Amazon Exam SCS-C01 Topic 2 Question 55 Discussion

Actual exam question for Amazon's SCS-C01 exam

Question #: 55
Topic #: 2

A company has a relational database workload that runs on Amazon Aurora MySQL. According to new compliance standards the company must rotate all database credentials every 30 days. The company needs a solution that maximizes security and minimizes development effort.

Which solution will meet these requirements?

AStore the database credentials in AWS Secrets Manager. Configure automatic credential rotation tor every 30 days.

BStore the database credentials in AWS Systems Manager Parameter Store. Create an AWS Lambda function to rotate the credentials every 30 days.

CStore the database credentials in an environment file or in a configuration file. Modify the credentials every 30 days.

DStore the database credentials in an environment file or in a configuration file. Create an AWS Lambda function to rotate the credentials every 30 days.

Show Suggested Answer

Suggested Answer: A

To rotate database credentials every 30 days, the most secure and efficient solution is to store the database credentials in AWS Secrets Manager and configure automatic credential rotation for every 30 days. Secrets Manager can handle the rotation of the credentials in both the secret and the database, and it can use AWS KMS to encrypt the credentials. Option B is incorrect because it requires creating a custom Lambda function to rotate the credentials, which is more effort than using Secrets Manager. Option C is incorrect because it stores the database credentials in an environment file or a configuration file, which is less secure than using Secrets Manager. Option D is incorrect because it combines the drawbacks of option B and option C. Verified Reference:

https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html

https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_turn-on-for-other.html

by Georgene at Mar 05, 2024, 12:12 AM

Limited Time Offer

25%

Off

Get Premium SCS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Mabel

7 days ago

Yeah, that's what I was thinking too. Secrets Manager is built for this kind of thing, so it's probably the lowest-effort solution. Plus, it has the advantage of being super secure.

upvoted 0 times

...

Glory

8 days ago

Agreed. I'm leaning towards option A - storing the credentials in Secrets Manager and letting it handle the rotation automatically. That seems like the most hands-off approach.

upvoted 0 times

...

Marvel

9 days ago

I hear you, Kirk. But this is a pretty standard requirement these days. We've got to take security seriously, even if it's a hassle. I think the key is finding the solution that's both secure and easy to implement.

upvoted 0 times

...

Kirk

10 days ago

Ugh, this question about rotating database credentials is a real pain. I hate having to deal with compliance and security requirements like this. Why can't they just let us use the same credentials forever?

upvoted 0 times

...