nerdexam
Amazon

DVA-C02 · Question #151

A developer is setting up a deployment pipeline. The pipeline includes an AWS CodeBuild build stage that requires access to a database to run integration tests. The developer is using a buildspec.yml

The correct answer is C. Retrieve the credentials from an environment variable that is linked to an AWS Secrets Manager. "requires automatic rotation of all database credentials" => "Secrets Manager for automatic With the Systems Manager Parameter Store, you have to do that manually.

Submitted by renata2k· Mar 5, 2026Security

Question

A developer is setting up a deployment pipeline. The pipeline includes an AWS CodeBuild build stage that requires access to a database to run integration tests. The developer is using a buildspec.yml file to configure the database connection. Company policy requires automatic rotation of all database credentials. Which solution will handle the database credentials MOST securely?

Options

  • ARetrieve the credentials from variables that are hardcoded in the buildspec.yml file. Configure an
  • BRetrieve the credentials from an environment variable that is linked to a SecureString parameter
  • CRetrieve the credentials from an environment variable that is linked to an AWS Secrets Manager
  • DRetrieve the credentials from an environment variable that contains the connection string in

How the community answered

(26 responses)
  • A
    4% (1)
  • B
    4% (1)
  • C
    81% (21)
  • D
    12% (3)

Explanation

"requires automatic rotation of all database credentials" => "Secrets Manager for automatic With the Systems Manager Parameter Store, you have to do that manually.

Community Discussion

No community discussion yet for this question.

Full DVA-C02 Practice