ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 206 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 206
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company is implementing a serverless architecture by using AWS Lambda functions that need to access a Microsoft SQL Server DB instance on Amazon RDS. The company has separate environments for development and production, including a clone of the database system.

The company's developers are allowed to access the credentials for the development database. However, the credentials for the production database must be encrypted with a key that only members of the IT security team's IAM user group can access. This key must be rotated on a regular basis.

What should a solutions architect do in the production environment to meet these requirements?

  • A. Store the database credentials in AWS Systems Manager Parameter Store by using a SecureString parameter that is encrypted by an AWS Key Management Service (AWS KMS) customer managed key. Attach a role to each Lambda function to provide access to the SecureString parameter. Restrict access to the SecureString parameter and the customer managed key so that only the IT security team can access the parameter and the key.
  • B. Encrypt the database credentials by using the AWS Key Management Service (AWS KMS) default Lambda key. Store the credentials in the environment variables of each Lambda function. Load the credentials from the environment variables in the Lambda code. Restrict access to the KMS key so that only the IT security team can access the key.
  • C. Store the database credentials in the environment variables of each Lambda function. Encrypt the environment variables by using an AWS Key Management Service (AWS KMS) customer managed key. Restrict access to the customer managed key so that only the IT security team can access the key.
  • D. Store the database credentials in AWS Secrets Manager as a secret that is associated with an AWS Key Management Service (AWS KMS) customer managed key. Attach a role to each Lambda function to provide access to the secret. Restrict access to the secret and the customer managed key so that only the IT security team can access the secret and the key.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Roontha at May 26, 2023, 1:53 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Snape
Highly Voted 2 years, 2 months ago
Selected Answer: D
Answer : D Rotation = Secret Manager (and Not Parameter store)
upvoted 14 times
...
_Jassybanga_
Most Recent 11 months, 3 weeks ago
Answer should be A , As we are talking of encryption Key rotation by customer IT key responisble person and not the database credential rotation
upvoted 2 times
...
AA001
1 year ago
Selected Answer: D
To use parameters from Parameter Store in AWS Lambda functions without using an SDK, you can use the AWS Parameters and Secrets Lambda Extension. To use parameters in a Lambda function without the Lambda extension, you must configure your Lambda function to receive configuration updates by integrating with the GetParameter API action for Parameter Store.
upvoted 1 times
...
career360guru
1 year, 9 months ago
Selected Answer: D
Option D
upvoted 1 times
...
NikkyDicky
2 years, 1 month ago
Selected Answer: D
its a D
upvoted 1 times
...
javitech83
2 years, 1 month ago
Selected Answer: D
Keys is DB credentials rotation
upvoted 2 times
...
easytoo
2 years, 2 months ago
d-d-d-d-dd-d-dd-d-d-d
upvoted 1 times
...
Jackhemo
2 years, 2 months ago
Selected Answer: A
From olabiba.ai "Based on the requirements of resolving scaling issues and minimizing licensing costs, the most cost-effective solution would be option A: Deploy Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer for the web tier and for the application tier. Use Amazon Aurora PostgreSQL with Babelfish turned on to replatform the SQL Server database."
upvoted 1 times
Just_Ninja
2 years, 1 month ago
Nice description, but A is Wrong. Parameter Store is not the best practice for Secrets based on AWS Well Architecting Framework
upvoted 2 times
...
Jackhemo
2 years, 2 months ago
Answer is D. This is for the next question.
upvoted 2 times
...
...
rbm2023
2 years, 2 months ago
Selected Answer: A
I think the answer is A the requirement is to rotate the KEY and not the password, looks like this question was created to make us chose option D. Option A stores the password in the Param Store encrypting it with KMS which is the requirement “the credentials for the production database must be encrypted with a key that only members of the IT security team's IAM user group can access.” https://docs.aws.amazon.com/systems-manager/latest/userguide/ps-integration-lambda-extensions.html Check the Authentication section.
upvoted 4 times
F_Eldin
2 years, 2 months ago
A does not satisfy the requirement "This key must be rotated on a regular basis."
upvoted 3 times
...
kejam
1 year, 7 months ago
Agreed. Requirement is to rotate the Key. KMS CMKs can be rotated: https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html
upvoted 1 times
...
...
andreitugui
2 years, 2 months ago
Selected Answer: D
Answering D
upvoted 1 times
...
Masonyeoh
2 years, 2 months ago
Selected Answer: D
D, Secret Manager is the accurate solution
upvoted 1 times
...
Roontha
2 years, 2 months ago
Answer : D Keys is DB credentials rotation
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel