ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS DevOps Engineer Professional All Questions

View all questions & answers for the AWS DevOps Engineer Professional exam
Go to Exam

Exam AWS DevOps Engineer Professional topic 1 question 116 discussion

Exam question from Amazon's AWS DevOps Engineer Professional
Question #: 116
Topic #: 1
[All AWS DevOps Engineer Professional Questions]

A large enterprise is deploying a web application on AWS. The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application stores data in an Amazon RDS Oracle DB instance and Amazon DynamoDB. There are separate environments for development, testing, and production.

What is the MOST secure and flexible way to obtain password credentials during deployment?

  • A. Retrieve an access key from an AWS Systems Manager SecureString parameter to access AWS services. Retrieve the database credentials from a Systems Manager SecureString parameter.
  • B. Launch the EC2 instances with an EC2 IAM role to access AWS services. Retrieve the database credentials from AWS Secrets Manager.
  • C. Retrieve an access key from an AWS Systems Manager plaintext parameter to access AWS services. Retrieve the database credentials from a Systems Manager SecureString parameter.
  • D. Launch the EC2 instances with an EC2 IAM role to access AWS services. Store the database passwords in an encrypted config file with the application artifacts.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by adozoo at Nov. 27, 2022, 8:18 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
bgc1
2 years, 2 months ago
Selected Answer: B
Store secrets in secrets manager and access that using an IAM role
upvoted 1 times
...
Piccaso
2 years, 3 months ago
Selected Answer: C
B and D are eliminated. Between A and C, maybe C ....
upvoted 1 times
vn_thanhtung
1 year ago
stupid
upvoted 1 times
...
...
Bulti
2 years, 3 months ago
Selected Answer: B
B is correct way to handle DB credentials inside an application.
upvoted 1 times
...
Imstack
2 years, 4 months ago
B - correct
upvoted 1 times
...
SatenderRathee
2 years, 5 months ago
Selected Answer: B
Option B is the most secure and flexible way to obtain password credentials during deployment because it uses an IAM role to grant permissions to the EC2 instances to access AWS services. The database credentials can be securely stored in AWS Secrets Manager and accessed by the EC2 instances when needed. Using an IAM role eliminates the need to manage access keys, which can be a security risk if they are not properly protected. In addition, using AWS Secrets Manager to store the database credentials allows for easy rotation and management of the credentials.
upvoted 1 times
...
SmileyCloud
2 years, 5 months ago
Selected Answer: B
B - Correct. You want a role to access AWS service so you don't have to worry about access keys and passwords.
upvoted 3 times
...
adozoo
2 years, 5 months ago
Selected Answer: B
Role and Secrets or system manager paramater store.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago