DVA-C02 · Question #316
DVA-C02 Question #316: Real Exam Question with Answer & Explanation
The correct answer is D: Configure automatic rotation with the alternating users rotation strategy.. Option D is correct because automatic rotation is the proper AWS Secrets Manager feature for scheduling Lambda-based credential rotation on RDS, and the alternating users strategy maintains two database users (cloned from the original), rotating between them so one valid set of c
Question
A company runs a serverless application on AWS. The application includes an AWS Lambda function. The Lambda function processes data and stores the data in an Amazon RDS for PostgreSQL database. A developer created a user credentials in the database for the application. The developer needs to use AWS Secrets Manager to manage the user credentials. The password must to be rotated on a regular basis. The solution needs to ensure that there is high availability and no downtime for the application during secret rotation. What should the developer do to meet these requirements?
Options
- AConfigure managed rotation with the single user rotation strategy.
- BConfigure managed rotation with the alternating users rotation strategy.
- CConfigure automatic rotation with the single user rotation strategy.
- DConfigure automatic rotation with the alternating users rotation strategy.
Explanation
Option D is correct because automatic rotation is the proper AWS Secrets Manager feature for scheduling Lambda-based credential rotation on RDS, and the alternating users strategy maintains two database users (cloned from the original), rotating between them so one valid set of credentials is always active - eliminating any downtime window during rotation.
Why the distractors fail:
- A & B ("managed rotation") use incorrect terminology - "managed rotation" refers to AWS-native service-owned rotation (not applicable here); Secrets Manager with Lambda uses automatic rotation.
- C (automatic rotation + single user) uses the right mechanism but the wrong strategy - single user rotation briefly invalidates the current password before the new one propagates, creating a potential downtime gap.
- B gets the no-downtime strategy right (alternating users) but pairs it with the wrong rotation type (managed), making it incorrect.
Memory tip: Think "Alternating = Always Available" - the alternating users strategy ensures a second user is always ready, so rotation never leaves the application without valid credentials.
Topics
Community Discussion
No community discussion yet for this question.