ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 705 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 705
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company's AWS architecture currently uses access keys and secret access keys stored on each instance to access AWS services. Database credentials are hard-coded on each instance. SSH keys for command-line remote access are stored in a secured Amazon S3 bucket. The company has asked its solutions architect to improve the security posture of the architecture without adding operational complexity.
Which combination of steps should the solutions architect take to accomplish this? (Choose three.)

  • A. Use Amazon EC2 instance profiles with an IAM role
  • B. Use AWS Secrets Manager to store access keys and secret access keys
  • C. Use AWS Systems Manager Parameter Store to store database credentials
  • D. Use a secure fleet of Amazon EC2 bastion hosts for remote access
  • E. Use AWS KMS to store database credentials
  • F. Use AWS Systems Manager Session Manager for remote access
Show Suggested Answer Hide Answer
Suggested Answer: ACF 🗳️
by wasabidev at March 16, 2021, 6:37 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
wasabidev
Highly Voted 3 years, 7 months ago
I think ACF are better
upvoted 29 times
...
cnethers
Highly Voted 3 years, 7 months ago
ACF A - roles and instance profiles attached to an instance defining who and what access is a best practice B - not required if your using SSM session manager so you would not need access keys for instances C - parameter store can be used to store secrets so we are green better option would be secrets manager which password rotation D - not wrong but why would you when you can use session manager? E - just wrong F - no brainer https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html
upvoted 16 times
...
ggrodskiy
Most Recent 1 year, 10 months ago
Correct ACF.
upvoted 1 times
...
SkyZeroZx
1 year, 10 months ago
Selected Answer: ABF
I'll go with ABF I agree with @gnic - ABF - Database Credential should be stored in secret manager
upvoted 1 times
...
[Removed]
2 years, 2 months ago
Selected Answer: ACF
A - removes the need for access keys to access services, use role instead B - No need as role removes need for keys C - Correct, although i would use Secrets manager if it was up to me D - No need E - Just wrong F - Correct, best to use Session manager rather than bastion host
upvoted 1 times
...
evargasbrz
2 years, 4 months ago
Selected Answer: ABF
I'll go with ABF I agree with @gnic - ABF - Database Credential should be stored in secret manager
upvoted 1 times
...
gnic
2 years, 8 months ago
ABF - Database Credential should be stored in secret manager
upvoted 2 times
...
JYZ
3 years ago
F is not a good choice as it requires the access to console.
upvoted 1 times
...
cldy
3 years, 5 months ago
A. Use Amazon EC2 instance profiles with an IAM role C. Use AWS Systems Manager Parameter Store to store database credentials F. Use AWS Systems Manager Session Manager for remote access
upvoted 1 times
...
AzureDP900
3 years, 5 months ago
A,C,F correct
upvoted 1 times
...
acloudguru
3 years, 5 months ago
Selected Answer: ACF
ACF A - roles and instance profiles attached to an instance defining who and what access is a best practice B - not required if your using SSM session manager so you would not need access keys for instances C - parameter store can be used to store secrets so we are green better option would be secrets manager which password rotation D - not wrong but why would you when you can use session manager? E - just wrong F - no brainer https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html
upvoted 3 times
...
andylogan
3 years, 6 months ago
It's A C F
upvoted 1 times
...
Kopa
3 years, 6 months ago
A,C,F no doubt
upvoted 1 times
...
tgv
3 years, 6 months ago
AAA CCC FFF ---
upvoted 1 times
...
blackgamer
3 years, 6 months ago
ACF is the answer
upvoted 1 times
...
WhyIronMan
3 years, 6 months ago
I'll go with A, C, F
upvoted 1 times
...
vimgoru24
3 years, 6 months ago
ACF no doubts
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago