Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SOA-C03 Exam - Topic 5 Question 11 Discussion

A SysOps administrator needs to implement a solution that protects credentials for an Amazon RDS for MySQL DB instance. The solution must rotate the credentials automatically one time every week.Which combination of steps will meet these requirements? (Select TWO.)
B) Add the credentials to AWS Secrets Manager. and D) Create an AWS Lambda function to rotate the credentials.
A) Configure an RDS proxy to store the credentials.
C) Add the credentials to AWS Systems Manager Parameter Store.
E) Create an AWS Systems Manager Automation runbook to rotate the credentials.

Amazon SOA-C03 Exam - Topic 5 Question 11 Discussion

Actual exam question for Amazon's SOA-C03 exam
Question #: 11
Topic #: 5
[All SOA-C03 Questions]

A SysOps administrator needs to implement a solution that protects credentials for an Amazon RDS for MySQL DB instance. The solution must rotate the credentials automatically one time every week.

Which combination of steps will meet these requirements? (Select TWO.)

Show Suggested Answer Hide Answer
Suggested Answer: B, D

Comprehensive and Detailed Explanation From Exact Extract of AWS CloudOps Documents:

The correct answers are B and D. AWS CloudOps documentation clearly states that AWS Secrets Manager is the recommended service for storing and managing database credentials securely. Secrets Manager integrates natively with Amazon RDS and supports automatic, scheduled secret rotation.

To rotate credentials weekly, Secrets Manager requires a Lambda rotation function. AWS provides managed rotation templates for Amazon RDS for MySQL that update the database password and the stored secret atomically. This combination ensures credentials are protected, rotated automatically, and audited with minimal operational effort.

Option A is incorrect because RDS Proxy does not store or rotate credentials; it only retrieves them from Secrets Manager. Option C is incorrect because Systems Manager Parameter Store does not support native automatic rotation. Option E is incorrect because Automation runbooks are not the recommended mechanism for secrets rotation and add unnecessary complexity.

AWS CloudOps best practices strongly recommend Secrets Manager with Lambda-based rotation for database credential protection and compliance.


AWS Secrets Manager User Guide -- Automatic Rotation

Amazon RDS User Guide -- Credential Management

AWS SysOps Administrator Study Guide -- Secrets and Key Management

by Gilma at Mar 31, 2026, 01:05 PM

Limited Time Offer

25%

Off

Get Premium SOA-C03 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Roxanne
26 days ago
I think A is also a good choice, but not necessary.
upvoted 0 times
...
Eliseo
1 month ago
B and D are the best options for this!
upvoted 0 times
...
Angelyn
2 months ago
I’m leaning towards Secrets Manager and Lambda, but I’m not entirely confident about the best combination for this specific scenario.
upvoted 0 times
...
Selma
2 months ago
I feel like Parameter Store could work too, but I don't recall if it has built-in rotation features like Secrets Manager does.
upvoted 0 times
...
Toshia
2 months ago
I remember practicing a similar question where we had to automate credential rotation. I think Lambda functions are often used for that purpose.
upvoted 0 times
...
Mammie
2 months ago
I think using AWS Secrets Manager is definitely a good choice for storing credentials, but I'm not sure if we need to use RDS proxy as well.
upvoted 0 times
...

Save Cancel