Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SAA-C03 Exam - Topic 1 Question 70 Discussion

A company has a web application that uses several web servers that run on Amazon EC2 instances. The instances use a shared Amazon RDS for MySQL database.The company requires a secure method to store database credentials. The credentials must be automatically rotated every 30 days without affecting application availability.Which solution will meet these requirements?
A) Store database credentials in AWS Secrets Manager. Create an AWS Lambda function to automatically rotate the credentials. Use Amazon EventBridge to run the Lambda function on a schedule. Grant the necessary IAM permissions to allow the web servers to access Secrets Manager.
B) Store database credentials in AWS Systems Manager OpsCenter. Grant the necessary IAM permissions to allow the web servers to access OpsCenter.
C) Store database credentials in an Amazon S3 bucket. Create an AWS Lambda function to automatically rotate the credentials. Use Amazon EventBridge to run the Lambda function on a schedule. Grant the necessary IAM permissions to allow the web servers to retrieve credentials from the S3 bucket.
D) Store the credentials in a local file on each of the web servers. Use an AWS KMS key to encrypt the credentials. Create a cron job on each server to rotate the credentials every 30 days.

Amazon SAA-C03 Exam - Topic 1 Question 70 Discussion

Actual exam question for Amazon's SAA-C03 exam
Question #: 70
Topic #: 1
[All SAA-C03 Questions]

A company has a web application that uses several web servers that run on Amazon EC2 instances. The instances use a shared Amazon RDS for MySQL database.

The company requires a secure method to store database credentials. The credentials must be automatically rotated every 30 days without affecting application availability.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: A

AWS Secrets Manager is a fully managed service specifically designed to securely store and automatically rotate database credentials, API keys, and other secrets. Secrets Manager provides built-in integration with Amazon RDS for automatic credential rotation on a configurable schedule without requiring downtime. It also manages the secure distribution of the credentials to authorized services, such as your web servers, using IAM policies. Manual solutions (S3, files, cron jobs) do not provide the same level of automation, audit, or security.

Reference Extract from AWS Documentation / Study Guide:

'AWS Secrets Manager enables you to rotate, manage, and retrieve database credentials securely. It supports automatic rotation of secrets for supported AWS databases without requiring application downtime.'

Source: AWS Certified Solutions Architect -- Official Study Guide, Security and Secrets Management section.


by Gwen at Mar 02, 2026, 01:55 PM

Limited Time Offer

25%

Off

Get Premium SAA-C03 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Aleshia
24 days ago
B) seems less secure, why use OpsCenter for this?
upvoted 0 times
...
Jose
29 days ago
I agree, Secrets Manager is the way to go!
upvoted 0 times
...
Crista
1 month ago
A) is definitely the best choice for security and automation.
upvoted 0 times
...
Mila
1 month ago
D) is a no-go, local files are just asking for trouble.
upvoted 0 times
...
Mabel
1 month ago
Wait, can you really use S3 for this? Seems risky to me.
upvoted 0 times
...
Beckie
2 months ago
B) seems less secure, OpsCenter isn't meant for storing secrets.
upvoted 0 times
...
Loreta
2 months ago
I agree, Secrets Manager is designed for this!
upvoted 0 times
...
Dahlia
2 months ago
A) is definitely the best choice for security and automation.
upvoted 0 times
...
Bernardo
2 months ago
I vaguely recall that using local files for sensitive data isn't recommended, so option D seems risky to me.
upvoted 0 times
...
Gilma
2 months ago
I feel like we practiced a similar question where using Lambda for rotation was emphasized. That makes me lean towards option A.
upvoted 0 times
...
Stefania
3 months ago
I'm not entirely sure, but I think storing credentials in an S3 bucket could lead to security issues.
upvoted 0 times
...
Barbra
3 months ago
I remember we discussed AWS Secrets Manager in class, and it seems like the best option for securely storing and rotating credentials.
upvoted 0 times
...

Save Cancel