Q1 — AWS SAP-C02 Ch.3

Question 1 of 75 | ← Chapter 3

Q226. A company needs to migrate its customer transactions database from on premises to AWS. The database resides on an Oracle DB instance that runs on a Linux server. According to a new security requirement, the company must rotate the database password each year. Which solution will meet these requirements with the LEAST operational overhead?

Correct Answer: B. Migrate the database to Amazon RDS for Oracle. Store the password in AWS Secrets Manager. Turn on automatic rotation Configure a yearly rotation schedule.

Explanation

Amazon RDS for Oracle is a fully-managed service that makes it easy to set up, operate, and scale an Oracle database in the cloud. With AWS Secrets Manager, you can securely store the database password and configure automatic rotation of the password each year without any additional operational overhead. By configuring automatic rotation, this ensures that the password is changed automatically on a yearly basis, ensuring compliance with the new security requirement. Option B provides the simplest solution to meet the requirements with the least amount of operational overhead. Option A suggests converting the database to Amazon DynamoDB by using the AWS Schema Conversion Tool (AWS SCT), storing the password in AWS Systems Manager Parameter Store, and creating an Amazon CloudWatch alarm to invoke an AWS Lambda function for yearly password rotation. However, DynamoDB is a NoSQL database and may not be suitable for all types of transactional data. This approach also requires additional steps to create alarms and Lambda functions, adding unnecessary operational overhead. Option C suggests migrating the database to an Amazon EC2 instance and using AWS Systems Manager Parameter Store to keep and rotate the connection string by using an AWS Lambda function on a yearly schedule. However, managing an EC2 instance requires more operational overhead than using a managed service like Amazon RDS. Option D suggests migrating the database to Amazon Neptune, which is a graph database service, and creating an Amazon CloudWatch alarm to invoke an AWS Lambda function for yearly password rotation. However, Neptune is not designed for transactional data storage, and this approach does not provide a straightforward solution to meet the requirements. Therefore, option B provides the most suitable solution with the least amount of operational overhead by using Amazon RDS for Oracle, AWS Secrets Manager, and automatic password rotation.