Amazon Exam DOP-C01 Topic 9 Question 56 Discussion

Actual exam question for Amazon's DOP-C01 exam

Question #: 56
Topic #: 9

A devops team uses AWS CloudFormation to build their infrastructure. The security team is concerned about sensitive parameters, such as passwords, being exposed.

Which combination of steps will enhance the security of AWS CloudFormation? (Select THREE.)

ACreate a secure string with AWS KMS and choose a KMS encryption key. Reference the ARN of the secure string, and give AWS CloudFormation permission to the KMS key for decryption.

BCreate secrets using the AWS Secrets Manager AWS::SecretsManager::Secret resource type. Reference the secret resource return attributes in resources that need a password, such as an Amazon RDS database.

CStore sensitive static data as secure strings in the AWS Systems Manager Parameter Store. Use dynamic references in the resources that need access to the data.

DStore sensitive static data in the AWS Systems Manager Parameter Store as strings. Reference the stored value using types of Systems Manager parameters.

EUse AWS KMS to encrypt the CloudFormation template.

FUse the CloudFormation NoEcho parameter property to mask the parameter value.

Show Suggested Answer

Suggested Answer: A, B, D

by Alecia at May 03, 2022, 07:47 PM

Limited Time Offer

25%

Off

Get Premium DOP-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!