ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 1.3: Data SecuritySecuritySecrets ManagerDatabase

AWS SAA-C03 · Question 08 · Domain 1.3: Data Security

A company is migrating a legacy application to AWS. The application hardcodes database credentials in its configuration files. The security team mandates that credentials must be encrypted at rest, rotated automatically every 30 days, and retrieved dynamically by the application at runtime. <br/><br/>Which AWS service should be used to meet these requirements?

Answer options:

A.

AWS Systems Manager Parameter Store

B.

AWS Key Management Service (AWS KMS)

C.

AWS Secrets Manager

D.

AWS Certificate Manager (ACM)

How to approach this question

Look for the keyword 'rotated automatically'. Secrets Manager has native rotation capabilities.

Full Answer

C.AWS Secrets Manager✓ Correct
AWS Secrets Manager
AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.

Common mistakes

Choosing Parameter Store. While Parameter Store is cheaper, Secrets Manager is required for native automatic rotation.
07All questions09

Practice the full AWS SAA-C03 Practice Exam 4

65 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...MediumQ02An application running on Amazon EC2 instances needs to access an Amazon DynamoDB table. Both res...EasyQ03A company is designing a web application that will be hosted on AWS. The application will use an ...MediumQ04A company is building a mobile app that requires users to authenticate using their social media a...HardQ05A solutions architect is designing a VPC for a three-tier web application. The database tier must...Medium
View all 65 questions →