ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Database - Specialty All Questions

View all questions & answers for the AWS Certified Database - Specialty exam
Go to Exam

Exam AWS Certified Database - Specialty topic 1 question 96 discussion

Exam question from Amazon's AWS Certified Database - Specialty
Question #: 96
Topic #: 1
[All AWS Certified Database - Specialty Questions]

A company is going through a security audit. The audit team has identified cleartext master user password in the AWS CloudFormation templates for Amazon
RDS for MySQL DB instances. The audit team has flagged this as a security risk to the database team.
What should a database specialist do to mitigate this risk?

  • A. Change all the databases to use AWS IAM for authentication and remove all the cleartext passwords in CloudFormation templates.
  • B. Use an AWS Secrets Manager resource to generate a random password and reference the secret in the CloudFormation template.
  • C. Remove the passwords from the CloudFormation templates so Amazon RDS prompts for the password when the database is being created.
  • D. Remove the passwords from the CloudFormation template and store them in a separate file. Replace the passwords by running CloudFormation using a sed command.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by std2021 at April 1, 2021, 8:58 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ImprovMAN
2 years, 6 months ago
Answer B
upvoted 1 times
...
novice_expert
3 years, 1 month ago
Selected Answer: B
Use an AWS Secrets Manager resource to generate a random password and reference the secret in the CloudFormation template.
upvoted 4 times
...
tugboat
3 years, 3 months ago
Selected Answer: B
secret manager to the rescue!
upvoted 3 times
...
soyyodario
3 years, 4 months ago
Selected Answer: B
Answer B
upvoted 2 times
...
GMartinelli
3 years, 6 months ago
Selected Answer: B
Option B
upvoted 2 times
...
ChauPhan
3 years, 7 months ago
B no doubt
upvoted 1 times
...
gelsm
3 years, 7 months ago
Answer: B https://aws.amazon.com/blogs/infrastructure-and-automation/securing-passwords-in-aws-quick-starts-using-aws-secrets-manager/ Saving a password in a clear text file is not a secure practice. Today, I want to discuss how you can store secrets in Secrets Manager via AWS CloudFormation. Then I’ll show, using code examples, how to retrieve secrets.
upvoted 3 times
...
AM
3 years, 7 months ago
Even though B works, A will also work as it will generate token for login. Also there is no info if rotation of paassowrd is required. I ma not sure between A & B.
upvoted 2 times
rlnd2000
2 years, 10 months ago
It is not necessary to state in the question that the rotation of passwords for services accounts, such as master user, it is a best practice.
upvoted 1 times
...
...
Aesthet
3 years, 8 months ago
B final answer
upvoted 2 times
...
shantest1
3 years, 8 months ago
B. Ans
upvoted 4 times
...
std2021
3 years, 8 months ago
Option B
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel