Answer-first summary for fast verification
Answer: AWS Secrets Manager
## Explanation **AWS Secrets Manager** is the correct choice because: - **Purpose-built for credentials**: Secrets Manager is specifically designed to store and manage sensitive information like database credentials, API keys, and other secrets - **Automatic rotation**: It can automatically rotate secrets according to a schedule, reducing operational overhead - **Secure storage**: Secrets are encrypted at rest using AWS KMS - **Easy integration**: Applications can retrieve secrets through API calls without storing credentials in code - **Minimal operational overhead**: Unlike managing credentials manually or using KMS directly, Secrets Manager handles the complexity of secret management **Why other options are incorrect**: - **AWS KMS**: Primarily for encryption key management, not credential storage - **AWS Config**: For resource configuration tracking and compliance, not credential management - **Amazon GuardDuty**: For threat detection and security monitoring, not credential storage Secrets Manager provides the most streamlined approach for securely storing and managing database credentials with minimal operational effort.
Author: Ritesh Yadav
Ultimate access to all questions.
A company needs to securely store important credentials that an application uses to connect users to a database. Which AWS service can meet this requirement with the MINIMAL amount of operational overhead?
A
AWS Key Management Service (AWS KMS)
B
AWS Config
C
AWS Secrets Manager
D
Amazon GuardDuty
No comments yet.