ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 115 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 115
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company needs to follow security best practices to deploy resources from an AWS CloudFormation template. The CloudFormation template must be able to configure sensitive database credentials.

The company already uses AWS Key Management Service (AWS KMS) and AWS Secrets Manager.

Which solution will meet the requirements?

  • A. Use a dynamic reference in the CloudFormation template to reference the database credentials in Secrets Manager.
  • B. Use a parameter in the CloudFormation template to reference the database credentials. Encrypt the CloudFormation template by using AWS KMS.
  • C. Use a SecureString parameter in the CloudFormation template to reference the database credentials in Secrets Manager.
  • D. Use a SecureString parameter in the CloudFormation template to reference an encrypted value in AWS KMS.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by oioi at Nov. 23, 2023, 10:44 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Aamee
Highly Voted 1 year ago
Since this is the last question here so maybe I can post it here. I've passed this exam with a score of 926. Only few of the questions were not from this exam material but else, everything came from here. Would like to thanks to all of you who helped in answering my queries and got my concept clarified!... Man_Kind, Agboola and others, you guys simply rock, thanks once again so much! :)
upvoted 19 times
giancesarini2023
1 year ago
@Aamee, do you think there is a question from 1 to 50? I'm only studying from 50 to 115.
upvoted 2 times
...
...
saptati
Highly Voted 9 months, 2 weeks ago
I took the exam on 13 Feb 2024. Around 25 questions came from here. The rest I answered by myself. If you are an experienced AWS Professional, you won't find it difficult to pass the exam. If you are a novice, then wait for the exam topics to update the question bank. The 121 questions aren't enough. All the best, and thanks everyone for contributing to the discussion.
upvoted 6 times
saptati
9 months, 2 weeks ago
Correction, I took the exam on 13 March 2024.
upvoted 2 times
...
...
phmeeeee
Most Recent 2 months, 3 weeks ago
Selected Answer: A
all the invalid options are to store sensitive information (the RDS database password in this case) in PLAINTEXT format.
upvoted 1 times
...
nn67
10 months, 4 weeks ago
A keyword dynamic reference
upvoted 2 times
...
Pmktechno
11 months ago
Yesterday I took this exam (Feb 1st) single question also wasn't came from this set of questions. Please wait examtopics team should be update soon new set of questions.
upvoted 3 times
...
brpjp
11 months, 2 weeks ago
Hello, I passed exam with 956 score. Thank you all for contributing and correcting the answers.
upvoted 1 times
alexleely
11 months, 1 week ago
when did you take the exam?
upvoted 1 times
...
...
Aamee
1 year, 1 month ago
Selected Answer: A
Yup, for sure it should be A. Here's the summary: "Updating a secret in Secrets Manager doesn't automatically update the secret in CloudFormation. In order for CloudFormation to update a secretsmanager dynamic reference, you must perform a stack update that updates the resource containing the dynamic reference, either by updating the resource property that contains the secretsmanager dynamic reference, or updating another of the resource's properties."
upvoted 1 times
...
[Removed]
1 year, 1 month ago
Selected Answer: A
A. See below https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html#dynamic-references-secretsmanager
upvoted 4 times
...
oioi
1 year, 1 month ago
Selected Answer: A
correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel