Q28 — AWS SCS-C02 Ch.1

Question 28 of 100 | ← Chapter 1

A security engineer is building a Java application that is running on Amazon EC2. The application communicates with an Amazon RDS instance and authenticates with a user name and password.  Which combination of steps can the engineer take to protect the credentials and minimize downtime when the credentials are rotated? (Choose two.)

Correct Answer: C. Congure automatic rotation of credentials in AWS Secrets Manager, E. Congure the Java application to catch a connection failure and make a call to AWS Secrets Manager to retrieve updated credentials when the password is rotated. Grant permission to the instance role associated with the EC2 instance to access Secrets Manager.

Explanation

AWS Secrets Manager支持自动轮换数据库凭证,无需手动干预,确保凭证定期更新。结合应用程序处理连接失败时自动获取最新凭证,避免停机。AWS文档指出,Secrets Manager自动轮换配合应用程序动态检索,可无缝过渡新凭证。选项C启用自动轮换,E确保应用在凭证失效时自动获取更新,两者协同实现安全存储和最小中断。A、B、D或缺乏自动轮换或需手动操作,不符合要求。