AIncorrect
Amazon GuardDuty
GuardDuty is a service that analyzes logs to detect threats.
It is not for storing or rotating sensitive information, so it is incorrect.
A company wants to store sensitive information such as database passwords and API keys securely without writing it directly in code, and to automatically rotate it (periodic renewal) as needed. Which service is MOST suitable?
1 / 1
Select an answer
CorrectD
Explanation
A question asking for the service that securely stores and rotates sensitive information.
- 1「database passwords and API keys」Sensitive information (secrets) used by apps
- 2「securely without writing it directly in code」Avoid hardcoding and manage centrally = Secrets Manager
- 3「automatically rotate」Automatically renew credentials on a schedule
BIncorrect
AWS WAF
WAF is a service that blocks web attacks.
It is not for storing passwords or API keys, so it is incorrect.
CIncorrect
Amazon Inspector
Inspector is a service that scans for vulnerabilities.
It is not for storing or auto-renewing sensitive information, so it is incorrect.
DCorrect
AWS Secrets Manager
Correct. AWS Secrets Manager securely stores sensitive information (secrets) such as database passwords and API keys and lets applications retrieve them through an API. There is no need to embed secrets in code, and for supported databases it can automatically rotate credentials.
Key Takeaway
“Storing passwords/API keys” and “automatic rotation” point to AWS Secrets Manager. Managing the keys themselves is KMS, and threat detection is GuardDuty — keep their roles separate.