Which finding is a security concern that needs to be addressed?
The AWS account root user does not have the minimum privileges required for client applications.
Encryption in transit is not configured for all Aurora native backup processes.
Each Aurora DB cluster node is not in a separate private VPC with restricted access.
The IAM credentials used by the application are not rotated regularly.
Explanations:
The root user should not be used for everyday tasks. However, the statement does not specify whether the root user is being used for regular client applications. In any case, using the root user for everyday tasks is a best practice concern, not a security finding.
Aurora natively supports encryption in transit, and backup processes are encrypted by default. If encryption in transit were not enabled, it would be a concern, but the statement only mentions backups, which are encrypted by default in Aurora.
While it’s good practice to isolate DB nodes in private subnets, the security concern here is more about access controls (e.g., using security groups), not the network design itself. The statement is not necessarily a security vulnerability.
IAM credentials should be rotated regularly to minimize the risk of unauthorized access. The lack of regular credential rotation increases the risk of security breaches, making this the correct answer.