-
Answer to a question
updated 4 years ago
2 Members
·
4
Posts
-
What’s the correct answer and explanation to following question?
This question was part of Quiz 2 (Time Based) and it appears as both correct and incorrect.Category: CSAA – Design Secure Applications and Architectures
An application is hosted in AWS Fargate and uses RDS database in Multi-AZ Deployments configuration with several Read Replicas. A Solutions Architect was instructed to ensure that all of their database credentials, API keys, and other secrets are encrypted and rotated on a regular basis to improve data security. The application should also use the latest version of the encrypted credentials when connecting to the RDS database.
Which of the following is the MOST appropriate solution to secure the credentials?
Use AWS Secrets Manager to store and encrypt the database credentials, API keys, and other secrets. Enable automatic rotation for all of the credentials.
Store the database credentials, API keys, and other secrets to Systems Manager Parameter Store each with a
SecureStringdata type. The credentials are automatically rotated by default.Store the database credentials, API keys, and other secrets to AWS ACM.
Store the database credentials, API keys, and other secrets in AWS KMS.
-
Hello Avinash,
I simulated Set 2 and for this particular question, there is only one correct answer which is:
“Use AWS Secrets Manager to store and encrypt the database credentials, API keys, and other secrets. Enable automatic rotation for all of the credentials.”
Copying the entire explanation:
“Hence, the most appropriate solution for this scenario is: Use AWS Secrets Manager to store and encrypt the database credentials, API keys, and other secrets. Enable automatic rotation for all of the credentials.
The option that says: Store the database credentials, API keys, and other secrets to Systems Manager Parameter Store each with a SecureString data type. The credentials are automatically rotated by default is incorrect because Systems Manager Parameter Store doesn’t rotate its parameters by default.
The option that says: Store the database credentials, API keys, and other secrets to AWS ACM is incorrect because it is just a managed private CA service that helps you easily and securely manage the lifecycle of your private certificates to allow SSL communication to your application. This is not a suitable service to store database or any other confidential credentials.
The option that says: Store the database credentials, API keys, and other secrets in AWS KMS is incorrect because this only makes it easy for you to create and manage encryption keys and control the use of encryption across a wide range of AWS services. This is primarily used for encryption and not for hosting your credentials.”
Could you clarify what you meant when you said, “it appears as both correct and incorrect?
Cheers,
Tutorials Dojo
-
After completing the quiz, this question appeared on both “correct” and “incorrect” answers with no explanation. Also, there were checkboxes instead of radio buttons in this question which caused confusion if its multiple choice question or not.
-
Hi Avinash,
We already checked Set 2 and we don’t see any issue at all. The correct answer is properly shown with the full explanation as shown here:
Log in to reply.