Free AWS SOA-C03 Actual Exam Questions - Question 3 Discussion

Maybe A, since scripting rotation with Lambda and EventBridge works for any engine without extra config.

Good point on engine support, but D still beats B for built-in rotation ease. D

D, since Secrets Manager is built for automatic credential rotation with minimal setup.

Maybe B works too since Parameter Store with SecureString and KMS encryption supports automatic rotation, so you don’t have to manage the password manually. It’s less complex than building Lambda functions.

I’m with option D here. Secrets Manager is made for this kind of thing — it manages credentials and can rotate the master password automatically without you writing any code or scheduling jobs. That’s definitely less work than setting up a Lambda with EventBridge in A. Parameter Store options (B and C) don’t have built-in rotation for RDS passwords, so you’d end up building something yourself anyway. Unless there’s a specific RDS engine limitation mentioned, using Secrets Manager seems like the simplest and most reliable choice.

Probably A since Lambda with EventBridge offers full control without extra services.

D. Secrets Manager is purpose-built for this exact use case, so it handles rotation automatically without any custom coding. Compared to Parameter Store, Secrets Manager has native integration with RDS for password rotation, which cuts down on manual work and reduces the chance of errors. Option A is too hands-on since you’d have to maintain your own Lambda logic, and B/C don’t have the same out-of-the-box rotation support. Even if cost is a bit higher, the operational simplicity here is worth it.

D/B? Secrets Manager (D) is designed for password rotation with built-in support, but if cost or complexity is a concern, encrypted Parameter Store (B) with custom rotation might work too. C is too basic, and A means more maintenance.

It’s B for me. Using Systems Manager Parameter Store with encryption and automatic rotation gives a managed way to handle the password without needing custom Lambda code. It’s less operational overhead than option A since you don’t have to maintain a function, and more secure than just a plain string in C. Secrets Manager is great, but sometimes it feels like overkill if you just want to rotate a single password regularly with minimal fuss. Parameter Store’s rotation is straightforward and integrates well with other AWS services, so it keeps things simple and automated.

It’s D since Secrets Manager handles rotation automatically with minimal setup.

Secrets Manager is built for this exact task, so D feels like the simplest choice here.

It’s A because while Secrets Manager is great for automatic rotation, not all RDS engines or versions support its built-in rotation feature yet. Creating a Lambda with EventBridge gives you full control regardless of engine/version, so it works universally. Plus, it’s not hugely complex to set up and can be fully automated without relying on specific RDS integrations. Options B and C don’t handle rotation natively and require more manual effort or custom automation, making them less ideal for minimizing operational overhead.

It’s D because Secrets Manager is designed specifically for rotating database credentials automatically, reducing manual steps way more than Parameter Store options. This cuts down operational work significantly.

Probably B here. Using Systems Manager Parameter Store with SecureString and KMS encryption lets you set up automatic rotation without having to build your own Lambda or handle custom code. It’s fully managed and integrates nicely with other AWS services. Option C is out since plain String parameters don’t support automatic rotation securely. Option D is solid too, but if you want the absolute least operational overhead and don’t want to depend on Secrets Manager’s compatibility, Parameter Store can do the job well.

A/D? Option A means building and maintaining your own Lambda code, which definitely adds complexity. Option D uses Secrets Manager, which is designed for this exact use case and automates rotation with minimal effort. Even if the RDS version isn’t specified, Secrets Manager generally supports popular engines well enough to justify picking it over a custom-coded option. B might look tempting but Parameter Store automatic rotation isn’t really built for RDS master passwords specifically, so it could need extra work. So for less manual handling and ongoing ops, D seems to fit best.

Option A could be ruled out since creating and managing a custom Lambda for password rotation adds overhead, which goes against the “least operational effort” requirement. Also, EventBridge scheduling is straightforward but still requires code maintenance. Option C is a no-go because plain String parameters don’t support automatic rotation at all. Between B and D, B does offer encryption but doesn’t natively handle RDS master password rotation without custom Lambdas, so it’s not as seamless. D stands out since Secrets Manager is purpose-built for rotating RDS credentials automatically, meaning

Makes sense to rule out C since Parameter Store String parameters don’t support automatic rotation at all, so it won’t meet the “least operational effort” requirement. B is tricky because while SecureString supports encryption, it doesn’t have built-in automatic rotation for RDS passwords either. So between A and D, D still looks best because Secrets Manager is built specifically for secrets like DB passwords and handles rotation without needing you to build and maintain Lambda functions.

Good point about the automation part. I’d say D is best since Secrets Manager is designed for this and includes built-in rotation, so you don’t have to manage any custom Lambda functions.

D Secrets Manager handles rotation automatically with minimal setup, so you don’t need to build or maintain any custom code like in A. Parameter Store options (B and C) won’t rotate the password on their own.

D imo, Secrets Manager is designed for this exact use case with minimal effort. Lambda and EventBridge (A) add unnecessary complexity managing scripts and schedules.