ExpertMedium1 markMultiple Choice
AWS SAA-C03 · Question 05 · Domain 1.3: Data Security
A company needs to encrypt data at rest in Amazon RDS and manage database credentials securely. The solution must automatically rotate credentials every 30 days. Which TWO services should be used? (Select TWO.)
A company needs to encrypt data at rest in Amazon RDS and manage database credentials securely. The solution must automatically rotate credentials every 30 days. Which TWO services should be used? (Select TWO.)
Answer options:
A.
AWS Key Management Service (AWS KMS)
B.
AWS Systems Manager Parameter Store
C.
AWS Secrets Manager
D.
AWS Certificate Manager (ACM)
E.
AWS CloudHSM
How to approach this question
Identify the two requirements: encryption at rest (KMS) and automatic credential rotation (Secrets Manager).
Full Answer
AWS KMS for encryption and AWS Secrets Manager for credential rotation.
AWS KMS provides encryption at rest for RDS. AWS Secrets Manager is designed to securely store and automatically rotate database credentials.
Common mistakes
Choosing Parameter Store, which requires custom code for rotation.
Practice the full AWS SAA-C03 Practice Exam 3
65 questions · hints · full answers · grading
More questions from this exam
Q01A company stores sensitive documents in an Amazon S3 bucket. The security team requires that only...EasyQ02A large enterprise uses AWS Organizations to manage multiple accounts. The security team wants to...MediumQ03A company hosts a web application on Amazon EC2 instances behind an Application Load Balancer (AL...EasyQ04A company wants to continuously monitor its AWS accounts for malicious activity and unauthorized ...MediumQ06An application running on Amazon EC2 needs to access an Amazon DynamoDB table. What is the MOST s...Easy