ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 108 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 108
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A large enterprise is deploying a web application on AWS. The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application stores data in an Amazon RDS for Oracle DB instance and Amazon DynamoDB. There are separate environments for development, testing, and production.

What is the MOST secure and flexible way to obtain password credentials during deployment?

  • A. Retrieve an access key from an AWS Systems Manager SecureString parameter to access AWS services. Retrieve the database credentials from a Systems Manager SecureString parameter.
  • B. Launch the EC2 instances with an EC2 IAM role to access AWS services. Retrieve the database credentials from AWS Secrets Manager.
  • C. Retrieve an access key from an AWS Systems Manager plaintext parameter to access AWS services. Retrieve the database credentials from a Systems Manager SecureString parameter.
  • D. Launch the EC2 instances with an EC2 IAM role to access AWS services. Store the database passwords in an encrypted config file with the application artifacts.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by devnv at May 14, 2023, 12:22 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
jamesf
9 months, 1 week ago
Selected Answer: B
Keywords: MOST secure
upvoted 2 times
...
zijo
10 months, 3 weeks ago
Selected Answer: B
This step is important for applications running on EC2 instances to retrieve passwords from AWS Secrets Manager. Create an IAM role with the necessary permissions to access AWS Secrets Manager. Attach this IAM role to your EC2 instance.
upvoted 2 times
...
c3518fc
1 year ago
Selected Answer: B
The most secure and flexible way to obtain password credentials during deployment in the given scenario is to use AWS Secrets Manager. AWS Secrets Manager is a service that allows you to securely store, retrieve, and rotate credentials, such as passwords, API keys, and other sensitive data.
upvoted 3 times
...
dkp
1 year ago
Selected Answer: B
B seems more relevant
upvoted 2 times
...
WhyIronMan
1 year, 1 month ago
Selected Answer: B
B. EC2 Role + Secrets Mananger
upvoted 2 times
...
thanhnv142
1 year, 2 months ago
Selected Answer: B
B is correct: <obtain password credentials> means we should consider AWS SSM and secret manager. However, <the MOST secure > means we should opt for secret manager, which is more costly but more secure A, C and D: no mention of secret manager
upvoted 4 times
...
sarlos
1 year, 4 months ago
why not A?
upvoted 1 times
thanhnv142
1 year, 2 months ago
<obtain password credentials> means we should consider AWS SSM and secret manager. However, <the MOST secure > means we should opt for secret manager, which is more costly but more secure
upvoted 3 times
...
davdan99
1 year, 3 months ago
We are not storing access keys for EC2 instances, instead we are using instance profile for that it is the best practice, and for database credentials it is correct to use Secret manager, it is more integrated with RDS, and other database services within AWS.
upvoted 1 times
...
...
giovanna_mag
1 year, 4 months ago
Selected Answer: B
I vote B
upvoted 2 times
...
Snape
1 year, 9 months ago
Selected Answer: B
No Brainer
upvoted 3 times
...
haazybanj
1 year, 10 months ago
Selected Answer: B
Most secure is B
upvoted 4 times
...
FunkyFresco
1 year, 10 months ago
Selected Answer: B
Option B is the right answer.
upvoted 2 times
...
devnv
1 year, 11 months ago
B sounds the right answer
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago