AWS Certified Security - Specialty

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Enable Amazon RDS encryption for the database and snapshots, enable Amazon EBS encryption on EC2 instances, store database credentials in AWS Secrets Manager with automatic rotation, and set up TLS for RDS database connections.

The correct answer is C. To protect sensitive data in an AWS environment while minimizing management overhead, the best approach is to use Amazon RDS encryption for the database and snapshots and Amazon EBS encryption for EC2 instances. Storing database credentials in AWS Secrets Manager with automatic rotation ensures that credentials are regularly rotated without manual intervention. Additionally, setting up TLS for database connections enhances security by encrypting data in transit.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A company is developing an AWS-based application to store sensitive data. The IT support team has access to the infrastructure, including databases. The security engineer needs to implement measures to safeguard sensitive data from breaches, reduce management overhead, and ensure regular rotation of database credentials. What measures should the security engineer recommend?

Exam-Like

Last updated: February 15, 2026 at 14:02

Enable Amazon RDS encryption for the database and snapshots, enable Amazon EBS encryption on EC2 instances, include database credentials in EC2 user data, use an AWS Lambda function for credential rotation, and set up TLS for database connections.

0.0%

Install a database on an EC2 instance, enable third-party disk encryption for the EBS volume, store database credentials in AWS CloudHSM with automatic rotation, and set up TLS for database connections.

0.0%

Enable Amazon RDS encryption for the database and snapshots, enable Amazon EBS encryption on EC2 instances, store database credentials in AWS Secrets Manager with automatic rotation, and set up TLS for RDS database connections.

100.0%

Set up an AWS CloudHSM cluster with AWS KMS for storing KMS keys, enable Amazon RDS encryption using AWS KMS, store database credentials in AWS Systems Manager Parameter Store with automatic rotation, and set up TLS for RDS database connections.