ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 24 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 24
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company's database developer has just migrated an Amazon RDS database credential to be stored and managed by AWS Secrets Manager. The developer has also enabled rotation of the credential within the Secrets Manager console and set the rotation to change every 30 days.
After a short period of time, a number of existing applications have failed with authentication errors.
What is the MOST likely cause of the authentication errors?

  • A. Migrating the credential to RDS requires that all access come through requests to the Secrets Manager.
  • B. Enabling rotation in Secrets Manager causes the secret to rotate immediately, and the applications are using the earlier credential.
  • C. The Secrets Manager IAM policy does not allow access to the RDS database.
  • D. The Secrets Manager IAM policy does not allow access for the applications.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Moon at June 9, 2019, 6:39 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Moon
Highly Voted 3 years, 2 months ago
Answer B. Because enabling the rotation, would immediately change the credentials, and that would cause the applications to fail if they uses the imbedded/old credentials.
upvoted 49 times
...
rm29
Highly Voted 3 years, 2 months ago
B. It states on the documentation. https://docs.aws.amazon.com/secretsmanager/latest/userguide/enable-rotation-rds.html
upvoted 11 times
Mimikabs
2 years ago
The documentation you provided also says that "After rotation is successful, applications that Retrieve secrets from AWS Secrets Manager automatically get the updated credentials." So I don't think B will be a correct answer.
upvoted 1 times
...
...
Deyemzy
Most Recent 6 months ago
B When rotation is enabled, Secrets Manager might rotate the credentials immediately. If applications are still using the old credentials, they will fail to authenticate. Ensure applications are configured to dynamically retrieve and use the updated credentials from Secrets Manager.
upvoted 1 times
...
Raphaello
10 months, 1 week ago
Selected Answer: B
This is a VERY badly written question, cause 2 options are fully and equally qualified to be the key. A and B both are correct, and there is nothing in the question of favour one over the other. Authentication failure could be because the creds are still hard-coded in the application, which now has to request creds through Secrets Manager APIs, or could be because that once creds rotation is enabled on Secrets Manager, it rotates secrets immediately.
upvoted 2 times
...
bob_bobbins
11 months, 3 weeks ago
Selected Answer: A
I would argue for A because of resources already mentioned; which say when " the credentials are no longer stored with the application, rotating credentials no longer requires updating your applications and deploying changes to application clients."
upvoted 1 times
bob_bobbins
11 months, 3 weeks ago
This "cause" would ultimately be that the RoleToRetrieveSecretAtRuntime was not present in the Secret Policy.
upvoted 1 times
...
...
Joeylee
1 year, 2 months ago
Selected Answer: A
A is the right
upvoted 1 times
...
addy_prepare
1 year, 3 months ago
Selected Answer: A
Guys already present evidence below. I could find out where is written that Secret Manager forces to immediately rotate a secret, as I see you must specify rotation interval.
upvoted 1 times
...
Nuha_23
1 year, 4 months ago
Selected Answer: A
A is the most likely cause. see the link : https://docs.aws.amazon.com/secretsmanager/latest/userguide/hardcoded-db-creds.html
upvoted 1 times
...
vherman
1 year, 6 months ago
Selected Answer: B
b is the only correct
upvoted 3 times
...
Blue15
1 year, 7 months ago
Selected Answer: A
A is the answer. I present the evidence below. https://docs.aws.amazon.com/ko_kr/secretsmanager/latest/userguide/rotate-secrets_now.html
upvoted 1 times
...
Joes87
1 year, 7 months ago
A. Once you store your credentials in secrets manager, even the application should be updated.
upvoted 1 times
...
SaucyVip3r
1 year, 7 months ago
Selected Answer: B
I think B is the right option. Since when the keys are rotated immediately this will impact the applications
upvoted 2 times
...
matrpro
1 year, 7 months ago
Selected Answer: B
Answer B. Because enabling the rotation, would immediately change the credentials, and that would cause the applications to fail if they uses the imbedded/old credentials.
upvoted 1 times
...
Trap_D0_r
1 year, 8 months ago
Selected Answer: A
Answer A: This is CLASSIC Developer behavior--A Developer JUST moved credentials to Secrets Manager AND (at the same time) enabled rotation, then a bunch of applications started failing authentication. What's the most likely culprit for the failure? A: The developer did not also update his applications to use Secrets Manager for credentialed access, and the RDS instance won't accept connections.
upvoted 3 times
...
gvramana
1 year, 8 months ago
The keyword is "failed with authentication errors", primary problem is authentication hence the Answer A
upvoted 2 times
...
Mmaxwell00
1 year, 10 months ago
A. After rotation is successful, applications that Retrieve secrets from AWS Secrets Manager from Secrets Manager automatically get the updated credentials. For more details about how each step of rotation works, see the AWS Secrets Manager rotation function templates. https://docs.aws.amazon.com/secretsmanager/latest/userguide/enable-rotation-rds.html
upvoted 1 times
...
hubekpeter
2 years ago
Selected Answer: B
Fore those who vote for A, they're asking about a root cause, not a solution !!!
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago