ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 268 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 268
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company is building an application on AWS that will store sensitive information. The company has a support team with access to the IT infrastructure, including databases. The company's security engineer must introduce measures to protect the sensitive data against any data breach while minimizing management overhead. The credentials must be regularly rotated.
What should the security engineer recommend?

  • A. Enable Amazon RDS encryption to encrypt the database and snapshots. Enable Amazon Elastic Block Store (Amazon EBS) encryption on Amazon EC2 instances. Include the database credential in the EC2 user data field. Use an AWS Lambda function to rotate database credentials. Set up TLS for the connection to the database.
  • B. Install a database on an Amazon EC2 instance. Enable third-party disk encryption to encrypt Amazon Elastic Block Store (Amazon EBS) volume. Store the database credentials in AWS CloudHSM with automatic rotation. Set up TLS for the connection to the database.
  • C. Enable Amazon RDS encryption to encrypt the database and snapshots. Enable Amazon Elastic Block Store (Amazon EBS) encryption on Amazon EC2 instances. Store the database credentials in AWS Secrets Manager with automatic rotation. Set up TLS for the connection to the RDS hosted database.
  • D. Set up an AWS CloudHSM cluster with AWS Key Management Service (AWS KMS) to store KMS keys. Set up Amazon RDS encryption using AWS KSM to encrypt the database. Store the database credentials in AWS Systems Manager Parameter Store with automatic rotation. Set up TLS for the connection to the RDS hosted database.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by khin at Aug. 26, 2021, 2:41 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Igloo
Highly Voted 3 years, 7 months ago
Answer: C Why: AWS Secrets manager supports automatic rotation. AWS CloudHSM is additional overhead and the question specifies this should be kept to a minimum
upvoted 21 times
...
dcasabona
Most Recent 2 years, 10 months ago
Selected Answer: C
Option C. I agree with igloo explanation...
upvoted 3 times
...
TigerInTheCloud
3 years, 1 month ago
Selected Answer: C
Reducing administration overhead: using as many AWS managed services as possible, so A and B are out. C is good. D is overkilled with more administration overhead, and the first statement does not sound right.
upvoted 3 times
...
Radhaghosh
3 years, 4 months ago
Answer is C Option A. Include the database credential in the EC2 user data field. Use an AWS Lambda function to rotate database credentials. --> Bad Security Posture Option B. Install a database on an Amazon EC2 instance. --> Too much overhead/management Option C. Perfect Solution D. AWS Systems Manager Parameter Store with automatic rotation. --> Invalid Option
upvoted 1 times
...
hk436
3 years, 7 months ago
C is my answer.
upvoted 3 times
...
TollaMS
3 years, 7 months ago
The answer C AWS secret manager has automatic rotation enabled
upvoted 4 times
...
kiev
3 years, 7 months ago
C look good and clue is that SM has automatic rotation of secretes .
upvoted 4 times
...
dumma
3 years, 7 months ago
Agree C looks correct
upvoted 3 times
...
khin
3 years, 8 months ago
answer is C
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel