Exam AWS Certified Security - Specialty topic 1 question 244 discussion

A is the answer without a doubt. Think about what benefits secrets management provides and if its relevant to the problem. Key-rotation? Not needed, the existing implementation will handle it. Password generation? Potentially needed, but the problem only specifies existing credentials - nothing about new ones. To top it off, the question mentions cost a primary factor. Parameter store is far cheaper.

"LOWEST" is the key word so Parameter Store is the right option. Option D is the costlier option among the options.

A. Configure the company's key management solution to integrate with AWS Systems Manager Parameter Store. While AWS Secrets Manager provides additional security features and specific secrets management capabilities, it may come at a higher cost compared to AWS Systems Manager Parameter Store. If cost-effectiveness is the primary concern and the existing password management system can adequately handle key rotation, auditing, and integration requirements, AWS Systems Manager Parameter Store would be the recommended solution.

Systems Manager Parameter Store and meets its requirements for key rotation, auditing, and integration with third-party secrets containers, choosing option A would likely be the more cost-effective solution.

The company will use its existing password management system for key rotation, auditing, and integration with third-party secrets containers. Thus, the secret manager is not required.

parameter store as its cheap. 3rd party will take care of rotation

There seems to be some confusion over A and B because of the term "key rotation" in the question. The argument that B is the answer because Secrets Manager rotates keys. That's wrong. Secrets Manager does not even store keys, it stores secrets/credentials. So it rotates credentials. A is the only plausible answer.

question had "organizations continue using your actually process management password system key rotation" because it, secret manager to automatic key rotation isn't required, so Letter A is sure, because lower cost. 100% letter A

There is rotation in the question. Correct answer A.

Secrets manager is expensive, A is correct.

SSM has the lower cost than Secret Manager but when it come for "ROTATION" SSM is unable to rotate the keys "B" is the correct answer

B - "Secrets Manager can secure, audit, and manage secrets used to access resources in the AWS Cloud, on third-party services, and on-premises." SSM - can't rotate. https://acloudguru.com/blog/engineering/an-inside-look-at-aws-secrets-manager-vs-parameter-store

Answer - SSM: One advantage of SSM Parameter is that it costs nothing to use standard parameters. You can store up to 10,000 parameters and you won’t get billed. Advanced Parameters has a cost associated with it, however. AWS Secret Manager bills you a fixed cost for every secret per month and for every 10,000 API calls.

A makes sense for the LOWEST cost, but the question is very terrible in wording, it make use confused with lack of key information.

only HSM can integrate with third party https://docs.aws.amazon.com/cloudhsm/latest/userguide/third-party-applications.html

A is most appropriate. B also works but not cost-effective.

A, the question mentions the company will use its existing password management system for key rotation.