Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam DVA-C02 Topic 2 Question 20 Discussion

Actual exam question for Amazon's DVA-C02 exam
Question #: 20
Topic #: 2
[All DVA-C02 Questions]

A company needs to set up secure database credentials for all its AWS Cloud resources. The company's resources include Amazon RDS DB instances Amazon DocumentDB clusters and Amazon Aurora DB instances. The company's security policy mandates that database credentials be encrypted at rest and rotated at a regular interval.

Which solution will meet these requirements MOST securely?

Show Suggested Answer Hide Answer
Suggested Answer: D

This solution will meet the requirements by using AWS Secrets Manager, which is a service that helps protect secrets such as database credentials by encrypting them with AWS Key Management Service (AWS KMS) and enabling automatic rotation of secrets. The developer can create an AWS Lambda function by using the SecretsManagerRotationTemplate template in the AWS Secrets Manager console, which provides a sample code for rotating secrets for RDS DB instances, Amazon DocumentDB clusters, and Amazon Aurora DB instances. The developer can also create secrets for the database credentials in Secrets Manager, which encrypts them at rest and provides secure access to them. The developer can set up secrets rotation on a schedule, which changes the database credentials periodically according to a specified interval or event. Option A is not optimal because it will set up IAM database authentication for token-based access, which may not be compatible with all database engines and may require additional configuration and management of IAM roles or users. Option B is not optimal because it will create parameters for the database credentials in AWS Systems Manager Parameter Store, which does not support automatic rotation of secrets. Option C is not optimal because it will store the database access credentials as an encrypted Amazon S3 object in an S3 bucket, which may introduce additional costs and complexity for accessing and securing the data.


Contribute your Thoughts:

Matthew
6 months ago
That's true. SecretsManagerRotationTemplate can also be a good choice. But I still prefer option B for its simplicity and ease of use.
upvoted 0 times
...
Twana
6 months ago
But what about option D with AWS Secrets Manager? That also seems like a secure option for rotating database credentials.
upvoted 0 times
...
Alpha
7 months ago
I agree. Using AWS Systems Manager Parameter Store with automatic rotation will ensure the credentials are encrypted at rest and regularly rotated.
upvoted 0 times
...
Matthew
7 months ago
I think option B is the most secure solution for setting up secure database credentials.
upvoted 0 times
...
Luis
8 months ago
Alright, then it's settled. Option D it is! *high fives* Now, who's up for a game of AWS trivia after the exam?
upvoted 0 times
...
Tambra
8 months ago
Agreed, Silva. Secrets Manager with the Lambda rotation template sounds like the most secure and convenient solution. We should go with that.
upvoted 0 times
Daryl
8 months ago
D) Create an AWS Lambda function by using the SecretsManagerRotationTemplate template in the AWS Secrets Manager console. Create secrets for the database credentials in Secrets Manager Set up secrets rotation on a schedule.
upvoted 0 times
...
Shonda
8 months ago
B) Create parameters for the database credentials in AWS Systems Manager Parameter Store Set the Type parameter to Secure Sting. Set up automatic rotation on the parameters.
upvoted 0 times
...
...
Silva
8 months ago
Haha, you read my mind, Alex. I'll bring the AWS-themed snacks!
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77