SAP-C02 · Question #400
SAP-C02 Question #400: Real Exam Question with Answer & Explanation
The correct answer is A: Enable IAM database authentication on the Aurora DB cluster. Change the IAM role for the. https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.
Question
A solutions architect is auditing the security setup of an AWS Lambda function for a company. The Lambda function retrieves the latest changes from an Amazon Aurora database. The Lambda function and the database run in the same VPC. Lambda environment variables are providing the database credentials to the Lambda function. The Lambda function aggregates data and makes the data available in an Amazon S3 bucket that is configured for server-side encryption with AWS KMS managed encryption keys (SSE-KMS). The data must not travel across the internet. If any database credentials become compromised, the company needs a solution that minimizes the impact of the compromise. What should the solutions architect recommend to meet these requirements?
Options
- AEnable IAM database authentication on the Aurora DB cluster. Change the IAM role for the
- BEnable IAM database authentication on the Aurora DB cluster. Change the IAM role for the
- CSave the database credentials in AWS Systems Manager Parameter Store. Set up password
- DSave the database credentials in AWS Secrets Manager. Set up password rotation on the
Explanation
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.
Community Discussion
No community discussion yet for this question.