New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon DVA-C02 Exam - Topic 1 Question 34 Discussion

Actual exam question for Amazon's DVA-C02 exam
Question #: 34
Topic #: 1
[All DVA-C02 Questions]

A company runs a payment application on Amazon EC2 instances behind an Application Load Balance The EC2 instances run in an Auto Scaling group across multiple Availability Zones The application needs to retrieve application secrets during the application startup and export the secrets as environment variables These secrets must be encrypted at rest and need to be rotated every month.

Which solution will meet these requirements with the LEAST development effort?

Show Suggested Answer Hide Answer
Suggested Answer: D

AWS Secrets Manager:Built for managing secrets, providing encryption, automatic rotation, and access control.

Customer Master Key (CMK):Provides an extra layer of control over encryption through AWS KMS.

Automatic Rotation:Enhances security by regularly changing the secret.

User Data Script:Allows secrets retrieval at instance startup and sets them as environment variables for seamless use within the application.


AWS Secrets Manager Documentation:https://docs.aws.amazon.com/secretsmanager/

AWS KMS Documentation:https://docs.aws.amazon.com/kms/

User Data for EC2 Instances:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html

by Jeannetta at Aug 28, 2024, 02:50 AM

Limited Time Offer

25%

Off

Get Premium DVA-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Melynda
3 months ago
Parameter Store is solid, but I’d still prefer Secrets Manager for sensitive data.
upvoted 0 times
...
Annita
3 months ago
Wait, can you really rotate secrets in S3 like that? Sounds sketchy.
upvoted 0 times
...
Jacinta
3 months ago
I think A is way too complicated for what it needs to do.
upvoted 0 times
...
Ty
4 months ago
I disagree, D looks more secure with automatic rotation.
upvoted 0 times
...
Laurel
4 months ago
Option B seems like the easiest way to manage secrets with minimal effort.
upvoted 0 times
...
Daniela
4 months ago
I vaguely remember that using environment variables directly isn't recommended for security reasons, so I think options A and C might not be ideal.
upvoted 0 times
...
Mari
4 months ago
I practiced a similar question where we had to choose between S3 and Secrets Manager. I feel like Secrets Manager is the way to go here, but I’m not completely confident.
upvoted 0 times
...
Darnell
4 months ago
I think option B sounds familiar; using Systems Manager Parameter Store seems like a simpler way to handle secrets, but I can't recall if it supports automatic rotation.
upvoted 0 times
...
Rima
5 months ago
I remember we discussed using AWS Secrets Manager for managing secrets, but I'm not sure if it was the best option for this scenario.
upvoted 0 times
...
Dana
5 months ago
I'm not sure about Option A with S3 and Object Lambda. That seems a bit more complex than the other options, and I'm not sure it's the "least development effort" solution.
upvoted 0 times
...
Carmen
5 months ago
I'm leaning towards Option D with Secrets Manager. The automatic rotation feature is really appealing, and the user data script to export the secrets as environment variables is a nice way to handle that requirement.
upvoted 0 times
...
Ria
5 months ago
Option B seems like the simplest approach to me. Using Systems Manager Parameter Store and the default KMS key should be straightforward, and the user data script to retrieve the secrets during startup is a nice touch.
upvoted 0 times
...
Eugene
5 months ago
Hmm, I'm a bit confused by all the different AWS services mentioned. I'll need to carefully read through the question and options to make sure I understand the differences between them.
upvoted 0 times
...
Sommer
5 months ago
This looks like a tricky question, but I think I can tackle it. The key is to find the solution that requires the least development effort while still meeting all the requirements.
upvoted 0 times
...
Elizabeth
5 months ago
Okay, let me see here. If there's no dimension applied, it should default to the most common dimensions. I'm going to go with C - Hour or Days.
upvoted 0 times
...
Barrett
1 year ago
Lol, Option A with the S3 text file rotation sounds like something my grandpa would come up with. 'Back in my day, we used to rotate secrets by hand, uphill both ways!'
upvoted 0 times
...
Hollis
1 year ago
Option D with Secrets Manager looks good, but I'm not a fan of provisioning a new customer master key. Why not just use the default AWS KMS key like in Option B? Keeps things simple.
upvoted 0 times
Virgilio
1 year ago
I see your point. It really depends on how much control you want over the encryption and rotation process.
upvoted 0 times
...
Lon
1 year ago
True, but with Secrets Manager, you don't have to worry about managing the rotation process yourself.
upvoted 0 times
...
Vanda
1 year ago
But using the default AWS KMS key in Option B is simpler and requires less setup.
upvoted 0 times
...
Gladis
1 year ago
Option D with Secrets Manager is more secure though. It automatically rotates the secrets for you.
upvoted 0 times
...
...
Julie
1 year ago
I'm not sure why anyone would want to manually rotate secrets as environment variables (Option C). That sounds like a maintenance nightmare waiting to happen. Option B is clearly the best choice here.
upvoted 0 times
...
Roosevelt
1 year ago
I agree, Option B is the way to go. It minimizes the development effort and still meets all the requirements. Rotating the secrets in Parameter Store is a nice and convenient feature.
upvoted 0 times
Avery
1 year ago
Using AWS Systems Manager Parameter Store and AWS KMS key for encryption is a smart move. Option B is definitely the way to go.
upvoted 0 times
...
Dottie
1 year ago
I agree, Option B seems like the most efficient solution for this scenario.
upvoted 0 times
...
Alease
1 year ago
I think Option B is the best choice. It's simple and meets all the requirements.
upvoted 0 times
...
...
Ollie
1 year ago
Option B seems like the easiest solution. Using Parameter Store and the default AWS KMS key is a straightforward way to manage the secrets, and the user data script and Lambda function for rotation are simple to set up.
upvoted 0 times
Dorathy
1 year ago
I agree, using Parameter Store and the default AWS KMS key makes it easy to manage secrets.
upvoted 0 times
...
Tresa
1 year ago
Option B is definitely the way to go. It's simple and efficient.
upvoted 0 times
...
...
Annice
1 year ago
I prefer option B. Using AWS Systems Manager Parameter Store and AWS KMS key seems simpler to me.
upvoted 0 times
...
Cordelia
2 years ago
I agree with Mitsue. Storing secrets in AWS Secrets Manager with automatic rotation is a good practice.
upvoted 0 times
...
Mitsue
2 years ago
I think option D is the best choice. It's secure and requires the least development effort.
upvoted 0 times
...

Save Cancel