AWS Certified Developer Associate DVA-C02 Practice Question
A development team needs to store database credentials and API keys so that a containerized application running in Amazon ECS can load them from environment variables at startup. The solution must meet the following requirements:
Encrypt the secrets at rest by using AWS KMS.
Provide automatic rotation of the secrets on a schedule.
Record access to the secrets in AWS CloudTrail.
Which AWS service should the team use to meet these requirements?
AWS Secrets Manager encrypts each secret by using AWS KMS, supports built-in automatic rotation through rotation schedules or Lambda functions, and logs all access in CloudTrail. Although Systems Manager Parameter Store can store encrypted parameters, it does not provide native, automated secret-rotation workflows; rotation must be implemented separately. AWS KMS alone is a key-management service, not a secret store, and Amazon S3 with SSE-KMS is object storage that does not manage or rotate secrets. Therefore, Secrets Manager is the only service that satisfies all stated requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AWS Secrets Manager?
Open an interactive chat with Bash
How does AWS Secrets Manager compare to Parameter Store?
Open an interactive chat with Bash
What are environment variables and why are they important?
Open an interactive chat with Bash
AWS Certified Developer Associate DVA-C02
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access