AWS Certified Security – Specialty — Question 3

A company's database developer has just migrated an Amazon RDS database credential to be stored and managed by AWS Secrets Manager. The developer has also enabled rotation of the credential within the Secrets Manager console and set the rotation to change every 30 days.
After a short period of time, a number of existing applications have failed with authentication errors.
What is the MOST likely cause of the authentication errors?

Answer options

• A. Migrating the credential to RDS requires that all access come through requests to the Secrets Manager.
• B. Enabling rotation in Secrets Manager causes the secret to rotate immediately, and the applications are using the earlier credential.
• C. The Secrets Manager IAM policy does not allow access to the RDS database.
• D. The Secrets Manager IAM policy does not allow access for the applications.

Correct answer: B

Explanation

The correct answer is B because enabling rotation causes the secret to change immediately, which means applications still using the old credential will fail to authenticate. Options A, C, and D are incorrect as they do not accurately reflect the scenario described or the nature of credential management in this context.