ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 207 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 207
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company has a serverless application for internal users deployed on AWS. The application uses AWS Lambda for the front end and for business logic. The
Lambda function accesses an Amazon RDS database inside a VPC. The company uses AWS Systems Manager Parameter Store for storing database credentials.
A recent security review highlighted the following issues:
✑ The Lambda function has internet access.
✑ The relational database is publicly accessible.
✑ The database credentials are not stored in an encrypted state.
Which combination of steps should the company take to resolve these security issues? (Choose three.)

  • A. Disable public access to the RDS database inside the VPC.
  • B. Move all the Lambda functions inside the VPC.
  • C. Edit the IAM role used by Lambda to restrict internet access.
  • D. Create a VPC endpoint for Systems Manager. Store the credentials as a string parameter. Change the parameter type to an advanced parameter.
  • E. Edit the IAM role used by RDS to restrict internet access.
  • F. Create a VPC endpoint for Systems Manager. Store the credentials as a SecureString parameter.
Show Suggested Answer Hide Answer
Suggested Answer: ABF 🗳️
by viestner at March 16, 2021, 2:26 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
viestner
Highly Voted 3 years, 9 months ago
ABF. Not public access to RDS, Secure Parameter String
upvoted 27 times
...
Kdosec
Highly Voted 3 years, 8 months ago
ABF, C. Can't use IAM Role to restrict internet access. D. Change the parameter type to an advanced parameter can't help to encrypt parameters. E. Can't use IAM Role to restrict internet access.
upvoted 12 times
skipbaylessfor3
3 years, 8 months ago
Yeah also there's no such thing as an advanced parameter type in SSM Param Store. There's only String, StringList and SecureString
upvoted 6 times
...
...
Raphaello
Most Recent 1 year, 3 months ago
Selected Answer: ABF
ABF are correct.
upvoted 1 times
...
OCHT
2 years ago
Selected Answer: ACF
A. Disable public access to the RDS database inside the VPC. This will ensure that the RDS database is not publicly accessible, addressing one of the identified security issues. C. Edit the IAM role used by Lambda to restrict internet access. This will help in limiting the Lambda function's internet access, addressing another one of the security issues. It's worth noting that this might not be entirely feasible as the Lambda function still needs to access AWS services. A better approach might be to configure the Lambda function to access only necessary services/resources and use VPC endpoints where applicable. F. Create a VPC endpoint for Systems Manager. Store the credentials as a SecureString parameter. This will ensure that the database credentials are stored in an encrypted state and accessible securely within the VPC, addressing the final security issue.
upvoted 1 times
...
sapien45
2 years, 10 months ago
Selected Answer: ABF
eliminate the responses that do not make any sense, is the name of the game
upvoted 7 times
...
lotfi50
3 years ago
Selected Answer: ABF
A. B. F.
upvoted 1 times
...
hk436
3 years, 7 months ago
ABF is my answer!
upvoted 2 times
...
kiev
3 years, 7 months ago
ABF is perfect
upvoted 2 times
...
DahMac
3 years, 7 months ago
A. Move RDS to private subnet B. Lambda either has internet access for serverless (S3, Dynamob, API Gateway). or inside a VPC to access your resources thru endpoints, with no internet access. https://docs.aws.amazon.com/lambda/latest/dg/troubleshooting-networking.html "To connect to AWS services from a private subnet with no internet access, use VPC endpoints." F. See -B-
upvoted 5 times
...
skipbaylessfor3
3 years, 8 months ago
Yup I think its ABF Editing IAM roles to restrict internet access doesn't really make sense.
upvoted 3 times
...
sanjaym
3 years, 8 months ago
ABF 100%
upvoted 5 times
...
Hungdv
3 years, 8 months ago
A, B and F
upvoted 3 times
...
cldy
3 years, 9 months ago
A. B. F.
upvoted 2 times
...
DayQuil
3 years, 9 months ago
A, B, and F. All the answer choices with "restricting IAM" as an option makes no sense.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel