ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 354 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 354
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company’s policies require that code be validated to ensure that the code has not been altered before invocation. A security engineer needs to update code in an AWS Lambda function. The developer has finalized the code and has stored the code in an Amazon S3 bucket.

Which combination of steps should the security engineer take to meet these requirements? (Choose two.)

  • A. Deploy the new code in a zip file to the S3 bucket.
  • B. Invoke a signing job by using AWS Signer. Deploy the new signed code to the Lambda function.
  • C. Use AWS Key Management Service (AWS KMS) to encrypt the code.
  • D. Analyze the code with Amazon CodeGuru.
  • E. Store all passwords in AWS Secrets Manager.
Show Suggested Answer Hide Answer
Suggested Answer: AB 🗳️
by AdamWest at Nov. 26, 2022, 6:14 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Subs2021
Highly Voted 2 years, 4 months ago
Selected Answer: AB
Check this https://aws.amazon.com/blogs/security/best-practices-and-advanced-patterns-for-lambda-code-signing/
upvoted 8 times
Wilson_S
2 years, 4 months ago
I am going to go with AB as I can’t find any documentation online that shows AWS Signer integration with AWS KMS. Thanks for the link above!
upvoted 2 times
...
...
ryogoku
Highly Voted 2 years, 4 months ago
Selected Answer: AB
Signer works on zip files. No need to encrypt the code, therefore I believe C is incorrect.
upvoted 5 times
...
Olawale100
Most Recent 1 year, 7 months ago
A -> Create and Zip file and B -> AWS Signer The two tasks works. C -> while valid does not seem to supported by any AWS documentation
upvoted 1 times
...
TECHNOWARRIOR
1 year, 10 months ago
AWS Signer can be used to sign the zipped Lambda function, which will encrypt the code package and add a signature to it. This signature can then be used by Lambda to verify the integrity of the code package when it is deployed. Option C cannot be the answer.
upvoted 1 times
...
Samcert
1 year, 11 months ago
Selected Answer: AB
https://aws.amazon.com/blogs/security/best-practices-and-advanced-patterns-for-lambda-code-signing/#:~:text=code%20analysis%20controls.-,Basic%20pattern%3A,-Figure%202%20shows "The basic code signing pattern uses AWS Signer on a ZIP file and calls a create API to install the signed artifact in Lambda."
upvoted 1 times
...
Toptip
1 year, 11 months ago
Selected Answer: AB
A+B easy one..
upvoted 1 times
...
c73bf38
2 years, 2 months ago
Selected Answer: AB
Need to validate that the code has not been altered before invocation, therefore A and B are the correct choices.
upvoted 2 times
...
Smartphone
2 years, 4 months ago
Current Answer is AB. Upload the lambda code in a zipped format to S3 bucket is one of the requirement for Lambda code signing. Encryption is not an requirement for code signing. So 'C' could not be the answer.
upvoted 2 times
...
jishrajesh
2 years, 4 months ago
Selected BC
upvoted 1 times
...
Teknoklutz
2 years, 4 months ago
Selected Answer: AB
https://aws.amazon.com/blogs/security/best-practices-and-advanced-patterns-for-lambda-code-signing/ https://docs.aws.amazon.com/lambda/latest/dg/configuration-codesigning.html
upvoted 4 times
...
Pabzzzz
2 years, 4 months ago
AB - signer needs a zipline plus there is no ask to encrypt
upvoted 2 times
...
maddyr
2 years, 5 months ago
Selected Answer: BC
B : code signing for authenticity and integrity C : kms - symmetric/HMAC for verifying integrity
upvoted 2 times
...
landsamboni
2 years, 5 months ago
Selected Answer: BC
BC agree
upvoted 3 times
...
AdamWest
2 years, 5 months ago
Selected Answer: BC
BC - To verify code integrity, use AWS Signer to create digitally signed code packages for functions and layers. When a user attempts to deploy a code package, Lambda performs validation checks on the code package before accepting the deployment. Because code signing validation checks run at deployment time, there is no performance impact on function execution. https://docs.aws.amazon.com/lambda/latest/dg/configuration-codesigning.html and Encrypt - With a KMS key to sign and verify.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago