ExpertAWS SAP-C02 · Question 31 · Domain 2.3: Security Controls
A company is building a new application using AWS CDK. The application requires a database password to connect to Amazon RDS. The security team mandates that the password must be automatically rotated every 30 days without any application downtime. Which solution meets these requirements?
A company is building a new application using AWS CDK. The application requires a database password to connect to Amazon RDS. The security team mandates that the password must be automatically rotated every 30 days without any application downtime. Which solution meets these requirements?
Answer options:
Store the password in AWS Systems Manager Parameter Store as a SecureString. Use EventBridge to trigger a Lambda function for rotation.
Store the password in AWS Secrets Manager and configure automatic rotation using an AWS Lambda function.
Store the password in AWS KMS and set the key rotation policy to 30 days.
Hardcode the password in the CDK code and use a CI/CD pipeline to redeploy every 30 days.
How to approach this question
Full Answer
Common mistakes
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 4
75 questions · hints · full answers · grading