Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon DVA-C02 Exam - Topic 2 Question 57 Discussion

Actual exam question for Amazon's DVA-C02 exam
Question #: 57
Topic #: 2
[All DVA-C02 Questions]

A healthcare company is developing a multi-tier web application to manage patient records that are in an Amazon Aurora PostgreSQL database cluster. The company stores the application code in a Git repository and deploys the code to Amazon EC2 instances.

The application must comply with security policies and follow the principle of least privilege. The company must securely manage database credentials and API keys within the application code. The company must have the ability to rotate encryption keys on demand.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: A

Requirement Summary:

Multi-tier app on EC2 + Aurora PostgreSQL

Must comply with least privilege and security policies

Need to manage credentials and API keys securely

Must support key rotation on demand

Evaluate Options:

A . Secrets Manager + AWS managed KMS keys

Best practice for secure secret storage

Supports auto rotation

Uses AWS SDK to fetch at runtime (secure, avoids hardcoding)

AWS managed keys are rotated automatically and easier to manage

B . Secrets Manager + customer managed keys

Also valid, but adds complexity

Since the question asks for LEAST development effort, AWS-managed keys are preferred

C . Store secrets in code

Violates all security best practices

D . Use SSM Parameter Store + AWS managed keys

Possible, but Secrets Manager is preferred when rotation is needed

Parameter Store does not natively rotate secrets

Secrets Manager: https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html

Automatic key rotation: https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html

Best practices for secret management: https://docs.aws.amazon.com/secretsmanager/latest/userguide/best-practices.html


by Shenika at Nov 02, 2025, 07:26 PM

Limited Time Offer

25%

Off

Get Premium DVA-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Audry
2 months ago
Option D sounds good too. Parameter Store is reliable for secrets.
upvoted 0 times
...
Kirk
2 months ago
Option C is risky. Hardcoding credentials is a bad practice.
upvoted 0 times
...
Freeman
2 months ago
I prefer option B. Customer managed keys give more control.
upvoted 0 times
...
Cassi
2 months ago
I think option A is the best. Secrets Manager is secure.
upvoted 0 times
...
Bernardo
2 months ago
A and D both look good, but A has that automatic key rotation!
upvoted 0 times
...
Arlene
3 months ago
Surprised that D is even an option, feels less secure.
upvoted 0 times
...
Deonna
3 months ago
I think B is better for more control over KMS keys.
upvoted 0 times
...
Albert
3 months ago
Secrets Manager is the way to go. Rotating keys automatically is a game-changer.
upvoted 0 times
...
Izetta
3 months ago
Option D looks good, but using AWS managed keys is not as flexible as customer-managed keys.
upvoted 0 times
...
Jesusita
3 months ago
Haha, Option C? Storing credentials in the code? That's a big no-no!
upvoted 0 times
...
Merilyn
4 months ago
I vaguely remember that AWS Systems Manager Parameter Store can also be used for storing secrets, but I'm not clear on how it compares to Secrets Manager in terms of security features.
upvoted 0 times
...
Brigette
4 months ago
I feel like option C is definitely not the right choice since storing credentials in application code goes against best practices, but I can't recall why exactly.
upvoted 0 times
...
Andra
4 months ago
Option A seems solid, using Secrets Manager is a good move.
upvoted 0 times
...
Erick
4 months ago
I agree, Option B is the way to go. Separating credentials by environment is a security risk.
upvoted 0 times
...
Fletcher
4 months ago
I think option A sounds familiar because it mentions using the AWS SDK to retrieve secrets, which we practiced in a similar question about securing API keys.
upvoted 0 times
...
Lemuel
5 months ago
Option B seems like the most secure solution. Rotating encryption keys is a must-have.
upvoted 0 times
...
Glen
5 months ago
Storing creds in code? That's a big no-no! (C is risky)
upvoted 0 times
...
Jacklyn
5 months ago
I remember we discussed the importance of using AWS Secrets Manager for managing sensitive information, but I'm not sure if we covered the differences between managed and customer managed KMS keys.
upvoted 0 times
...
Evangelina
5 months ago
The principle of least privilege is key here. I like how options A and B use the AWS SDK to retrieve secrets securely.
upvoted 0 times
...
Eileen
5 months ago
I'm a bit confused about the difference between managed and customer-managed keys. I'll need to research that more before deciding.
upvoted 0 times
...
Simona
6 months ago
Automatic key rotation is a must-have for compliance. I think option A or B would be the best approach here.
upvoted 0 times
...
Craig
6 months ago
Hmm, storing credentials in the code doesn't seem very secure. I'm leaning towards one of the AWS services like Secrets Manager or Parameter Store.
upvoted 0 times
...
Jutta
6 months ago
This looks like a tricky security question. I'll need to carefully consider the requirements and the options presented.
upvoted 0 times
Terrilyn
15 days ago
I agree with Nadine. A covers all the security bases well.
upvoted 0 times
...
Kristel
20 days ago
D is interesting, but I prefer using Secrets Manager for better security.
upvoted 0 times
...
Telma
25 days ago
C seems risky. Storing credentials in code is a bad practice.
upvoted 0 times
...
Mila
1 month ago
I’m leaning towards B. Customer managed keys give more control.
upvoted 0 times
...
Nadine
1 month ago
This is definitely a tricky one. I think A is the safest choice.
upvoted 0 times
...
...

Save Cancel