Amazon Exam DVA-C02 Topic 2 Question 40 Discussion

Actual exam question for Amazon's DVA-C02 exam

Question #: 40
Topic #: 2

A company runs a payment application on Amazon EC2 instances behind an Application Load Balance The EC2 instances run in an Auto Scaling group across multiple Availability Zones The application needs to retrieve application secrets during the application startup and export the secrets as environment variables These secrets must be encrypted at rest and need to be rotated every month.

Which solution will meet these requirements with the LEAST development effort?

ASave the secrets in a text file and store the text file in Amazon S3 Provision a customer managed key Use the key for secret encryption in Amazon S3 Read the contents of the text file and read the export as environment variables Configure S3 Object Lambda to rotate the text file every month

BSave the secrets as strings in AWS Systems Manager Parameter Store and use the default AWS Key Management Service (AWS KMS) key Configure an Amazon EC2 user data script to retrieve the secrets during the startup and export as environment variables Configure an AWS Lambda function to rotate the secrets in Parameter Store every month.

CSave the secrets as base64 encoded environment variables in the application properties. Retrieve the secrets during the application startup. Reference the secrets in the application code. Write a script to rotate the secrets saved as environment variables.

DStore the secrets in AWS Secrets Manager Provision a new customer master key Use the key to encrypt the secrets Enable automatic rotation Configure an Amazon EC2 user data script to programmatically retrieve the secrets during the startup and export as environment variables

Show Suggested Answer

Suggested Answer: D

AWS Secrets Manager:Built for managing secrets, providing encryption, automatic rotation, and access control.

Customer Master Key (CMK):Provides an extra layer of control over encryption through AWS KMS.

Automatic Rotation:Enhances security by regularly changing the secret.

User Data Script:Allows secrets retrieval at instance startup and sets them as environment variables for seamless use within the application.

AWS Secrets Manager Documentation:https://docs.aws.amazon.com/secretsmanager/

AWS KMS Documentation:https://docs.aws.amazon.com/kms/

User Data for EC2 Instances:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html

by Adell at Sep 15, 2024, 09:21 PM

Limited Time Offer

25%

Off

Get Premium DVA-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Loren

29 days ago

Hmm, Option D with Secrets Manager seems tempting, but I'm not sure it's worth the extra effort compared to B. Sometimes the simplest solution is the best.

upvoted 0 times

...

2 months ago

Option B seems the most straightforward. Using Parameter Store and KMS is a well-established approach with minimal development effort.

upvoted 0 times

Youlanda

26 days ago

I think we should go with option B for the least amount of effort.

upvoted 0 times

...

Deonna

1 months ago

Yeah, it's a simple setup and doesn't require much development work.

upvoted 0 times

...

Xenia

1 months ago

I agree, option B with Parameter Store and KMS seems like the easiest solution.

upvoted 0 times

...