ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 936 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 936
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company runs thousands of AWS Lambda functions. The company needs a solution to securely store sensitive information that all the Lambda functions use. The solution must also manage the automatic rotation of the sensitive information.

Which combination of steps will meet these requirements with the LEAST operational overhead? (Choose two.)

  • A. Create HTTP security headers by using Lambda@Edge to retrieve and create sensitive information
  • B. Create a Lambda layer that retrieves sensitive information
  • C. Store sensitive information in AWS Secrets Manager
  • D. Store sensitive information in AWS Systems Manager Parameter Store
  • E. Create a Lambda consumer with dedicated throughput to retrieve sensitive information and create environmental variables
Show Suggested Answer Hide Answer
Suggested Answer: BC 🗳️
by example_ at Aug. 5, 2024, 12:56 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
[Removed]
Highly Voted 10 months, 1 week ago
Selected Answer: BC
C. Store sensitive information in AWS Secrets Manager. AWS Secrets Manager securely stores sensitive information and provides automatic rotation of secrets, reducing the need for manual management. B. Create a Lambda layer that retrieves sensitive information. Using a Lambda layer allows multiple Lambda functions to access the sensitive information stored in Secrets Manager without needing to duplicate retrieval logic in each function. This approach centralizes the retrieval process and reduces operational complexity.
upvoted 9 times
awisaw
9 months, 2 weeks ago
chatgpt answer is now C and D
upvoted 1 times
sOI852POL
8 months, 1 week ago
AWS public documentation and other professional forums instead, kindly!
upvoted 3 times
...
...
...
pujithacg8
Highly Voted 10 months, 2 weeks ago
D doesn't provide automatic rotation Answer will be B and C
upvoted 8 times
...
c3c7e62
Most Recent 1 month, 2 weeks ago
Selected Answer: BC
A - not relate, as question does not mention the use of HTTP. D - technical works, but does not support automatic rotation. E - not secure to use the environmental variables. Question and Concern - for the exam, have to pick option B & C. However, really wonder if the approach is practical in real world for secure solution. 1) Secrets Manager encrypt the sensitive info. Lambda Layer saves those sensitive information into /opt layer (in zip format etc) and shares with all other. However, I cannot see there is description the information is encrypted for certain format. 2) After Secret Manager rotation, how can those saved content in /opt folder be refreshed ? Open for discussion. Thanks.
upvoted 1 times
c3c7e62
1 month, 2 weeks ago
https://docs.aws.amazon.com/lambda/latest/dg/chapter-layers.html
upvoted 1 times
...
...
Sarayounisaldossary
2 months, 2 weeks ago
Selected Answer: BC
A. Lambda@Edge: Not relevant for secrets; Used for CDN/CloudFront. D. Parameter Store: Doesn’t support auto-rotation as easily as Secrets Manager. E. Env Variables: Not secure and needs manual management.
upvoted 1 times
...
LeonSauveterre
5 months, 2 weeks ago
Selected Answer: BC
A - Lambda@Edge is primarily used for managing HTTP request/response behavior in a CDN environment with Amazon CloudFront. It is not designed for securely storing or rotating sensitive information. B - By creating a layer that securely retrieves sensitive information (for example, from AWS Secrets Manager), we will reduce duplication and operational overhead. The layer can also handle the logic for retrieving updated information if needed. C - Automatic rotation is managed. D - Automatic rotation is NOT managed. E - Setting environment variables dynamically at runtime is not an efficient or scalable practice for "thousands of Lambda functions". Too much operational overhead.
upvoted 5 times
...
agbor_tambe
8 months, 4 weeks ago
Selected Answer: BC
BC is correct
upvoted 2 times
...
progounick
9 months, 4 weeks ago
Selected Answer: BC
B,C ChatGPT agrees with me
upvoted 1 times
...
komorebi
10 months, 3 weeks ago
Selected Answer: CD
Answer is CD
upvoted 1 times
...
example_
10 months, 3 weeks ago
Selected Answer: CD
https://docs.aws.amazon.com/systems-manager/latest/userguide/ps-integration-lambda-extensions.html https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/using-aws-secrets-manager-and-lambda-function-to-store-rotate-and-secure-keys/
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel