Examice

Exam SAA-C03 All QuestionsBrowse all questions from this exam

Question 11

A company has an application that runs on Amazon EC2 instances and uses an Amazon Aurora database. The EC2 instances connect to the database by using user names and passwords that are stored locally in a file. The company wants to minimize the operational overhead of credential management.

What should a solutions architect do to accomplish this goal?

Use AWS Secrets Manager. Turn on automatic rotation.

Use AWS Systems Manager Parameter Store. Turn on automatic rotation.

Create an Amazon S3 bucket to store objects that are encrypted with an AWS Key Management Service (AWS KMS) encryption key. Migrate the credential file to the S3 bucket. Point the application to the S3 bucket.

Create an encrypted Amazon Elastic Block Store (Amazon EBS) volume for each EC2 instance. Attach the new EBS volume to each EC2 instance. Migrate the credential file to the new EBS volume. Point the application to the new EBS volume.

Correct Answer: A

To minimize the operational overhead of credential management for an application using Amazon EC2 instances and an Amazon Aurora database, the most suitable option is to use AWS Secrets Manager with automatic rotation. AWS Secrets Manager allows for the secure storage, management, and automated rotation of database credentials, API keys, and other secrets, reducing the need for manual credential updates and improving security compliance. By turning on automatic rotation, the company ensures that credentials are regularly updated without human intervention, minimizing operational overhead effectively.

Discussion

SinaneosOption: A

B is wrong because parameter store does not support auto rotation, unless the customer writes it themselves, A is the answer.

iCcma

ty bro, I was confused about that and you just mentioned the "key" phrase, B doesn't support autorotation

17Master

READ!!! AWS Secrets Manager is a secrets management service that helps you protect access to your applications, services, and IT resources. This service enables you to rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. https://aws.amazon.com/cn/blogs/security/how-to-connect-to-aws-secrets-manager-service-within-a-virtual-private-cloud/ y https://aws.amazon.com/secrets-manager/?nc1=h_ls

HarishArul

Read this - https://docs.aws.amazon.com/secretsmanager/latest/userguide/integrating_parameterstore.html It says SSM Parameter store cant rotate automatically.

Leo1688

you are right

kewl

correct. see link https://tutorialsdojo.com/aws-secrets-manager-vs-systems-manager-parameter-store/ for differences between SSM Parameter Store and AWS Secrets Manager

mrbottomwood

That was a fantastic link. This part of their site "comparison of AWS services" is superb. Thanks.

hro

A - additionally, Aurora manages the settings for the secret and rotates the secret every seven days by default.

leeyoung

Admin is trying to fail everybody in the exam.

acuaws

RIGHT? I found a bunch of "correct" answers on here are not really correct, but they're not corrected? hhmmmmm

perception

He wants you to read discussion part as well for better understanding

NaaVeeN

If most Voted answers is done by us, then Who is marking the answers as Correct ?

ifabyOption: B

B becasue the user wants reduce costs and SSM Parameter Store layer Standard is free and the type SecureString uses KMS

Mandar15Option: A

Aurora automatically stores and manages database credentials in AWS Secrets Manager. Aurora rotates database credentials regularly, without requiring application changes. Secrets Manager secures database credentials from human access and plain text view. https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html

andyngkh86

I copy and paste the question & options to ChatGPT, and ChatGPT give the answer is A

Ruffyit

A: READ!!! AWS Secrets Manager is a secrets management service that helps you protect access to your applications, services, and IT resources. This service enables you to rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. https://aws.amazon.com/cn/blogs/security/how-to-connect-to-aws-secrets-manager-service-within-a-virtual-private-cloud/ y https://aws.amazon.com/secrets-manager/?nc1=h_ls Read this - https://docs.aws.amazon.com/secretsmanager/latest/userguide/integrating_parameterstore.html It says SSM Parameter store cant rotate automatically.

AbirAbu

It should be "A."

parth_g_mehtaOption: A

Parameter Store: Storing and managing a database connection string or API endpoint URL that doesn’t require frequent rotation. Secrets Manager: Storing and managing database credentials that need to be rotated regularly for security compliance.

JalimRabeiBR

Answer A is correct

OctavioBateraOption: A

Secrets Manager, as The Mandalorian would say "this is the way!"

TilTilOption: A

SSM has no automatic rotation.

Shalini10dec

The most suitable option for minimizing operational overhead of credential management in this scenario is: B. Use AWS Systems Manager Parameter Store. Turn on automatic rotation. AWS Systems Manager Parameter Store is a service that helps you manage configuration data, including sensitive information such as passwords and database strings, in a central, secure store. With automatic rotation enabled, the credentials can be automatically updated at scheduled intervals, reducing the manual effort required for credential management.

KanagarajdOption: A

Secret manager with auto rotation.

awsgeek75Option: A

BCD are extremely high operational overhead and not secure like A

A_jaaOption: A

A is correct

santbotOption: A

A - SECREATS MANAGER