AWS Certified Database – Specialty — Question 321

A software company is conducting a security audit of its three-node Amazon Aurora MySQL DB cluster.
Which finding is a security concern that needs to be addressed?

Answer options

• A. The AWS account root user does not have the minimum privileges required for client applications.
• B. Encryption in transit is not configured for all Aurora native backup processes.
• C. Each Aurora DB cluster node is not in a separate private VPC with restricted access.
• D. The IAM credentials used by the application are not rotated regularly.

Correct answer: D

Explanation

Regularly rotating IAM credentials is a fundamental AWS security best practice that reduces the window of opportunity for unauthorized access if credentials are leaked. Using the AWS account root user for applications is already a major security violation, so lacking minimum privileges there is not the correct framing. Aurora cluster nodes must reside within the same VPC across different Availability Zones, not in separate VPCs, and native backups are managed securely by AWS.