ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer - Associate DVA-C02 All Questions

View all questions & answers for the AWS Certified Developer - Associate DVA-C02 exam
Go to Exam

Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 153 discussion

Exam question from Amazon's AWS Certified Developer - Associate DVA-C02
Question #: 153
Topic #: 1
[All AWS Certified Developer - Associate DVA-C02 Questions]

A company uses a custom root certificate authority certificate chain (Root CA Cert) that is 10 KB in size to generate SSL certificates for its on-premises HTTPS endpoints. One of the company’s cloud-based applications has hundreds of AWS Lambda functions that pull data from these endpoints. A developer updated the trust store of the Lambda execution environment to use the Root CA Cert when the Lambda execution environment is initialized. The developer bundled the Root CA Cert as a text file in the Lambda deployment bundle.

After 3 months of development, the Root CA Cert is no longer valid and must be updated. The developer needs a more efficient solution to update the Root CA Cert for all deployed Lambda functions. The solution must not include rebuilding or updating all Lambda functions that use the Root CA Cert. The solution must also work for all development, testing, and production environments. Each environment is managed in a separate AWS account.

Which combination of steps should the developer take to meet these requirements MOST cost-effectively? (Choose two.)

  • A. Store the Root CA Cert as a secret in AWS Secrets Manager. Create a resource-based policy. Add IAM users to allow access to the secret.
  • B. Store the Root CA Cert as a SecureString parameter in AWS Systems Manager Parameter Store. Create a resource-based policy. Add IAM users to allow access to the policy.
  • C. Store the Root CA Cert in an Amazon S3 bucket. Create a resource-based policy to allow access to the bucket.
  • D. Refactor the Lambda code to load the Root CA Cert from the Root CA Cert’s location. Modify the runtime trust store inside the Lambda function handler.
  • E. Refactor the Lambda code to load the Root CA Cert from the Root CA Cert’s location. Modify the runtime trust store outside the Lambda function handler.
Show Suggested Answer Hide Answer
Suggested Answer: AE 🗳️
by fordiscussionstwo at Oct. 6, 2023, 1:50 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kiwtirApp
Highly Voted 1 year, 6 months ago
Selected Answer: AE
The max size of storage in Secrets Manager is 10kb. For SSM Parameter store, it's 8Kb. Correct options are A and E.
upvoted 11 times
not_a_bot_definitely
1 year, 5 months ago
Secrets Manager is not cost-effective compared to option C - S3 bucket. Question clearly asks "MOST cost-effective" https://www.examtopics.com/discussions/amazon/view/96242-exam-aws-certified-developer-associate-topic-1-question-429/ So answer is CE
upvoted 7 times
...
...
ShakthiGCP
Most Recent 5 months, 4 weeks ago
Selected Answer: AE
beyond cost effective. AWS always recommend the secured way. in that case, it will be A and E
upvoted 1 times
...
9d8dd9c
6 months, 1 week ago
In both A and B why does it say IAM user? should it not be IAM role? IAM role for Lambda to access them?
upvoted 1 times
...
65703c1
11 months, 2 weeks ago
Selected Answer: AE
AE is the correct answer.
upvoted 1 times
...
Melisa202401
1 year ago
Selected Answer: BE
This solution will meet the requirements by storing the Root CA Cert as a Secure String parameter in AWS Systems Manager Parameter Store, which is a secure and scalable service for storing and managing configuration data and secrets. The resource-based policy will allow IAM users in different AWS accounts and environments to access the parameter without requiring cross-account roles or permissions. The Lambda code will be refactored to load the Root CA Cert from the parameter store and modify the runtime trust store outside the Lambda function handler, which will improve performance and reduce latency by avoiding repeated calls to Parameter Store and trust store modifications for each invocation of the Lambda function.
upvoted 3 times
...
yingying920928
1 year, 1 month ago
Selected Answer: CE
Cost effective, use S3 instead of Secrets Manager.
upvoted 2 times
...
KarBiswa
1 year, 2 months ago
Selected Answer: AE
After going through the links : A : https://aws.amazon.com/blogs/security/use-aws-secrets-manager-to-simplify-the-management-of-private-certificates/ E : https://docs.aws.amazon.com/acm/latest/userguide/renew-private-cert.html
upvoted 1 times
...
dostonbekabdullaev
1 year, 3 months ago
Selected Answer: CE
C.E. Secrets Manager is the most expensive amongst all options. S3 seems more cost-effective. B. is incorrect, because at the end it states about accessing to the policy, not to the parameter itself.
upvoted 3 times
...
SerialiDr
1 year, 3 months ago
Selected Answer: BE
Also AE works, but BE is more cost effective.
upvoted 1 times
dostonbekabdullaev
1 year, 3 months ago
Pay attention on this part "Add IAM users to allow access to the policy." It should give an access to the parameter, not to the policy.
upvoted 3 times
...
...
CalvinL4
1 year, 4 months ago
CE should be the answer. The string size is over 4/8 kb which the parameter store allows. So, the parameter store is out. Comparing the price, s3 is much cheaper than secrets manager.
upvoted 2 times
...
rrshah83
1 year, 4 months ago
Selected Answer: AE
https://aws.amazon.com/blogs/security/use-aws-secrets-manager-to-simplify-the-management-of-private-certificates/
upvoted 1 times
...
rrshah83
1 year, 4 months ago
Selected Answer: AE
can you do resource based policies for param store?
upvoted 1 times
...
Hanny
1 year, 4 months ago
Selected Answer: CE
https://www.examtopics.com/discussions/amazon/view/96242-exam-aws-certified-developer-associate-topic-1-question-429/
upvoted 1 times
...
tqiu654
1 year, 5 months ago
Selected Answer: BD
CHatGPT: BD
upvoted 1 times
...
wonder_man
1 year, 6 months ago
Selected Answer: CE
I can't see why using AWS Secrets Manager can be cost-effective, so I'm voting for C
upvoted 4 times
...
Rameez1
1 year, 6 months ago
Selected Answer: BE
Using Parameter store is more cost effective then secrets manager.
upvoted 2 times
...
TallManDan
1 year, 6 months ago
Secrets Manager is an additional cost over Parameter Store. So if you see a question that looks for the least amount of overhead, Secrets Manager is much more versatile. But for least amount of cost, Parameter Store is included with the service for no additional costs.
upvoted 4 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago