SCS-C03 · Question #4
SCS-C03 Question #4: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C03 to reveal the answer and full explanation for question #4. The question stem and answer options stay visible for context.
Question
A company has a VPC that has no internet access and has the private DNS hostnames option enabled. An Amazon Aurora database is running inside the VPC. A security engineer wants to use AWS Secrets Manager to automatically rotate the credentials for the Aurora database. The security engineer configures the Secrets Manager default AWS Lambda rotation function to run inside the same VPC that the Aurora database uses. However, the security engineer determines that the password cannot be rotated properly because the Lambda function cannot communicate with the Secrets Manager endpoint. What is the MOST secure way that the security engineer can give the Lambda function the ability to communicate with the Secrets Manager endpoint?
Options
- AAdd a NAT gateway to the VPC to allow access to the Secrets Manager endpoint.
- BAdd a gateway VPC endpoint to the VPC to allow access to the Secrets Manager endpoint.
- CAdd an interface VPC endpoint to the VPC to allow access to the Secrets Manager endpoint.
- DAdd an internet gateway for the VPC to allow access to the Secrets Manager endpoint.
Unlock SCS-C03 to see the answer
You've previewed enough free SCS-C03 questions. Unlock SCS-C03 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.