Examice

Exam SAA-C03 All QuestionsBrowse all questions from this exam

Question 13

A company performs monthly maintenance on its AWS infrastructure. During these maintenance activities, the company needs to rotate the credentials for its Amazon RDS for MySQL databases across multiple AWS Regions.

Which solution will meet these requirements with the LEAST operational overhead?

Store the credentials as secrets in AWS Secrets Manager. Use multi-Region secret replication for the required Regions. Configure Secrets Manager to rotate the secrets on a schedule.

Store the credentials as secrets in AWS Systems Manager by creating a secure string parameter. Use multi-Region secret replication for the required Regions. Configure Systems Manager to rotate the secrets on a schedule.

Store the credentials in an Amazon S3 bucket that has server-side encryption (SSE) enabled. Use Amazon EventBridge (Amazon CloudWatch Events) to invoke an AWS Lambda function to rotate the credentials.

Encrypt the credentials as secrets by using AWS Key Management Service (AWS KMS) multi-Region customer managed keys. Store the secrets in an Amazon DynamoDB global table. Use an AWS Lambda function to retrieve the secrets from DynamoDB. Use the RDS API to rotate the secrets.

Correct Answer: A

To meet the requirement of rotating credentials for Amazon RDS for MySQL databases across multiple AWS Regions with the least operational overhead, storing the credentials as secrets in AWS Secrets Manager and using multi-Region secret replication is the most efficient solution. AWS Secrets Manager provides integrated support for automated secret rotation on a schedule, secure storage, and multi-Region replication. This minimizes manual intervention and simplifies the management of secrets across multiple regions.

Discussion

rein_chauOption: A

A is correct. https://aws.amazon.com/blogs/security/how-to-replicate-secrets-aws-secrets-manager-multiple-regions/

PhucVuuOption: A

Keywords: - rotate the credentials for its Amazon RDS for MySQL databases across multiple AWS Regions - LEAST operational overhead A: Correct - AWS Secrets Manager supports - Encrypt credential for RDS, DocumentDb, Redshift, other DBs and key/value secret. - multi-region replication. - Remote base on schedule B: Incorrect - Secure string parameter only apply for Parameter Store. All the data in AWS Secrets Manager is encrypted C: Incorrect - don't mention about replicate S3 across region. D: Incorrect - So many steps compare to answer A =))

cookieMrOption: A

Option A: Storing the credentials as secrets in AWS Secrets Manager provides a dedicated service for secure and centralized management of secrets. By using multi-Region secret replication, the company ensures that the secrets are available in the required Regions for rotation. Secrets Manager also provides built-in functionality to rotate secrets automatically on a defined schedule, reducing operational overhead. This automation simplifies the process of rotating credentials for the Amazon RDS for MySQL databases during monthly maintenance activities.

Musti35Option: A

https://aws.amazon.com/blogs/security/how-to-replicate-secrets-aws-secrets-manager-multiple-regions/ With Secrets Manager, you can store, retrieve, manage, and rotate your secrets, including database credentials, API keys, and other secrets. When you create a secret using Secrets Manager, it’s created and managed in a Region of your choosing. Although scoping secrets to a Region is a security best practice, there are scenarios such as disaster recovery and cross-Regional redundancy that require replication of secrets across Regions. Secrets Manager now makes it possible for you to easily replicate your secrets to one or more Regions to support these scenarios.

BlueVolcano1Option: A

It's A, as Secrets Manager does support replicating secrets into multiple AWS Regions: https://docs.aws.amazon.com/secretsmanager/latest/userguide/create-manage-multi-region-secrets.html

Ruffyit

https://aws.amazon.com/blogs/security/how-to-replicate-secrets-aws-secrets-manager-multiple-regions/ A is answer

Abdel42Option: A

it's A, here the question specify that we want the LEAST overhead

MichaelCarrasco

https://aws.amazon.com/blogs/security/how-to-replicate-secrets-aws-secrets-manager-multiple-regions/

creamymangosauceOption: A

A - Secrets Manager automates the rotation of secrets for RDS without own implementation required, the options require effort to implement the secret rotation logic

ics_911Option: A

A is correct.

A_jaaOption: A

Answer-A

gldiazcardenasOption: A

Clearly A is the correct one.

MakaylaLearns

So this is what I thought https://youtube.com/shorts/6YSBv95V2cs?feature=share What is a secure string parameter? https://youtube.com/shorts/-6wJOqZ93co?feature=share

TariqKipkemeiOption: A

'The company needs to rotate the credentials for its Amazon RDS for MySQL databases across multiple AWS Regions' = AWS Secrets Manager

miki111

Option A MET THE REQUIREMENT

BmarodiOption: A

A is correct answer.

linux_adminOption: A

A. Store the credentials as secrets in AWS Secrets Manager. Use multi-Region secret replication for the required Regions. Configure Secrets Manager to rotate the secrets on a schedule. This solution is the best option for meeting the requirements with the least operational overhead. AWS Secrets Manager is designed specifically for managing and rotating secrets like database credentials. Using multi-Region secret replication, you can easily replicate the secrets across the required AWS Regions. Additionally, Secrets Manager allows you to configure automatic secret rotation on a schedule, further reducing the operational overhead.

cheese929Option: A

A is correct.