ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Database - Specialty All Questions

View all questions & answers for the AWS Certified Database - Specialty exam
Go to Exam

Exam AWS Certified Database - Specialty topic 1 question 142 discussion

Exam question from Amazon's AWS Certified Database - Specialty
Question #: 142
Topic #: 1
[All AWS Certified Database - Specialty Questions]

A company has an AWS CloudFormation template written in JSON that is used to launch new Amazon RDS for MySQL DB instances. The security team has asked a database specialist to ensure that the master password is automatically rotated every 30 days for all new DB instances that are launched using the template.
What is the MOST operationally efficient solution to meet these requirements?

  • A. Save the password in an Amazon S3 object. Encrypt the S3 object with an AWS KMS key. Set the KMS key to be rotated every 30 days by setting the EnableKeyRotation property to true. Use a CloudFormation custom resource to read the S3 object to extract the password.
  • B. Create an AWS Lambda function to rotate the secret. Modify the CloudFormation template to add an AWS::SecretsManager::RotationSchedule resource. Configure the RotationLambdaARN value and, for the RotationRules property, set the AutomaticallyAfterDays parameter to 30.
  • C. Modify the CloudFormation template to use the AWS KMS key as the database password. Configure an Amazon EventBridge rule to invoke the KMS API to rotate the key every 30 days by setting the ScheduleExpression parameter to ***/30***.
  • D. Integrate the Amazon RDS for MySQL DB instances with AWS IAM and centrally manage the master database user password.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by novak18 at April 2, 2021, 7:37 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Jaypdv
Highly Voted 3 years, 8 months ago
B. Answer
upvoted 12 times
...
khun
Most Recent 2 years, 5 months ago
B is the answer. AWS secret supports rotation
upvoted 2 times
...
Bobapo2
3 years ago
Selected Answer: B
B. Answer
upvoted 1 times
...
novice_expert
3 years, 1 month ago
Selected Answer: B
Secrete Manager -> Lambda to rotate secret -> modify Cloud formation to add rotation schedule https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-rotationschedule.html
upvoted 2 times
...
Dantas
3 years, 2 months ago
Selected Answer: B
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-rotationschedule.html
upvoted 1 times
...
RotterDam
3 years, 3 months ago
Selected Answer: B
(B) is the correct answer. (Who is making the official chosen answers? Almost all of them are wrong - the community ones are the correct ones)
upvoted 4 times
...
tugboat
3 years, 3 months ago
Selected Answer: B
Lambda with Secrets Manager works perfectly
upvoted 1 times
...
kped21
3 years, 3 months ago
B - Lambda with secretsManager.
upvoted 1 times
...
Aesthet
3 years, 7 months ago
B final answer
upvoted 2 times
...
manan728
3 years, 8 months ago
This question was asked in my exam. B is correct.
upvoted 2 times
...
novak18
3 years, 8 months ago
Shouldn't the answer be B?
upvoted 1 times
novak18
3 years, 8 months ago
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-rotationschedule.html
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel