Topic 1 Question 135
A company created four AWS Lambda functions that connect to a relational database server that runs on an Amazon RDS instance. A security team requires the company to automatically change the database password every 30 days.
Which solution will meet these requirements MOST securely?
Store the database credentials in the environment variables of the Lambda function. Deploy the Lambda function with the new credentials every 30 days.
Store the database credentials in AWS Secrets Manager. Configure a 30-day rotation schedule for the credentials.
Store the database credentials in AWS Systems Manager Parameter Store secure strings. Configure a 30-day schedule for the secure strings.
Store the database credentials in an Amazon S3 bucket that uses server-side encryption with customer-provided encryption keys (SSE-C). Configure a 30-day key rotation schedule for the customer key.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: B
Secrets Manager supports automatic rotation of secrets by using either built-in or custom Lambda functions
👍 3cloudenthusiast2023/08/04 - 正解だと思う選択肢: B
The most secure and automated way to handle database credential rotation is to use AWS Secrets Manager. Secrets Manager can automatically rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. You can configure Secrets Manager to automatically rotate the secrets for you according to a schedule you specify, making it easier to adhere to best practices for security.
👍 3Dushank2023/09/09 - 正解だと思う選択肢: B
B is correct. Keyword: "automatically change the database password every 30 days"
👍 2Parsons2023/08/04
シャッフルモード