ExpertAWS SAP-C02 · Question 60 · Domain 2.3: Security Controls
A company is designing a highly secure environment on AWS. They need to store sensitive database credentials. The credentials must be rotated automatically every 30 days. The application running on EC2 needs to retrieve these credentials securely without hardcoding them. Which combination of steps should be taken? (Select TWO)
A company is designing a highly secure environment on AWS. They need to store sensitive database credentials. The credentials must be rotated automatically every 30 days. The application running on EC2 needs to retrieve these credentials securely without hardcoding them. Which combination of steps should be taken? (Select TWO)
Answer options:
Store the credentials in AWS Systems Manager Parameter Store as a SecureString.
Store the credentials in AWS Secrets Manager and configure automatic rotation.
Assign an IAM role to the EC2 instance with permissions to read the secret from Secrets Manager.
Store the credentials in an encrypted S3 bucket.
Embed the credentials in the AMI used by the EC2 instances.
Use AWS KMS to rotate the credentials.
How to approach this question
Full Answer
Common mistakes
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 7
75 questions · hints · full answers · grading