Multiple Choice
A Security Engineer is building a Java application that is running on Amazon EC2. The application communicates with an Amazon RDS instance and authenticates with a user name and password. Which combination of steps can the Engineer take to protect the credentials and minimize downtime when the credentials are rotated? (Choose two.)
A) Have a Database Administrator encrypt the credentials and store the ciphertext in Amazon S3. Grant permission to the instance role associated with the EC2 instance to read the object and decrypt the ciphertext.
B) Configure a scheduled job that updates the credential in AWS Systems Manager Parameter Store and notifies the Engineer that the application needs to be restarted.
C) Configure automatic rotation of credentials in AWS Secrets Manager.
D) Store the credential in an encrypted string parameter in AWS Systems Manager Parameter Store. Grant permission to the instance role associated with the EC2 instance to access the parameter and the AWS KMS key that is used to encrypt it.
E) Configure the Java application to catch a connection failure and make a call to AWS Secrets Manager to retrieve updated credentials when the password is rotated. Grant permission to the instance role associated with the EC2 instance to access Secrets Manager.
Correct Answer:
Verified
Correct Answer:
Verified
Q33: A company plans to move most of
Q34: A company uses an AWS Key Management
Q35: A company plans to use custom AMIs
Q36: Which of the following are valid configurations
Q37: A company is setting up products to
Q39: An application uses Amazon Cognito to manage
Q40: A security engineer needs to ensure their
Q41: Authorized Administrators are unable to connect to
Q42: An application outputs logs to a text
Q43: A Security Engineer has discovered that, although