SOA-C02 · Question #681
SOA-C02 Question #681: Real Exam Question with Answer & Explanation
The correct answer is D: Review AWS Lambda function logs in Amazon CloudWatch. Search for errors from the rotation. AWS Secrets Manager’s automatic rotation relies on the rotation Lambda function succeeding. If rotations aren’t occurring, inspecting the function’s CloudWatch logs will reveal invocation errors, timeouts, or permission issues preventing the rotation. This directly targets the ro
Question
A SysOps administrator has used AWS Secrets Manager to set up automatic password rotation for a company's Amazon RDS databases. A web application uses the password to connect to the databases. The SysOps administrator has configured the password rotation to happen every 30 days. However, the passwords are not being rotated. What should the SysOps administrator do to troubleshoot this issue?
Options
- AReview RDS database logs from the time that the passwords were expected to be rotated.
- BReview application logs from the RDS databases. Search for errors from the time that the
- CReview AWS CloudTrail logs. Filter events by finding all events that have an event source of
- DReview AWS Lambda function logs in Amazon CloudWatch. Search for errors from the rotation
Explanation
AWS Secrets Manager’s automatic rotation relies on the rotation Lambda function succeeding. If rotations aren’t occurring, inspecting the function’s CloudWatch logs will reveal invocation errors, timeouts, or permission issues preventing the rotation. This directly targets the rotation workflow, without wading through unrelated logs.
Community Discussion
No community discussion yet for this question.