Multiple Choice
A company has an AWS CloudFormation template written in JSON that is used to launch new Amazon RDS for MySQL DB instances. The security team has asked a database specialist to ensure that the master password is automatically rotated every 30 days for all new DB instances that are launched using the template. What is the MOST operationally efficient solution to meet these requirements?
A) Save the password in an Amazon S3 object. Encrypt the S3 object with an AWS KMS key. Set the KMS key to be rotated every 30 days by setting the EnableKeyRotation property to true. Use a CloudFormation custom resource to read the S3 object to extract the password.
B) Create an AWS Lambda function to rotate the secret. Modify the CloudFormation template to add an AWS::SecretsManager::RotationSchedule resource. Configure the RotationLambdaARN value and, for the RotationRules property, set the AutomaticallyAfterDays parameter to 30.
C) Modify the CloudFormation template to use the AWS KMS key as the database password. Configure an Amazon EventBridge rule to invoke the KMS API to rotate the key every 30 days by setting the ScheduleExpression parameter to ***/30***.
D) Integrate the Amazon RDS for MySQL DB instances with AWS IAM and centrally manage the master database user password.
Correct Answer:
Verified
Correct Answer:
Verified
Q91: A company is using Amazon RDS for
Q92: A small startup company is looking to
Q93: A Database Specialist is planning to create
Q94: A company has a database monitoring solution
Q95: The Security team for a finance company
Q97: A database specialist is managing an application
Q98: An ecommerce company recently migrated one of
Q99: A large company has a variety of
Q100: A team of Database Specialists is currently
Q101: A company is looking to migrate a