SAA-C03 · Question #775
SAA-C03 Question #775: Real Exam Question with Answer & Explanation
The correct answer is B: Use AWS Secrets Manager to set up RDS password management. Use a combination of IAM. AWS Secrets Manager can automatically rotate RDS master user credentials and store unique credentials for each database. By combining IAM policies with Secrets Manager resource policies, access to each secret can be restricted to the relevant application and support team. This ap
Question
A company has workloads that run on AWS. Each workload has a separate Amazon RDS database. A security audit finds that the company does not meet a requirement to rotate the RDS master user credentials every 30 days. Each RDS DB instance must also have a different set of credentials that are accessible only by the relevant application layer and by the team that supports the workload. Which solution will meet these requirements with the LEAST operational overhead?
Options
- AUse AWS Secrets Manager to set up RDS password management. Use a combination of IAM
- BUse AWS Secrets Manager to set up RDS password management. Use a combination of IAM
- CCreate an Amazon Simple Notification Service (Amazon SNS) topic for each workload. Create a
- DCreate an Amazon S3 bucket that uses AWS Key Management Service (AWS KMS) for
Explanation
AWS Secrets Manager can automatically rotate RDS master user credentials and store unique credentials for each database. By combining IAM policies with Secrets Manager resource policies, access to each secret can be restricted to the relevant application and support team. This approach provides automated rotation and fine-grained access control with minimal operational overhead.
Community Discussion
No community discussion yet for this question.