Amazon Exam SAP-C02 Topic 10 Question 20 Discussion

Actual exam question for Amazon's SAP-C02 exam

Question #: 20
Topic #: 10

A company is deploying AWS Lambda functions that access an Amazon RDS for PostgreSQL database. The company needs to launch the Lambda functions in a QA

environment and in a production environment.

The company must not expose credentials within application code and must rotate passwords automatically.

Which solution will meet these requirements?

AStore the database credentials for both environments in AWS Systems Manager Parameter Store. Encrypt the credentials by using an AWS Key Management
Service (AWS KMS) key. Within the application code of the Lambda functions, pull the credentials from the Parameter Store parameter by using the AWS SDK
for Python (Bot03). Add a role to the Lambda functions to provide access to the Parameter Store parameter.

BStore the database credentials for both environments in AWS Secrets Manager with distinct key entry for the QA environment and the production environment.
Turn on rotation. Provide a reference to the Secrets Manager key as an environment variable for the Lambda functions.

CStore the database credentials for both environments in AWS Key Management Service (AWS KMS). Turn on rotation. Provide a reference to the credentials
that are stored in AWS KMS as an environment variable for the Lambda functions.

DCreate separate S3 buckets for the QA environment and the production environment. Turn on server-side encryption with AWS KMS keys (SSE-KMS) for the
S3 buckets. Use an object naming pattern that gives each Lambda function's application code the ability to pull the correct credentials for the function's
corresponding environment. Grant each Lambda function's execution role access to Amazon S3.

Show Suggested Answer

Suggested Answer: B

The best solution is to store the database credentials for both environments in AWS Secrets Manager with distinct key entry for the QA environment and the production environment. AWS Secrets Manager is a web service that can securely store, manage, and retrieve secrets, such as database credentials. AWS Secrets Manager also supports automatic rotation of secrets by using Lambda functions or built-in rotation templates. By storing the database credentials for both environments in AWS Secrets Manager, the company can avoid exposing credentials within application code and rotate passwords automatically. By providing a reference to the Secrets Manager key as an environment variable for the Lambda functions, the company can easily access the credentials from the code by using the AWS SDK. This solution meets all the requirements of the company.

by Cathrine at Nov 26, 2023, 02:26 AM

Limited Time Offer

25%

Off

Get Premium SAP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Trinidad

7 months ago

Yeah, Secrets Manager does sound like a good choice. Plus, having separate keys for the QA and production environments is a nice extra layer of security.

upvoted 0 times