ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 582 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 582
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A Solutions Architect is building a containerized .NET Core application that will run in AWS Fargate. The backend of the application requires Microsoft SQL Server with high availability. All tiers of the application must be highly available. The credentials used for the connection string to SQL Server should not be stored on disk within the .NET Core front-end containers.
Which strategies should the Solutions Architect use to meet these requirements?

  • A. Set up SQL Server to run in Fargate with Service Auto Scaling. Create an Amazon ECS task execution role that allows the Fargate task definition to get the secret value for the credentials to SQL Server running in Fargate. Specify the ARN of the secret in AWS Secrets Manager in the secrets section of the Fargate task definition so the sensitive data can be injected into the containers as environment variables on startup for reading into the application to construct the connection string. Set up the .NET Core service using Service Auto Scaling behind an Application Load Balancer in multiple Availability Zones.
  • B. Create a Multi-AZ deployment of SQL Server on Amazon RDS. Create a secret in AWS Secrets Manager for the credentials to the RDS database. Create an Amazon ECS task execution role that allows the Fargate task definition to get the secret value for the credentials to the RDS database in Secrets Manager. Specify the ARN of the secret in Secrets Manager in the secrets section of the Fargate task definition so the sensitive data can be injected into the containers as environment variables on startup for reading into the application to construct the connection string. Set up the .NET Core service in Fargate using Service Auto Scaling behind an Application Load Balancer in multiple Availability Zones.
  • C. Create an Auto Scaling group to run SQL Server on Amazon EC2. Create a secret in AWS Secrets Manager for the credentials to SQL Server running on EC2. Create an Amazon ECS task execution role that allows the Fargate task definition to get the secret value for the credentials to SQL Server on EC2. Specify the ARN of the secret in Secrets Manager in the secrets section of the Fargate task definition so the sensitive data can be injected into the containers as environment variables on startup for reading into the application to construct the connection string. Set up the .NET Core service using Service Auto Scaling behind an Application Load Balancer in multiple Availability Zones.
  • D. Create a Multi-AZ deployment of SQL Server on Amazon RDS. Create a secret in AWS Secrets Manager for the credentials to the RDS database. Create non- persistent empty storage for the .NET Core containers in the Fargate task definition to store the sensitive information. Create an Amazon ECS task execution role that allows the Fargate task definition to get the secret value for the credentials to the RDS database in Secrets Manager. Specify the ARN of the secret in Secrets Manager in the secrets section of the Fargate task definition so the sensitive data can be written to the non-persistent empty storage on startup for reading into the application to construct the connection string. Set up the .NET Core service using Service Auto Scaling behind an Application Load Balancer in multiple Availability Zones.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Nemer at Aug. 11, 2020, 9:14 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Nemer
Highly Voted 3 years, 7 months ago
B. Secrets Manager natively supports SQL Server on RDS. No real need to create additional 'ephemeral storage' to fetch credentials, as these can be injected to containers as environment variables. https://aws.amazon.com/premiumsupport/knowledge-center/ecs-data-security-container-task/
upvoted 34 times
rcher
3 years, 6 months ago
agreed, deploying something similar in Fargate that required secrets from secret manger.
upvoted 3 times
...
...
T14102020
Highly Voted 3 years, 7 months ago
Correct is B. RDS + Secret Manager + Without non- persistent empty storage
upvoted 5 times
...
TwinSpark
Most Recent 1 year ago
Selected Answer: B
I will go for B, No need for non-persistent emppty storage
upvoted 1 times
...
AwsBRFan
2 years, 7 months ago
Selected Answer: B
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data-secrets.html
upvoted 1 times
...
TechX
2 years, 10 months ago
Selected Answer: B
Answer: B Explanation: By default tasks in Fargate are assigned ephemeral storage. https://docs.aws.amazon.com/AmazonECS/latest/developerguide/fargate-task-storage.html https://aws.amazon.com/premiumsupport/knowledge-center/ecs-data-security-container-task/
upvoted 1 times
...
kangtamo
2 years, 10 months ago
Selected Answer: B
It should be B, retrieving RDS credentials from Secret Manager.
upvoted 1 times
...
jyrajan69
3 years, 2 months ago
Unless there is a specific reasons for using non-persistent storage the answer must be B. Best practice is to use roles, and B is the only answer with that
upvoted 1 times
...
challenger1
3 years, 5 months ago
My Answer: B B uses ECS - containers solution for Fargate
upvoted 1 times
...
AzureDP900
3 years, 5 months ago
I will go with B
upvoted 1 times
...
Suresh108
3 years, 6 months ago
method of elimination -. application must be highly available = MULTI-AZ (ONLY B and D has). out of those two environment variables works good, hence B.
upvoted 3 times
...
WhyIronMan
3 years, 6 months ago
I'll go with B
upvoted 2 times
...
Waiweng
3 years, 6 months ago
it's B
upvoted 2 times
...
blackgamer
3 years, 6 months ago
B is the answer.
upvoted 1 times
...
gsw
3 years, 6 months ago
whats the problem with D?
upvoted 4 times
...
Kian1
3 years, 6 months ago
going with B
upvoted 1 times
...
Ebi
3 years, 6 months ago
B is the correct answer
upvoted 3 times
...
01037
3 years, 7 months ago
D doesn't work?
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago