ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 226 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 226
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A recent security audit identified that a company's application team injects database credentials into the environment variables of an AWS Fargate task. The company's security policy mandates that all sensitive data be encrypted at rest and in transit.
Which combination of actions should the security team take to make the application compliant with the security policy? (Choose three.)

  • A. Store the credentials securely in a file in an Amazon S3 bucket with restricted access to the application team IAM role. Ask the application team to read the credentials from the S3 object instead.
  • B. Create an AWS Secrets Manager secret and specify the key/value pairs to be stored in this secret.
  • C. Modify the application to pull credentials from the AWS Secrets Manager secret instead of the environment variables.
  • D. Add the following statement to the container instance IAM role policy:
  • E. Add the following statement to the task execution role policy:
  • F. Log in to the AWS Fargate instance, create a script to read the secret value from AWS Secrets Manager, and inject the environment variables. Ask the application team to redeploy the application.
Show Suggested Answer Hide Answer
Suggested Answer: BCE 🗳️
by vbal at Aug. 31, 2022, 1:35 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Raphaello
1 year, 4 months ago
Selected Answer: BCE
BCE are the correct answers. As mentioned before, task execution role grants the Amazon ECS container and Fargate agents permission to make AWS API calls on your behalf to fulfill the requirements of your task.
upvoted 1 times
...
pupsik
1 year, 8 months ago
Selected Answer: BCD
Task execution role is role used by ECS to prepare and execute ECS tasks. Since we want the application to pull credentials runtime, we need permissions to be given to a task role assumed by the application container, hence D , not E.
upvoted 1 times
...
addy_prepare
1 year, 11 months ago
Selected Answer: BCE
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html
upvoted 1 times
...
pal40sg
2 years, 1 month ago
Selected Answer: BCE
BCE - agreed
upvoted 1 times
...
Dmosh
2 years, 2 months ago
I dont understand why you guys vote E, where did they mention Lambda so that execution role is the answer?
upvoted 3 times
...
ITGURU51
2 years, 2 months ago
When a Lambda function is executed, it assumes an AWS Identity and Access Management (IAM) role called an execution role. This role is attached to a policy that defines the permissions that your function needs to access other AWS services and resources. Furthermore, AWS Secrets Manager is necessary to store our secrets securely. Finally point the applications to the Secrets Manager. BCE
upvoted 1 times
...
Meizhen
2 years, 6 months ago
BCE https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html
upvoted 4 times
...
sapien45
2 years, 10 months ago
Selected Answer: BCE
wassup then
upvoted 4 times
...
dmmbr
2 years, 10 months ago
BCE is correct
upvoted 1 times
...
vbal
2 years, 10 months ago
BCD good.
upvoted 2 times
vbal
2 years, 10 months ago
BCE. Task Execution Role
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel