Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location
Mob_nav_barsMENU

Amazon Exam SAP-C02 Topic 10 Question 20 Discussion

Actual exam question for Amazon's SAP-C02 exam
Question #: 20
Topic #: 10
[All SAP-C02 Questions]

A company is deploying AWS Lambda functions that access an Amazon RDS for PostgreSQL database. The company needs to launch the Lambda functions in a QA

environment and in a production environment.

The company must not expose credentials within application code and must rotate passwords automatically.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: B

The best solution is to store the database credentials for both environments in AWS Secrets Manager with distinct key entry for the QA environment and the production environment. AWS Secrets Manager is a web service that can securely store, manage, and retrieve secrets, such as database credentials. AWS Secrets Manager also supports automatic rotation of secrets by using Lambda functions or built-in rotation templates. By storing the database credentials for both environments in AWS Secrets Manager, the company can avoid exposing credentials within application code and rotate passwords automatically. By providing a reference to the Secrets Manager key as an environment variable for the Lambda functions, the company can easily access the credentials from the code by using the AWS SDK. This solution meets all the requirements of the company.


by Cathrine at Nov 26, 2023, 02:26 AM

Limited Time Offer

25%

Off

Get Premium SAP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Florencia
2 days ago
I agree, B seems like the most secure option.
upvoted 0 times
...
Jade
8 days ago
Option B is the best choice! Secrets Manager is perfect for this.
upvoted 0 times
...
Lashon
14 days ago
I don't think using S3 buckets is a good idea for storing credentials. We talked about security best practices, and that just seems risky compared to the other options.
upvoted 0 times
...
Vallie
19 days ago
I feel like using AWS KMS directly for storing credentials might not be the best choice. We had a similar practice question, and it seemed like Secrets Manager was preferred for this kind of use case.
upvoted 0 times
...
Flo
25 days ago
I'm not entirely sure, but I think Parameter Store can also work. We practiced a question where we pulled credentials from there, but I’m not confident about the rotation part.
upvoted 0 times
...
Skye
1 month ago
I remember we discussed using AWS Secrets Manager for storing credentials because it handles rotation automatically. That seems like a solid option here.
upvoted 0 times
...
Hillary
1 month ago
Option B with Secrets Manager is my pick. Keeping the credentials separate for the QA and production environments, and having them automatically rotate, is exactly what the question is asking for. Plus, it's a managed service so I don't have to worry about the underlying implementation details. Seems like the cleanest and most straightforward solution.
upvoted 0 times
...
Pamella
1 month ago
Hmm, I'm not sure about this one. All the options seem to have their pros and cons. I might need to sketch out a diagram or something to visualize how each solution would work in practice. The key is finding the one that best meets all the requirements without introducing any unnecessary complexity.
upvoted 0 times
...
Luisa
1 month ago
Option A with the Parameter Store seems like a good solution. Storing the credentials in an encrypted parameter and using an IAM role to access them is a pretty standard way to handle this kind of thing. The automatic rotation is a nice bonus too. I feel pretty good about this being the right answer.
upvoted 0 times
...
Willodean
1 month ago
I'm a bit confused by this question. There are a few different options, and I'm not sure which one is the best approach. I think I'd need to do some more research on the different AWS services and how they work together before I could confidently answer this.
upvoted 0 times
...
Cordelia
1 month ago
This looks like a pretty straightforward question. I'd go with option B - storing the credentials in Secrets Manager and using environment variables to reference them. That way, the credentials are securely stored and automatically rotated, and I don't have to worry about hardcoding them in the application code.
upvoted 0 times
...
Jacki
1 month ago
Okay, let me break this down. The question is asking about the type of audit that reviews an entity's operating procedures and methods. That sounds like it could be an operational audit, but I want to double-check the other options just to be sure.
upvoted 0 times
...
Oliva
1 month ago
Okay, I think I've got it. Option B about the insurance company using data from a connected car to raise rates is a clear example of a privacy risk with IoT devices. That's the one that stands out to me.
upvoted 0 times
...
Genevieve
1 month ago
The CSV export option seems like it might not be the most efficient way to get the logs into Splunk. I'm leaning towards the syslog or Splunk options, but I'll need to review the details.
upvoted 0 times
...
Trinidad
2 years ago
Yeah, Secrets Manager does sound like a good choice. Plus, having separate keys for the QA and production environments is a nice extra layer of security.
upvoted 0 times
Belen
2 years ago
A
upvoted 0 times
...
Carlton
2 years ago
B
upvoted 0 times
...
Esteban
2 years ago
A
upvoted 0 times
...
...
Brigette
2 years ago
Oh man, don't even joke about that! I'd be so fired if that happened on my watch. Let's definitely go with one of the more secure options here.
upvoted 0 times
...
Veda
2 years ago
Ooh, good point. KMS could be a solid option as well. Anything to avoid hardcoding those credentials in the app code is a win in my book.
upvoted 0 times
...
Vincenza
2 years ago
Totally. We don't want to end up like that one dev team that accidentally pushed their production credentials to GitHub. Yikes!
upvoted 0 times
...

Save Cancel