Crucial Exams

AWS Certified Data Engineer Associate DEA-C01 Practice Question

Your data engineering team runs an AWS Glue Spark job that connects to an Amazon RDS for MySQL database. Credentials are currently hard-coded in the job script. The team must store the credentials securely and have them automatically rotated every 30 days with minimal code changes and operations effort. Which solution meets these requirements?

  • Keep the credentials in the Glue job's environment variables but rotate them every 30 days by updating the job definition through a CI/CD pipeline that generates a new password.

  • Create a secret in AWS Secrets Manager for the RDS database, turn on automatic rotation every 30 days, attach an IAM role with secretsmanager:GetSecretValue to the Glue job, and reference the secret in the job's connection.

  • Encrypt the credentials with AWS KMS, upload them to Amazon S3, schedule an AWS Lambda function to replace the file with a new password every 30 days, and have the Glue job download and decrypt the file at runtime.

  • Store the credentials as a SecureString in AWS Systems Manager Parameter Store, trigger an Amazon EventBridge rule every 30 days to invoke a custom Lambda function that updates the parameter, and modify the job to read the parameter value.

AWS Certified Data Engineer Associate DEA-C01
Data Security and Governance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot