DVA-C02 · Question #150
A company created four AWS Lambda functions that connect to a relational database server that runs on an Amazon RDS instance. A security team requires the company to automatically change the database
The correct answer is B. Store the database credentials in AWS Secrets Manager. Configure a 30-day rotation schedule. The most secure and automated way to handle database credential rotation is to use AWS Secrets Manager. Secrets Manager can automatically rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. You can configure Secrets Manager t
Question
A company created four AWS Lambda functions that connect to a relational database server that runs on an Amazon RDS instance. A security team requires the company to automatically change the database password every 30 days. Which solution will meet these requirements MOST securely?
Options
- AStore the database credentials in the environment variables of the Lambda function. Deploy the
- BStore the database credentials in AWS Secrets Manager. Configure a 30-day rotation schedule
- CStore the database credentials in AWS Systems Manager Parameter Store secure strings.
- DStore the database credentials in an Amazon S3 bucket that uses server-side encryption with
How the community answered
(26 responses)- A8% (2)
- B77% (20)
- C4% (1)
- D12% (3)
Explanation
The most secure and automated way to handle database credential rotation is to use AWS Secrets Manager. Secrets Manager can automatically rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. You can configure Secrets Manager to automatically rotate the secrets for you according to a schedule you specify, making it easier to adhere to best practices for security.
Community Discussion
No community discussion yet for this question.