ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 78 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 78
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A company has an application that calls AWS Lambda functions. A code review shows that database credentials are stored in a Lambda function's source code, which violates the company's security policy. The credentials must be securely stored and must be automatically rotated on an ongoing basis to meet security policy requirements.
What should a solutions architect recommend to meet these requirements in the MOST secure manner?

  • A. Store the password in AWS CloudHSM. Associate the Lambda function with a role that can use the key ID to retrieve the password from CloudHSM. Use CloudHSM to automatically rotate the password.
  • B. Store the password in AWS Secrets Manager. Associate the Lambda function with a role that can use the secret ID to retrieve the password from Secrets Manager. Use Secrets Manager to automatically rotate the password.
  • C. Store the password in AWS Key Management Service (AWS KMS). Associate the Lambda function with a role that can use the key ID to retrieve the password from AWS KMS. Use AWS KMS to automatically rotate the uploaded password.
  • D. Move the database password to an environment variable that is associated with the Lambda function. Retrieve the password from the environment variable by invoking the function. Create a deployment script to automatically rotate the password.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by SMS123579 at Aug. 22, 2021, 9:12 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
sanc
Highly Voted 3 years, 8 months ago
b secret manager
upvoted 12 times
...
gargaditya
Highly Voted 3 years, 6 months ago
B.Secrets Manager B.AWS Secrets Manager Secrets Manager: It was designed specifically for confidential information (like database credentials, API keys) that needs to be encrypted, so the creation of a secret entry has encryption enabled by default. It also gives additional functionality like rotation of keys. Systems Manager Parameter Store: It was designed to cater to a wider use case, not just secrets or passwords, but also application configuration variables like URLs, Custom settings, AMI IDs, License keys, etc. Secrets Manager offers rotation of keys inbuilt. It is integrated well with RDS. ================== KMS is altogether different concept.
upvoted 12 times
gargaditya
3 years, 6 months ago
KMS is a service that manages encryption keys('Customer Master keys',not Data keys). A 'data key' is used to encrypt the actual data data. CMK is basically used to protect the data key which is used for encrypting data. To decrypt the data,one calls the KMS service and uses the CMK to decrypt the 'data key'.Once we have the decrypted(plaintext) data key, we use the same to decrypt the actual data. When thinking KMS/CMK--- -think about Cx managed/Aws Managed Keys as options -think encryption at rest -think encrypting master key, not data key ======================= HSM is alternative to KMS for encrypting same CMK. AWS provisions the encryption hardware ,not the software.
upvoted 8 times
...
...
YCccccc
Most Recent 2 years, 5 months ago
Selected Answer: B
BBBBBBBBBBBBB
upvoted 1 times
...
queen101
2 years, 10 months ago
BBBBBBBBBBBBBBBBB
upvoted 1 times
...
Alfene
2 years, 10 months ago
Selected Answer: B
Bi is the best answer
upvoted 1 times
...
marklovesaws143
2 years, 10 months ago
Selected Answer: B
BBBBBBBBBB
upvoted 1 times
...
slcheng
2 years, 11 months ago
Selected Answer: B
Vote B. Right for the purpose.
upvoted 1 times
...
aws_aspirant
3 years, 6 months ago
BBBBBBBBBBBBBBBBBB
upvoted 2 times
...
Xavier1964
3 years, 6 months ago
Selected Answer: B
b secret manager
upvoted 1 times
...
Martin_Do
3 years, 7 months ago
Sure B
upvoted 2 times
...
dhakad05
3 years, 7 months ago
B is the one
upvoted 2 times
...
georgebab
3 years, 7 months ago
B: You can now use AWS Secrets Manager to rotate credentials for Oracle, Microsoft SQL Server, or MariaDB databases hosted on Amazon Relational Database Service (Amazon RDS) automatically
upvoted 4 times
...
SMS123579
3 years, 8 months ago
Correct : B
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel