Amazon DVA-C02 Exam - Topic 2 Question 20 Discussion

Actual exam question for Amazon's DVA-C02 exam

Question #: 20
Topic #: 2

A company needs to set up secure database credentials for all its AWS Cloud resources. The company's resources include Amazon RDS DB instances Amazon DocumentDB clusters and Amazon Aurora DB instances. The company's security policy mandates that database credentials be encrypted at rest and rotated at a regular interval.

Which solution will meet these requirements MOST securely?

ASet up IAM database authentication for token-based access. Generate user tokens to provide centralized access to RDS DB instances. Amazon DocumentDB clusters and Aurora DB instances.

BCreate parameters for the database credentials in AWS Systems Manager Parameter Store Set the Type parameter to Secure Sting. Set up automatic rotation on the parameters.

CStore the database access credentials as an encrypted Amazon S3 object in an S3 bucket Block all public access on the S3 bucket. Use S3 server-side encryption to set up automatic rotation on the encryption key.

DCreate an AWS Lambda function by using the SecretsManagerRotationTemplate template in the AWS Secrets Manager console. Create secrets for the database credentials in Secrets Manager Set up secrets rotation on a schedule.

Show Suggested Answer

Suggested Answer: D

This solution will meet the requirements by using AWS Secrets Manager, which is a service that helps protect secrets such as database credentials by encrypting them with AWS Key Management Service (AWS KMS) and enabling automatic rotation of secrets. The developer can create an AWS Lambda function by using the SecretsManagerRotationTemplate template in the AWS Secrets Manager console, which provides a sample code for rotating secrets for RDS DB instances, Amazon DocumentDB clusters, and Amazon Aurora DB instances. The developer can also create secrets for the database credentials in Secrets Manager, which encrypts them at rest and provides secure access to them. The developer can set up secrets rotation on a schedule, which changes the database credentials periodically according to a specified interval or event. Option A is not optimal because it will set up IAM database authentication for token-based access, which may not be compatible with all database engines and may require additional configuration and management of IAM roles or users. Option B is not optimal because it will create parameters for the database credentials in AWS Systems Manager Parameter Store, which does not support automatic rotation of secrets. Option C is not optimal because it will store the database access credentials as an encrypted Amazon S3 object in an S3 bucket, which may introduce additional costs and complexity for accessing and securing the data.

by Brett at Feb 13, 2024, 09:12 PM

Limited Time Offer

25%

Off

Get Premium DVA-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Karina

3 months ago

Wait, can S3 really handle automatic rotation like that?

upvoted 0 times

...

Audria

3 months ago

I agree with D, Secrets Manager is super reliable!

upvoted 0 times

...

Aleta

4 months ago

Not sure about A, isn't IAM auth a bit complex for this?

upvoted 0 times

...

Nenita

4 months ago

I think D is the best choice for automated rotation!

upvoted 0 times

...

Lino

4 months ago

Option B sounds solid for secure credential management.

upvoted 0 times

...

Joana

4 months ago

I’m leaning towards option B with Systems Manager, but I wonder if it really meets the encryption at rest requirement as well as Secrets Manager does.

upvoted 0 times

...

Haydee

4 months ago

I feel like storing credentials in S3 could work, but it doesn't seem as secure as using Secrets Manager or Parameter Store for automatic rotation.

upvoted 0 times

...

Myrtie

4 months ago

I think using AWS Secrets Manager for credential rotation was a practice question we had. It seems like a secure choice, but I can't recall all the details.

upvoted 0 times

...

Linwood

5 months ago

I remember studying IAM database authentication, but I'm not sure if it's the best option for rotating credentials regularly.

upvoted 0 times

...

Scarlet

5 months ago

I feel pretty confident about this one. Option D using AWS Secrets Manager seems like the most comprehensive solution that ticks all the boxes. The rotation template makes it easy to set up.

upvoted 0 times

...

Ruby

5 months ago

Okay, I've got a strategy here. I'm going to focus on the security requirements first, then see which solution best meets those needs. Automatic rotation and encryption are critical.

upvoted 0 times

...

Glory

5 months ago

Hmm, I'm a bit unsure about this one. There are a few options, but I'm not sure which one is the most secure. I'll need to think it through carefully.

upvoted 0 times

...

Leatha

5 months ago

This looks like a tricky one, but I think I can break it down. The key is finding the most secure solution that meets all the requirements - encrypted at rest, regular rotation, and centralized access.

upvoted 0 times

...

Nickolas

5 months ago

Hmm, I'm a bit unsure about this one. The options all seem plausible, but I'm not sure which one is the biggest risk. I'll need to think it through carefully.

upvoted 0 times

...

Miss

5 months ago

I've dealt with setting up HTTPS proxies before, and I'm pretty confident the answer is B. A trusted third-party certificate is definitely required.

upvoted 0 times

...

Miles

5 months ago

I think we did a practice question on competitive priorities where "supply chain response time" was considered important... but not sure it's the top choice here.

upvoted 0 times

...

Anthony

5 months ago

Hmm, this one's a bit tricky. I'll need to think carefully about the troubleshooting tools that could help determine bandwidth restrictions.

upvoted 0 times

...

Matthew

2 years ago

That's true. SecretsManagerRotationTemplate can also be a good choice. But I still prefer option B for its simplicity and ease of use.

upvoted 0 times

...

Twana

2 years ago

But what about option D with AWS Secrets Manager? That also seems like a secure option for rotating database credentials.

upvoted 0 times

...

Alpha

2 years ago

I agree. Using AWS Systems Manager Parameter Store with automatic rotation will ensure the credentials are encrypted at rest and regularly rotated.

upvoted 0 times

...

Matthew

2 years ago

I think option B is the most secure solution for setting up secure database credentials.

upvoted 0 times

...

Luis

2 years ago

Alright, then it's settled. Option D it is! *high fives* Now, who's up for a game of AWS trivia after the exam?

upvoted 0 times

...

Tambra

2 years ago

Agreed, Silva. Secrets Manager with the Lambda rotation template sounds like the most secure and convenient solution. We should go with that.

upvoted 0 times

Daryl

2 years ago

D) Create an AWS Lambda function by using the SecretsManagerRotationTemplate template in the AWS Secrets Manager console. Create secrets for the database credentials in Secrets Manager Set up secrets rotation on a schedule.

upvoted 0 times

...

Shonda

2 years ago

B) Create parameters for the database credentials in AWS Systems Manager Parameter Store Set the Type parameter to Secure Sting. Set up automatic rotation on the parameters.

upvoted 0 times

...

Silva

2 years ago

Haha, you read my mind, Alex. I'll bring the AWS-themed snacks!

upvoted 0 times

...