Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam SAP-C02 Topic 10 Question 20 Discussion

Actual exam question for Amazon's SAP-C02 exam
Question #: 20
Topic #: 10
[All SAP-C02 Questions]

A company is deploying AWS Lambda functions that access an Amazon RDS for PostgreSQL database. The company needs to launch the Lambda functions in a QA

environment and in a production environment.

The company must not expose credentials within application code and must rotate passwords automatically.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: B

The best solution is to store the database credentials for both environments in AWS Secrets Manager with distinct key entry for the QA environment and the production environment. AWS Secrets Manager is a web service that can securely store, manage, and retrieve secrets, such as database credentials. AWS Secrets Manager also supports automatic rotation of secrets by using Lambda functions or built-in rotation templates. By storing the database credentials for both environments in AWS Secrets Manager, the company can avoid exposing credentials within application code and rotate passwords automatically. By providing a reference to the Secrets Manager key as an environment variable for the Lambda functions, the company can easily access the credentials from the code by using the AWS SDK. This solution meets all the requirements of the company.


Contribute your Thoughts:

Trinidad
8 months ago
Yeah, Secrets Manager does sound like a good choice. Plus, having separate keys for the QA and production environments is a nice extra layer of security.
upvoted 0 times
Belen
8 months ago
A
upvoted 0 times
...
Carlton
8 months ago
B
upvoted 0 times
...
Esteban
8 months ago
A
upvoted 0 times
...
...
Brigette
8 months ago
Oh man, don't even joke about that! I'd be so fired if that happened on my watch. Let's definitely go with one of the more secure options here.
upvoted 0 times
...
Veda
8 months ago
Ooh, good point. KMS could be a solid option as well. Anything to avoid hardcoding those credentials in the app code is a win in my book.
upvoted 0 times
...
Vincenza
8 months ago
Totally. We don't want to end up like that one dev team that accidentally pushed their production credentials to GitHub. Yikes!
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77