A company is going through a security audit. The audit team has identified cleartext master user password in the AWS CloudFormation templates for Amazon RDS for MySQL DB instances. The audit team has flagged this as a security risk to the database team.
What should a database specialist do to mitigate this risk?
A . Change all the databases to use AWS IAM for authentication and remove all the cleartext passwords in CloudFormation templates.
B . Use an AWS Secrets Manager resource to generate a random password and reference the secret in the CloudFormation template.
C . Remove the passwords from the CloudFormation templates so Amazon RDS prompts for the password when the database is being created.
D . Remove the passwords from the CloudFormation template and store them in a separate file.
Replace the passwords by running CloudFormation using a sed command.
Answer: B
Explanation:
https://aws.amazon.com/blogs/infrastructure-and-automation/securing-passwords-in-aws-quick-starts-using-aws-secrets-manager/
Latest DBS-C01 Dumps Valid Version with 85 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund