AWS Certified Cloud Practitioner — Question 538

In which of the following AWS services should database credentials be stored for maximum security?

Answer options

• A. AWS Identity and Access Management (IAM)
• B. AWS Secrets Manager
• C. Amazon S3
• D. AWS Key Management Service (AWS KMS)

Correct answer: B

Explanation

AWS Secrets Manager is the optimal service for securing database credentials because it supports automatic rotation, fine-grained access control, and direct integration with database engines. AWS KMS is used to generate and manage cryptographic keys rather than storing raw secrets, while Amazon S3 and IAM are not designed for direct credential management.