A Security Engineer is building a Java application that is running on Amazon EC2. The application communicates with an Amazon RDS instance and authenticates with a user name and password. Which combination of steps can the Engineer take to protect the credentials and minimize downtime when the credentials are rotated? (Choose two.)
A) Have a Database Administrator encrypt the credentials and store the ciphertext in Amazon S3. Grant permission to the instance role associated with the EC2 instance to read the object and decrypt the ciphertext.
B) Configure a scheduled job that updates the credential in AWS Systems Manager Parameter Store and notifies the Engineer that the application needs to be restarted.
C) Configure automatic rotation of credentials in AWS Secrets Manager.
D) Store the credential in an encrypted string parameter in AWS Systems Manager Parameter Store. Grant permission to the instance role associated with the EC2 instance to access the parameter and the AWS KMS key that is used to encrypt it.
E) Configure the Java application to catch a connection failure and make a call to AWS Secrets Manager to retrieve updated credentials when the password is rotated. Grant permission to the instance role associated with the EC2 instance to access Secrets Manager.
Correct Answer:
Verified
Q65: Which of the following are valid event
Q66: A company is building a data lake
Q67: A Security Engineer must implement mutually authenticated
Q68: The AWS Systems Manager Parameter Store is
Q69: A company uses user data scripts that
Q71: A Security Engineer is defining the logging
Q72: An application uses Amazon Cognito to manage
Q73: An Amazon S3 bucket is encrypted using
Q74: A Security Engineer is working with a
Q75: The Accounting department at Example Corp. has
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents