ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 409 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 409
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company is deploying AWS Lambda functions that access an Amazon RDS for PostgreSQL database. The company needs to launch the Lambda functions in a QA environment and in a production environment.

The company must not expose credentials within application code and must rotate passwords automatically.

Which solution will meet these requirements?

  • A. Store the database credentials for both environments in AWS Systems Manager Parameter Store. Encrypt the credentials by using an AWS Key Management Service (AWS KMS) key. Within the application code of the Lambda functions, pull the credentials from the Parameter Store parameter by using the AWS SDK for Python (Boto3). Add a role to the Lambda functions to provide access to the Parameter Store parameter.
  • B. Store the database credentials for both environments in AWS Secrets Manager with distinct key entry for the QA environment and the production environment. Turn on rotation. Provide a reference to the Secrets Manager key as an environment variable for the Lambda functions.
  • C. Store the database credentials for both environments in AWS Key Management Service (AWS KMS). Turn on rotation. Provide a reference to the credentials that are stored in AWS KMS as an environment variable for the Lambda functions.
  • D. Create separate S3 buckets for the QA environment and the production environment. Turn on server-side encryption with AWS KMS keys (SSE-KMS) for the S3 buckets. Use an object naming pattern that gives each Lambda function’s application code the ability to pull the correct credentials for the function's corresponding environment. Grant each Lambda function's execution role access to Amazon S3.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by cypkir at Nov. 22, 2023, 8:32 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
shaaam80
Highly Voted 1 year, 6 months ago
Selected Answer: B
Answer B. Always remember - Automatic Password Rotation - AWS Secrets Manager!
upvoted 13 times
...
AzureDP900
Most Recent 7 months, 2 weeks ago
B is perfect
upvoted 1 times
...
career360guru
1 year, 3 months ago
Selected Answer: B
Option B
upvoted 1 times
...
SwapnilAWS
1 year, 5 months ago
Option : B is the correct answer While AWS Systems Manager Parameter Store is a valid service for storing configuration data, including secrets, using AWS KMS for encryption and Boto3 for retrieval, it lacks the built-in support for automatic rotation of secrets AWS KMS is primarily designed for managing cryptographic keys and does not provide built-in support for storing and rotating secrets like database credentials. While AWS KMS key rotation is available, it is intended for cryptographic key rotation rather than the rotation of sensitive data like passwords.
upvoted 1 times
...
bjexamprep
1 year, 5 months ago
Selected Answer: B
The correct solution should be: Store the database credentials for both environments in AWS Secrets Manager with distinct key entry for the QA environment and the production environment. Enable a Lambda function to rotate the secrets regularly. Create a KMS key for each secret and use them to encrypt the credentials. Assign permissions to allow the business Lambda function to retrieve the credential from Secret manager and decrypt the credential with the KMS key. B is not ideal but is the only acceptable answer: “Turn on rotation.”: In Secret Manager, you must enable a Lambda function to rotate the credential “Provide a reference to the Secrets Manager key as an environment variable for the Lambda functions. “ permission must be set to allow the Lambda function to use the Key to decrypt the credential.
upvoted 1 times
...
career360guru
1 year, 5 months ago
Selected Answer: B
Option B
upvoted 1 times
...
GabrielDeBiasi
1 year, 7 months ago
Selected Answer: B
"rotate passwords automatically" -> AWS Secrets Manager
upvoted 3 times
...
thala
1 year, 7 months ago
Selected Answer: B
AWS Secrets Manager with Rotation Enabled:
upvoted 2 times
...
devalenzuela86
1 year, 7 months ago
Selected Answer: B
B for sure
upvoted 1 times
...
321swa
1 year, 7 months ago
Correct Answer is B
upvoted 1 times
...
cypkir
1 year, 7 months ago
Selected Answer: B
Answer: B
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel