ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 399 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 399
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company is using AWS Secrets Manager to manage database credentials that an application uses to access Amazon DocumentDB (with MongoDB compatibility). The company needs to implement automated password rotation.

Which solution will meet this requirement with the LEAST administrative overhead?

  • A. Create a new AWS Lambda function to manage the password rotation. Turn on automatic password rotation in Secrets Manager. Associate the rotation with the Lambda function.
  • B. Turn on automatic password rotation in Secrets Manager. Configure Secrets Manager to create a new AWS Lambda function to manage the password rotation.
  • C. Use the SecretsManagerRotationTemplate from the AWS Serverless Application Model (AWS SAM) to create a new AWS Lambda function. Change the vpc-config option of the Lambda function to include the subnet IDs when Amazon DocumentDB is hosted.
  • D. Use the SecretsManagerRotationTemplate from the AWS Serverlss Application Model (AWS SAM) to create three new AWS Lambda functions: createSecret, setSecret, and testSecret. Change the vpc-config option of all three Lambda functions to include the subnet IDs where Amazon DocumentDB is hosted.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by AdamWest at Nov. 20, 2022, 9:14 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
tainh
Highly Voted 2 years, 7 months ago
Selected Answer: B
B is correct - Rotation is the process of periodically updating a secret. When you rotate a secret, you update the credentials in both the secret and the database or service. In Secrets Manager, you can set up automatic rotation for your secrets. - Secrets Manager uses a Lambda function to rotate secrets
upvoted 5 times
...
SKS
Most Recent 1 year, 3 months ago
B is correct with criteria of least overhead .And document dB is natively supported by secret manager https://aws.amazon.com/blogs/security/how-to-rotate-amazon-documentdb-and-amazon-redshift-credentials-in-aws-secrets-manager/#:~:text=Secrets%20Manager%20natively%20supports%20rotating,rotate%20other%20types%20of%20secrets.
upvoted 1 times
...
Green53
2 years ago
Selected Answer: B
B seems like the best answer: https://aws.amazon.com/blogs/security/how-to-rotate-amazon-documentdb-and-amazon-redshift-credentials-in-aws-secrets-manager/ Secrets Manager can create the function for you.
upvoted 1 times
...
Toptip
2 years, 1 month ago
Selected Answer: B
B for me
upvoted 1 times
...
sahanpere
2 years, 5 months ago
Selected Answer: B
To set up rotation using the console, you need to first choose a rotation strategy. Then you configure the secret for rotation, which creates a Lambda rotation function if you don't already have one. The console also sets permissions for the Lambda function execution role. The last step is to make sure that the Lambda rotation function can access both Secrets Manager and your database through the network.
upvoted 4 times
...
Smartphone
2 years, 5 months ago
Answer is B https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html
upvoted 2 times
...
secdaddy
2 years, 6 months ago
Good writeup here but it doesn't mention either templates or vpc endpoints so these don't seem to be required to be configured additionally on top of just enabling DocumentDB key rotation in Secrets Manager ? https://aws.amazon.com/blogs/security/how-to-rotate-amazon-documentdb-and-amazon-redshift-credentials-in-aws-secrets-manager/ What would the benefit be of using a template vs not using a template, if a template isn't actually required for key rotation with DocumentDB ?
upvoted 2 times
...
must_be_rohit
2 years, 6 months ago
Selected Answer: B
LEAST administrative overhead
upvoted 1 times
...
Blueocean
2 years, 6 months ago
Option C is correct answer. While Option B is the correct answer for password rotations and is correct that a lamba function is created to rotate which points to Option B, the question asks for password rotation for DocumentDB(with MongoDB) for this the below link is better Option C. https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#NON-RDS_rotation_templates
upvoted 1 times
...
Balki
2 years, 6 months ago
Selected Answer: C
LEAST administrative overhead. Use the template and do below steps https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_turn-on-for-other.html https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html#vpc-configuring
upvoted 1 times
...
maddyr
2 years, 6 months ago
Selected Answer: A
https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_turn-on-for-db.html
upvoted 1 times
Kezuko
2 years, 2 months ago
Your link shows answer B
upvoted 1 times
...
...
landsamboni
2 years, 7 months ago
Selected Answer: B
B - Use Secrets Manager for Password rotation.
upvoted 4 times
Phongsanth
2 years, 6 months ago
Agree with you as this link. https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_turn-on-for-db.html
upvoted 1 times
...
...
D2
2 years, 7 months ago
Lambda is created by AWS when rotation is enabled. Answer B
upvoted 3 times
...
AdamWest
2 years, 7 months ago
Selected Answer: B
B - Use Secrets Manager for Password rotation.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel