Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 86 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 86
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company has several web servers that need to frequently access a common Amazon RDS MySQL Multi-AZ DB instance. The company wants a secure method for the web servers to connect to the database while meeting a security requirement to rotate user credentials frequently.
Which solution meets these requirements?

  • A. Store the database user credentials in AWS Secrets Manager. Grant the necessary IAM permissions to allow the web servers to access AWS Secrets Manager.
  • B. Store the database user credentials in AWS Systems Manager OpsCenter. Grant the necessary IAM permissions to allow the web servers to access OpsCenter.
  • C. Store the database user credentials in a secure Amazon S3 bucket. Grant the necessary IAM permissions to allow the web servers to retrieve credentials and access the database.
  • D. Store the database user credentials in files encrypted with AWS Key Management Service (AWS KMS) on the web server file system. The web server should be able to decrypt the files and access the database.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by 123jhl0 at Oct. 17, 2022, 9:03 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
123jhl0
Highly Voted 2 years, 1 month ago
Selected Answer: A
Secrets Manager enables you to replace hardcoded credentials in your code, including passwords, with an API call to Secrets Manager to retrieve the secret programmatically. This helps ensure the secret can't be compromised by someone examining your code, because the secret no longer exists in the code. Also, you can configure Secrets Manager to automatically rotate the secret for you according to a specified schedule. This enables you to replace long-term secrets with short-term ones, significantly reducing the risk of compromise. https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html
upvoted 28 times
...
cookieMr
Highly Voted 1 year, 5 months ago
Selected Answer: A
B. SSM OpsCenter is primarily used for managing and resolving operational issues. It is not designed to securely store and manage credentials like AWS Secrets Manager. C. Storing credentials in an S3 bucket may provide some level of security, but it lacks the additional features and security controls offered by AWS Secrets Manager. D. While using KMS for encryption is a good practice, managing credentials directly on the web server file system can introduce complexities and potential security risks. It can be challenging to securely manage and rotate credentials across multiple web servers, especially when considering scalability and automation. In summary, option A is the recommended solution as it leverages AWS Secrets Manager, which is purpose-built for securely storing and managing secrets, and provides the necessary IAM permissions to allow the web servers to access the credentials securely.
upvoted 7 times
...
PaulGa
Most Recent 2 months ago
Selected Answer: A
Ans A - Secrets Manager, auto rotates...
upvoted 2 times
...
jaradat02
4 months ago
Selected Answer: A
A is the right answer, you should never store any of your credentials in files, even if they are encrypted. Also, secrets manager fulfills the credentials rotation condition.
upvoted 2 times
...
Duckydoo
5 months, 1 week ago
Selected Answer: A
While I agree that A is the most feasible answer, I don't see how it satisfies the "a secure method for the web servers to connect to the database" requirement. ASM is about securely storing and rotating secrets, but has nothing to do with "secure connection" between the web servers and RDS. That would require something like IAM DB authentication, which is not even mentioned.
upvoted 3 times
CanoSys
4 months ago
Yeah, It's a stupid question.
upvoted 1 times
...
...
Z0r
6 months, 4 weeks ago
rotation = SM
upvoted 1 times
...
awsgeek75
10 months, 1 week ago
Selected Answer: A
AWS Secrets Manager is best for storing credentials and supports auto rotation so A is the best choice
upvoted 4 times
...
MrPCarrot
1 year ago
A = Rotation of user credentials can be automated using Secrets Manager.
upvoted 2 times
...
Ruffyit
1 year ago
option A is the recommended solution as it leverages AWS Secrets Manager, which is purpose-built for securely storing and managing secrets, and provides the necessary IAM permissions to allow the web servers to access the credentials securely.
upvoted 2 times
...
TariqKipkemei
1 year, 3 months ago
Selected Answer: A
AWS Secrets Manager to the rescue....up up and awaaaay
upvoted 2 times
...
Guru4Cloud
1 year, 3 months ago
Selected Answer: A
The correct answer is A. Here is the explanation: AWS Secrets Manager is a service that helps you store, manage, and rotate secrets. Secrets Manager is a good choice for storing database user credentials because it is secure and scalable. IAM permissions can be used to grant web servers access to AWS Secrets Manager. This will allow the web servers to retrieve the database user credentials from Secrets Manager and use them to connect to the database. Rotation of user credentials can be automated using Secrets Manager. This will ensure that the database user credentials are rotated on a regular basis, meeting the security requirement.
upvoted 3 times
...
Bmarodi
1 year, 6 months ago
Selected Answer: A
Option A is ans.
upvoted 3 times
...
vherman
1 year, 9 months ago
Selected Answer: A
A is correct
upvoted 2 times
...
thensanity
1 year, 10 months ago
literally screams for AWS secrets manager to rotate the credentails
upvoted 5 times
...
Buruguduystunstugudunstuy
1 year, 11 months ago
Selected Answer: A
***CORRECT*** Option A. Store the database user credentials in AWS Secrets Manager. Grant the necessary IAM permissions to allow the web servers to access AWS Secrets Manager. Option A is correct because it meets the requirements specified in the question: a secure method for the web servers to connect to the database while meeting a security requirement to rotate user credentials frequently. AWS Secrets Manager is designed specifically to store and manage secrets like database credentials, and it provides an automated way to rotate secrets every time they are used, ensuring that the secrets are always fresh and secure. This makes it a good choice for storing and managing the database user credentials in a secure way.
upvoted 6 times
Buruguduystunstugudunstuy
1 year, 11 months ago
***WRONG*** Option B, storing the database user credentials in AWS Systems Manager OpsCenter, is not a good fit for this use case because OpsCenter is a tool for managing and monitoring systems, and it is not designed for storing and managing secrets. Option C, storing the database user credentials in a secure Amazon S3 bucket, is not a secure option because S3 buckets are not designed to store secrets. While it is possible to store secrets in S3, it is not recommended because S3 is not a secure secrets management service and does not provide the same level of security and automation as AWS Secrets Manager.
upvoted 4 times
Buruguduystunstugudunstuy
1 year, 11 months ago
Option D, storing the database user credentials in files encrypted with AWS Key Management Service (AWS KMS) on the web server file system, is not a secure option because it relies on the security of the web server file system, which may not be as secure as a dedicated secrets management service like AWS Secrets Manager. Additionally, this option does not meet the requirement to rotate user credentials frequently because it does not provide an automated way to rotate the credentials.
upvoted 6 times
...
...
...
career360guru
1 year, 11 months ago
Selected Answer: A
Option A
upvoted 1 times
...
kewl
1 year, 11 months ago
Selected Answer: A
Rotate credentials = Secrets Manager
upvoted 3 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel