ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 333 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 333
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A development team stores its Amazon RDS MySQL DB instance user name and password credentials in a configuration file. The configuration file is stored as plaintext on the root device volume of the team's Amazon EC2 instance. When the team's application needs to reach the database, it reads the file and loads the credentials into the code. The team has modified the permissions of the configuration file so that only the application can read its content. A solutions architect must design a more secure solution.
What should the solutions architect do to meet this requirement?

  • A. Store the configuration file in Amazon S3. Grant the application access to read the configuration file.
  • B. Create an IAM role with permission to access the database. Attach this IAM role to the EC2 instance.
  • C. Enable SSL connections on the database instance. Alter the database user to require SSL when logging in.
  • D. Move the configuration file to an EC2 instance store, and create an Amazon Machine Image (AMI) of the instance. Launch new instances from this AMI.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by dmscountera at March 11, 2021, 4:06 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Atanu_M
Highly Voted 3 years, 7 months ago
B. https://aws.amazon.com/premiumsupport/knowledge-center/users-connect-rds-iam/
upvoted 41 times
...
jkwek
Highly Voted 3 years, 6 months ago
Answer is B. https://aws.amazon.com/premiumsupport/knowledge-center/users-connect-rds-iam/ Users can connect to an Amazon RDS DB instance or cluster using IAM user or role credentials and an authentication token.
upvoted 17 times
...
etheng1970
Most Recent 2 years, 9 months ago
Answer is B,,
upvoted 1 times
...
Lakhsmi
3 years, 1 month ago
Selected Answer: B
It should be B. For EC2, IAM role is a secure way to connect RDS.
upvoted 3 times
...
JP_PA
3 years, 3 months ago
Selected Answer: B
ANS: B
upvoted 2 times
...
FF11
3 years, 4 months ago
Selected Answer: B
B looks good.
upvoted 2 times
...
Sohan1311
3 years, 4 months ago
i am confused between B & C . why not C?
upvoted 5 times
Uzi_m
2 years, 3 months ago
IAM roles are more secure in case of EC2 instances and alse the simple one to implement.
upvoted 1 times
...
...
ananthkamath
3 years, 4 months ago
Selected Answer: B
B seems correct
upvoted 1 times
...
sguinales
3 years, 4 months ago
Selected Answer: B
BBBBBBB role! never use files in EC2,S3 wharever
upvoted 1 times
...
aws_aspirant
3 years, 5 months ago
Selected Answer: B
BBBBBBBBBBBBB
upvoted 1 times
...
ecastilla
3 years, 6 months ago
The keywords in this question are "more secure solution". I think option D is more operational efficient, but not more secure (I think it's less secure), because what it only does is to create an AMI that contains the credencialas. Ans is B
upvoted 3 times
...
maigacribzz
3 years, 6 months ago
why not A?
upvoted 1 times
theCreatorSD
3 years, 6 months ago
Do not store any sensitive information in configuration file in plaintext.
upvoted 1 times
...
ismai1
3 years, 6 months ago
A is correct, but B is the most secure, so the better answer
upvoted 2 times
...
...
Kopa
3 years, 6 months ago
B for sure!!
upvoted 3 times
...
KK_uniq
3 years, 6 months ago
For sure B
upvoted 3 times
...
aesr10
3 years, 6 months ago
But what about the creds on the config file? Still its the problem. Not accessing the DB... accessing securely the credentials for then jumping to the DB. Yet its a astonishingly unorthodox option, I would go with option D since creds would be inside an AMI... there’s no reference to getting creds quickly and securely, which would be done with Secrets Manager.
upvoted 1 times
...
haaris786
3 years, 7 months ago
I would go with B
upvoted 2 times
...
leliodesouza
3 years, 7 months ago
The answer is B.
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago