An application needs to connect to an Amazon RDS database. The database credentials must be encrypted, stored securely, and automatically rotated every 30 days. Which TWO actions should the solutions architect take? (Select TWO.)

Answer options:

Store the credentials in AWS Systems Manager Parameter Store.

Store the credentials in AWS Secrets Manager.

Configure a Lambda function to handle the rotation logic.

Use AWS KMS to automatically rotate the database password.

Store the credentials in an encrypted Amazon S3 bucket.

How to approach this question

Identify the service that supports automatic credential rotation and the compute service it uses to perform the rotation.

Full Answer

AWS Secrets Manager enables you to replace hardcoded credentials with an API call. It natively supports automatic rotation of credentials for RDS databases using AWS Lambda functions.

Common mistakes

Choosing Parameter Store, which can store secrets but cannot automatically rotate them.

Question 07 All questions Question 09

Practice the full AWS SAA-C03 Practice Exam 5

65 questions · hints · full answers · grading

More questions from this exam

Q01A company needs to grant an external auditor read-only access to specific AWS resources. The audi...Easy Q02An application running on EC2 instances needs to access objects in an S3 bucket. The security tea...Medium Q03A company is designing a VPC for a multi-tier web application. They need to block specific malici...Medium Q04A large enterprise uses AWS Organizations to manage multiple accounts. The security team wants to...Hard Q05A company hosts a web application on an Application Load Balancer (ALB). They are experiencing SQ...Medium

View all 65 questions →