ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer - Associate DVA-C02 All Questions

View all questions & answers for the AWS Certified Developer - Associate DVA-C02 exam
Go to Exam

Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 359 discussion

Exam question from Amazon's AWS Certified Developer - Associate DVA-C02
Question #: 359
Topic #: 1
[All AWS Certified Developer - Associate DVA-C02 Questions]

A company has an application that uses an AWS Lambda function to process data. A developer must implement encryption in transit for all sensitive configuration data, such as API keys, that is stored in the application. The developer creates an AWS Key Management Service (AWS KMS) customer managed key.

What should the developer do next to meet the encryption requirement?

  • A. Create parameters of the String type in AWS Systems Manager Parameter Store. For each parameter, specify the KMS key ID to encrypt the parameter in transit. Reference the GetParameter API call in the Lambda environment variables.
  • B. Create secrets in AWS Secrets Manager by using the customer managed KMS key. Create a new Lambda function and set up a Lambda layer. Configure the Lambda layer to retrieve the values from Secrets Manager.
  • C. Create objects in Amazon S3 for each sensitive data field. Specify the customer managed KMS key to encrypt the object. Configure the Lambda function to retrieve the objects from Amazon S3 during data processing.
  • D. Create encrypted Lambda environment variables. Specify the customer managed KMS key to encrypt the variables. Enable encryption helpers for encryption in transit. Grant permission to the Lambda function's execution role to access the KMS key.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by cachac at June 30, 2024, 11:54 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
cachac
Highly Voted 10 months, 1 week ago
Selected Answer: D
Considering: "API keys, that is stored in the application". D is the most direct approach. Lambda supports encrypting environment variables with a KMS key, eliminating the need for additional services or layers.
upvoted 8 times
...
lak_83
Most Recent 2 months ago
Selected Answer: B
Answer is B and it does provide more flexibility than D
upvoted 1 times
...
bp07
3 months, 3 weeks ago
Selected Answer: A
I feel it should be A. D can't be used as this approach does not use encryption in transit when retrieving sensitive data, as the data is embedded directly in the Lambda configuration.
upvoted 1 times
...
CloudChingon
5 months, 2 weeks ago
Selected Answer: B
AWS Secret Manager and pulling the secrets from it using layers sounds reasonable to me. I have seen that implementation in real life.
upvoted 1 times
...
preachr
7 months ago
Selected Answer: D
https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars-encryption.html
upvoted 1 times
...
tomchandler077
9 months, 2 weeks ago
OPTION B ---CORRECT . To meet the requirement of encrypting sensitive configuration data in transit while using it within an AWS Lambda function, the developer should leverage AWS Secrets Manager. Secrets Manager is specifically designed for handling and securing sensitive information like API keys, database credentials, and similar data, making it suitable for this scenario.
upvoted 1 times
...
[Removed]
10 months ago
D is the correct answer
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago