Answer-first summary for fast verification
Answer: Employing AWS Lambda and SecretsManagerRotationTemplate for creating and rotating database credential secrets in Secrets Manager.
The correct answer is D: Employing AWS Lambda and SecretsManagerRotationTemplate for creating and rotating database credential secrets in Secrets Manager. This solution is the most secure because AWS Secrets Manager encrypts credentials at rest using AWS Key Management Service (AWS KMS) and allows for automatic secret rotation. This meets both the encryption and rotation requirements stated in the company's security policy.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
How can a company securely manage database credentials for AWS resources like RDS, DocumentDB, and Aurora, ensuring encryption at rest and regular rotation as per security policy?
A
Using IAM for token-based access with centralized user token generation.
B
Utilizing AWS Systems Manager Parameter Store with SecureString type and automatic rotation.
C
Encrypting credentials in an S3 bucket with blocked public access and automatic key rotation via S3 server-side encryption.
D
Employing AWS Lambda and SecretsManagerRotationTemplate for creating and rotating database credential secrets in Secrets Manager.