ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Database - Specialty All Questions

View all questions & answers for the AWS Certified Database - Specialty exam
Go to Exam

Exam AWS Certified Database - Specialty topic 1 question 73 discussion

Exam question from Amazon's AWS Certified Database - Specialty
Question #: 73
Topic #: 1
[All AWS Certified Database - Specialty Questions]

A company is developing a multi-tier web application hosted on AWS using Amazon Aurora as the database. The application needs to be deployed to production and other non-production environments. A Database Specialist needs to specify different MasterUsername and MasterUserPassword properties in the AWS
CloudFormation templates used for automated deployment. The CloudFormation templates are version controlled in the company's code repository. The company also needs to meet compliance requirement by routinely rotating its database master password for production.
What is most secure solution to store the master password?

  • A. Store the master password in a parameter file in each environment. Reference the environment-specific parameter file in the CloudFormation template.
  • B. Encrypt the master password using an AWS KMS key. Store the encrypted master password in the CloudFormation template.
  • C. Use the secretsmanager dynamic reference to retrieve the master password stored in AWS Secrets Manager and enable automatic rotation.
  • D. Use the ssm dynamic reference to retrieve the master password stored in the AWS Systems Manager Parameter Store and enable automatic rotation.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by BillyC at July 27, 2020, 2:54 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BillyMadison
Highly Voted 3 years, 9 months ago
Agree with C "By using the secure string support in CloudFormation with dynamic references you can better maintain your infrastructure as code. You’ll be able to avoid hard coding passwords into your templates and you can keep these runtime configuration parameters separated from your code. Moreover, when properly used, secure strings will help keep your development and production code as similar as possible, while continuing to make your infrastructure code suitable for continuous deployment pipelines." https://aws.amazon.com/blogs/mt/using-aws-systems-manager-parameter-store-secure-string-parameters-in-aws-cloudformation-templates/ https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-manager-rotate-credentials-amazon-rds-database-types-oracle/
upvoted 10 times
...
BillyC
Highly Voted 3 years, 9 months ago
C is correct
upvoted 7 times
...
ychaabane
Most Recent 1 year, 5 months ago
Selected Answer: C
agree with C
upvoted 1 times
...
Pranava_GCP
1 year, 10 months ago
Selected Answer: C
C. Use the secretsmanager dynamic reference to retrieve the master password stored in AWS Secrets Manager and enable automatic rotation.
upvoted 2 times
...
ryuhei
3 years ago
Selected Answer: C
Answer:C
upvoted 1 times
...
novice_expert
3 years, 2 months ago
Selected Answer: C
C. Use the secretsmanager dynamic reference to retrieve the master password stored in AWS Secrets Manager and enable automatic rotation. "By using the secure string support in CloudFormation with dynamic references you can better maintain your infrastructure as code. You’ll be able to avoid hard coding passwords into your templates and you can keep these runtime configuration parameters separated from your code. Moreover, when properly used, secure strings will help keep your development and production code as similar as possible, while continuing to make your infrastructure code suitable for continuous deployment pipelines."
upvoted 2 times
...
selva1982
3 years, 6 months ago
C is correct
upvoted 1 times
...
swarndeep
3 years, 8 months ago
C is correct
upvoted 1 times
...
JobinAkaJoe
3 years, 8 months ago
C is the right answe
upvoted 1 times
...
Ashoks
3 years, 8 months ago
Ans - C
upvoted 2 times
...
Ebi
3 years, 9 months ago
Answer id C SSM does not supported automatic rotation
upvoted 6 times
...
BillyC
3 years, 9 months ago
Sorry D
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel