with the least operational overhead, is option C.
upvoted 1 times
...
Bmarodi
1 year, 4 months ago
Selected Answer: C
My choice is c.
upvoted 1 times
...
AndyMartinez
1 year, 7 months ago
Selected Answer: C
The right option is C.
upvoted 1 times
...
Adios_Amigo
1 year, 7 months ago
C is the most correct answer. Automatic replacement must be performed by the secret manager.
upvoted 1 times
...
career360guru
1 year, 9 months ago
Selected Answer: C
Option C - As the requirement is to rotate the secrets Secrets manager is the one that can support it.
upvoted 1 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel