Q49 — AWS DVA-C02 Ch.3

Question 49 of 100 | ← Chapter 3

A company hosts its application in the us-west-1 Region. The company wants to add redundancy in the us-east-1 Region. Application secrets are stored in AWS Secrets Manager in us-west-1. Developers need to replicate these secrets to us-east-1. Which solution satisfies this requirement?

Correct Answer: A. Configure replication for each secret. Add us-east-1 as a replica region. Select an AWS Key Management Service (AWS KMS) key located in us-east-1 to encrypt the replicated secret.

Explanation

AWS Secrets Manager supports native cross-region secret replication. Option A correctly describes this: enabling replication per secret, specifying us-east-1 as the replica region, and selecting a KMS key in us-east-1 to encrypt the replica — ensuring encryption compliance and automatic synchronization. Option B incorrectly specifies using a us-west-1 KMS key for encryption in us-east-1, which is invalid (KMS keys are region-specific). Option C misrepresents replication as rule-based (no such native feature); replication is configured directly on the secret. Option D misuses S3 and lifecycle rules — Secrets Manager secrets are not stored in S3 and cannot be replicated via S3 mechanisms.