Amazon Exam DVA-C02 Topic 1 Question 34 Discussion

Actual exam question for Amazon's DVA-C02 exam

Question #: 34
Topic #: 1

A company runs a payment application on Amazon EC2 instances behind an Application Load Balance The EC2 instances run in an Auto Scaling group across multiple Availability Zones The application needs to retrieve application secrets during the application startup and export the secrets as environment variables These secrets must be encrypted at rest and need to be rotated every month.

Which solution will meet these requirements with the LEAST development effort?

ASave the secrets in a text file and store the text file in Amazon S3 Provision a customer managed key Use the key for secret encryption in Amazon S3 Read the contents of the text file and read the export as environment variables Configure S3 Object Lambda to rotate the text file every month

BSave the secrets as strings in AWS Systems Manager Parameter Store and use the default AWS Key Management Service (AWS KMS) key Configure an Amazon EC2 user data script to retrieve the secrets during the startup and export as environment variables Configure an AWS Lambda function to rotate the secrets in Parameter Store every month.

CSave the secrets as base64 encoded environment variables in the application properties. Retrieve the secrets during the application startup. Reference the secrets in the application code. Write a script to rotate the secrets saved as environment variables.

DStore the secrets in AWS Secrets Manager Provision a new customer master key Use the key to encrypt the secrets Enable automatic rotation Configure an Amazon EC2 user data script to programmatically retrieve the secrets during the startup and export as environment variables

Show Suggested Answer

Suggested Answer: D

AWS Secrets Manager:Built for managing secrets, providing encryption, automatic rotation, and access control.

Customer Master Key (CMK):Provides an extra layer of control over encryption through AWS KMS.

Automatic Rotation:Enhances security by regularly changing the secret.

User Data Script:Allows secrets retrieval at instance startup and sets them as environment variables for seamless use within the application.

AWS Secrets Manager Documentation:https://docs.aws.amazon.com/secretsmanager/

AWS KMS Documentation:https://docs.aws.amazon.com/kms/

User Data for EC2 Instances:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html

by Jeannetta at Aug 28, 2024, 02:50 AM

Limited Time Offer

25%

Off

Get Premium DVA-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Barrett

2 months ago

Lol, Option A with the S3 text file rotation sounds like something my grandpa would come up with. 'Back in my day, we used to rotate secrets by hand, uphill both ways!'

upvoted 0 times

...

3 months ago

I agree, Option B is the way to go. It minimizes the development effort and still meets all the requirements. Rotating the secrets in Parameter Store is a nice and convenient feature.

upvoted 0 times

Avery

2 months ago

Using AWS Systems Manager Parameter Store and AWS KMS key for encryption is a smart move. Option B is definitely the way to go.

upvoted 0 times

...

Dottie

2 months ago

I agree, Option B seems like the most efficient solution for this scenario.

upvoted 0 times

...

Alease

2 months ago

I think Option B is the best choice. It's simple and meets all the requirements.

upvoted 0 times

...

4 months ago

I think option D is the best choice. It's secure and requires the least development effort.

upvoted 0 times

...