Q41 — AWS SOA-C02 Ch.1
Question 41 of 100 | ← Chapter 1
A SysOps administrator is designing a solution for an Amazon RDS for PostgreSQL DB instance. Database credentials must be stored and rotated monthly. The applications that connect to the DB instance send write-intensive traffic with variable client connections that sometimes increase significantly in a short period of time. Which solution should a SysOps administrator choose to meet these requirements?
- A. Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instance. Use RDS Proxy to handle the increases in database connections.
- B. Configure AWS Key Management Service (AWS KMS) to automatically rotate the keys for the DB instance. Use RDS read replicas to handle the increases in database connections.
- C. Configure AWS Secrets Manager to automatically rotate the credentials for the DB instance. Use RDS Proxy to handle the increases in database connections. ✓
- D. Configure AWS Secrets Manager to automatically rotate the credentials for the DB instance. Use RDS read replicas to handle the increases in database connections.
Correct Answer: C. Configure AWS Secrets Manager to automatically rotate the credentials for the DB instance. Use RDS Proxy to handle the increases in database connections.
Explanation
AWS服务中,AWS Secrets Manager支持自动轮换数据库凭证(如RDS实例的用户名和密码),符合每月轮换需求。RDS Proxy通过连接池管理与复用,可有效处理突增的连接数,避免主实例过载。读副本(read replicas)适用于扩展读取操作,但无法处理写流量。KMS用于加密密钥管理,不直接处理凭证轮换。题目场景要求写密集型流量和连接扩展,故选择Secrets Manager与RDS Proxy组合。参考AWS官方文档:Secrets Manager支持自动轮换RDS凭证,RDS Proxy优化连接管理。选项C正确。