Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon DVA-C02 Exam - Topic 2 Question 14 Discussion

A company notices that credentials that the company uses to connect to an external software as a service (SaaS) vendor are stored in a configuration file as plaintext.The developer needs to secure the API credentials and enforce automatic credentials rotation on a quarterly basis.Which solution will meet these requirements MOST securely?
C) Store the credentials in AWS Secrets Manager and enable rotation. Configure the API to have Secrets Manager access.
A) Use AWS Key Management Service (AWS KMS) to encrypt the configuration file. Decrypt the configuration file when users make API calls to the SaaS vendor. Enable rotation.
B) Retrieve temporary credentials from AWS Security Token Service (AWS STS) every 15 minutes. Use the temporary credentials when users make API calls to the SaaS vendor.
D) Store the credentials in AWS Systems Manager Parameter Store and enable rotation. Retrieve the credentials when users make API calls to the SaaS vendor.

Amazon DVA-C02 Exam - Topic 2 Question 14 Discussion

Actual exam question for Amazon's DVA-C02 exam
Question #: 14
Topic #: 2
[All DVA-C02 Questions]

A company notices that credentials that the company uses to connect to an external software as a service (SaaS) vendor are stored in a configuration file as plaintext.

The developer needs to secure the API credentials and enforce automatic credentials rotation on a quarterly basis.

Which solution will meet these requirements MOST securely?

Show Suggested Answer Hide Answer
Suggested Answer: C

Store the credentials in AWS Secrets Manager and enable rotation. Configure the API to have Secrets Manager access. This is correct. This solution will meet the requirements most securely, because it uses a service that is designed to store and manage secrets such as API credentials.AWS Secrets Manager helps you protect access to your applications, services, and IT resources by enabling you to rotate, manage, and retrieve secrets throughout their lifecycle1.You can store secrets such as passwords, database strings, API keys, and license codes as encrypted values2.You can also configure automatic rotation of your secrets on a schedule that you specify3.You can use the AWS SDK or CLI to retrieve secrets from Secrets Manager when you need them4. This way, you can avoid storing credentials in plaintext files or hardcoding them in your code.


by Dulce at Oct 06, 2023, 11:43 AM

Limited Time Offer

25%

Off

Get Premium DVA-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Brock
6 months ago
D is a solid option too, but C has rotation built-in.
upvoted 0 times
...
Shonda
7 months ago
Surprised that people still store creds in plaintext!
upvoted 0 times
...
Angelica
7 months ago
A seems a bit outdated, isn't it?
upvoted 0 times
...
Quentin
7 months ago
I think B is more secure with temporary credentials.
upvoted 0 times
...
Kristeen
7 months ago
Option C is the best choice for secure credential management.
upvoted 0 times
...
Antonette
7 months ago
I vaguely remember a practice question about using temporary credentials with AWS STS. That could be a good approach, but does it really meet the rotation requirement?
upvoted 0 times
...
Izetta
8 months ago
I’m a bit confused about the difference between Secrets Manager and Parameter Store. I feel like both could work, but I need to recall which one is better for rotation.
upvoted 0 times
...
Ammie
8 months ago
I think using AWS Secrets Manager sounds familiar; it seems like a solid choice for securely storing and rotating credentials.
upvoted 0 times
...
Corinne
8 months ago
I remember we discussed the importance of not storing credentials in plaintext, but I'm not sure if KMS is the best option for automatic rotation.
upvoted 0 times
...
Amber
8 months ago
Option B with temporary credentials from AWS STS sounds interesting, but I'm not sure if that's the most secure approach in this case. I'll need to think through the implications of that approach more carefully.
upvoted 0 times
...
Erick
8 months ago
Hmm, I'm a bit unsure about this one. I'm trying to weigh the pros and cons of the different options. I think I need to review the AWS services in more detail to make sure I understand the differences between them.
upvoted 0 times
...
Arminda
8 months ago
This looks like a straightforward security question. I'd go with option C - storing the credentials in AWS Secrets Manager and enabling rotation. That seems like the most secure and automated solution.
upvoted 0 times
...
Carri
8 months ago
I'm pretty confident that option C is the way to go here. Storing the credentials in a secure service like AWS Secrets Manager and automating the rotation is the best way to meet the requirements while maintaining security.
upvoted 0 times
...
Cecil
8 months ago
Okay, I've got a strategy here. The key clues are the lack of fast-forward and download options. That suggests the recording is of a secure session, so I'm going to go with option A.
upvoted 0 times
...
Jaclyn
8 months ago
Okay, I think I've got this. "Move-in" must refer to the time when guests are expected to arrive and check into their rooms. That makes the most sense based on the options provided.
upvoted 0 times
...
Thurman
8 months ago
Whew, this is a tough one. I'm a bit unsure about the different relationship types and how they would work here. I'll need to review the material on object relationships carefully and maybe even ask the instructor for some clarification before attempting this.
upvoted 0 times
...

Save Cancel