Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 339 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 339
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company has a custom application with embedded credentials that retrieves information from an Amazon RDS MySQL DB instance. Management says the application must be made more secure with the least amount of programming effort.

What should a solutions architect do to meet these requirements?

  • A. Use AWS Key Management Service (AWS KMS) to create keys. Configure the application to load the database credentials from AWS KMS. Enable automatic key rotation.
  • B. Create credentials on the RDS for MySQL database for the application user and store the credentials in AWS Secrets Manager. Configure the application to load the database credentials from Secrets Manager. Create an AWS Lambda function that rotates the credentials in Secret Manager.
  • C. Create credentials on the RDS for MySQL database for the application user and store the credentials in AWS Secrets Manager. Configure the application to load the database credentials from Secrets Manager. Set up a credentials rotation schedule for the application user in the RDS for MySQL database using Secrets Manager.
  • D. Create credentials on the RDS for MySQL database for the application user and store the credentials in AWS Systems Manager Parameter Store. Configure the application to load the database credentials from Parameter Store. Set up a credentials rotation schedule for the application user in the RDS for MySQL database using Parameter Store.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Bhawesh at Feb. 17, 2023, 8:53 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
cloudbusting
Highly Voted 1 year, 7 months ago
Parameter Store does not provide automatic credential rotation.
upvoted 14 times
...
Bhawesh
Highly Voted 1 year, 7 months ago
Selected Answer: C
C. Create credentials on the RDS for MySQL database for the application user and store the credentials in AWS Secrets Manager. Configure the application to load the database credentials from Secrets Manager. Set up a credentials rotation schedule for the application user in the RDS for MySQL database using Secrets Manager. https://www.examtopics.com/discussions/amazon/view/46483-exam-aws-certified-solutions-architect-associate-saa-c02/
upvoted 10 times
...
Gape4
Most Recent 2 months, 3 weeks ago
Selected Answer: C
credentials from Secrets Manager...
upvoted 1 times
...
d401c0d
5 months, 3 weeks ago
question is asking for "more secure with the least amount of programming effort." = Secrets Manager + Secretes Manager's built in rotation schedule instead of Lambda.
upvoted 1 times
...
awsgeek75
8 months, 2 weeks ago
Selected Answer: C
A KMS is for encryption keys specifically so this is a long way of doing the credentials storage B is too much work for rotation C exactly what secrets manager is designed for D You can do that if C wasn't an option
upvoted 1 times
...
Guru4Cloud
1 year ago
Selected Answer: C
Store the RDS credentials in Secrets Manager Configure the application to retrieve the credentials from Secrets Manager Use Secrets Manager's built-in rotation to rotate the RDS credentials automatically
upvoted 1 times
...
Hades2231
1 year ago
Selected Answer: C
Secrets Manager can handle the rotation, so no need for Lambda to rotate the keys.
upvoted 1 times
...
chen0305_099
1 year ago
WHY NOT B ?
upvoted 1 times
...
StacyY
1 year, 1 month ago
B, we need lambda for password rotation, confirmed!
upvoted 2 times
Nikki013
1 year ago
It is not needed for certain types RDS, including MySQL as Secrets Manager has built-in rotation capabilities for it: https://aws.amazon.com/blogs/security/rotate-amazon-rds-database-credentials-automatically-with-aws-secrets-manager/
upvoted 2 times
...
...
Abrar2022
1 year, 3 months ago
Selected Answer: C
If you need your DB to store credentials then use AWS Secret Manager. System Manager Paramater Store is for CloudFormation (no rotation)
upvoted 1 times
...
AlessandraSAA
1 year, 6 months ago
why it's not A?
upvoted 4 times
MssP
1 year, 5 months ago
It is asking for credentials, not for encryption keys.
upvoted 6 times
PoisonBlack
1 year, 4 months ago
So credentials rotation is secrets manager and key rotation is KMS?
upvoted 2 times
...
...
...
bdp123
1 year, 6 months ago
Selected Answer: C
https://aws.amazon.com/blogs/security/rotate-amazon-rds-database-credentials-automatically-with-aws-secrets-manager/
upvoted 1 times
...
LuckyAro
1 year, 6 months ago
Selected Answer: C
C is a valid solution for securing the custom application with the least amount of programming effort. It involves creating credentials on the RDS for MySQL database for the application user and storing them in AWS Secrets Manager. The application can then be configured to load the database credentials from Secrets Manager. Additionally, the solution includes setting up a credentials rotation schedule for the application user in the RDS for MySQL database using Secrets Manager, which will automatically rotate the credentials at a specified interval without requiring any programming effort.
upvoted 3 times
...
bdp123
1 year, 6 months ago
Selected Answer: C
https://docs.aws.amazon.com/secretsmanager/latest/userguide/create_database_secret.html
upvoted 2 times
...
jennyka76
1 year, 7 months ago
Answer - C https://ws.amazon.com/blogs/security/rotate-amazon-rds-database-credentials-automatically-with-aws-secrets-manager/
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel