Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam SAP-C02 Topic 3 Question 26 Discussion

Actual exam question for Amazon's SAP-C02 exam
Question #: 26
Topic #: 3
[All SAP-C02 Questions]

A company has Linux-based Amazon EC2 instances. Users must access the instances by using SSH with EC2 SSH Key pairs. Each machine requires a unique EC2 Key pair.

The company wants to implement a key rotation policy that will, upon request, automatically rotate all the EC2 key pairs and keep the key in a securely encrypted place. The company will accept less than 1 minute of downtime during key rotation.

Which solution will meet these requirement?

Show Suggested Answer Hide Answer
Suggested Answer: A

To meet the requirements for automatic key rotation of EC2 SSH key pairs with minimal downtime, storing the keys in AWS Secrets Manager and defining a rotation schedule is the most suitable solution. AWS Secrets Manager supports automatic rotation of secrets, including SSH keys, by invoking a Lambda function that can handle the creation of new key pairs and the replacement of public keys on EC2 instances. Updating the corresponding private keys in Secrets Manager ensures secure and centralized management of SSH keys, complying with the key rotation policy and minimizing operational overhead.


AWS Secrets Manager Documentation: Describes how to store and rotate secrets, including SSH keys, using Secrets Manager and Lambda functions.

AWS Lambda Documentation: Provides information on creating Lambda functions for custom secret rotation logic.

AWS Best Practices for Security: Highlights the importance of key rotation and how AWS services like Secrets Manager can facilitate secure and automated key management.

Contribute your Thoughts:

Adolph
5 months ago
Thanks, Selma. I just think option A might be more practical for our company's needs. But it's good to consider all the options.
upvoted 0 times
...
Selma
5 months ago
I see your point, Adolph. Option C does have the advantage of leveraging AWS KMS for key management. It could be a good choice as well.
upvoted 0 times
...
Jamal
5 months ago
I personally prefer option B. Storing keys in Parameter Store and using Systems Manager for maintenance window scheduling seems like a simple and effective solution.
upvoted 0 times
...
Adolph
6 months ago
I disagree with you, Selma. I believe option C is the most suitable choice. Importing keys into AWS KMS and setting up automatic rotation seems like a more streamlined approach.
upvoted 0 times
...
Selma
6 months ago
I think option A is the best solution. Storing keys in AWS Secrets Manager and using Lambda function for rotation sounds secure and efficient.
upvoted 0 times
...
Cheryll
6 months ago
I personally think option D is better. Adding instances to Feet Manager for key rotation seems like a straightforward approach.
upvoted 0 times
...
Yoko
6 months ago
That's true, Gilma. Option C provides automatic rotation, which could be more convenient in the long run.
upvoted 0 times
...
Gilma
6 months ago
But what about option C? Importing key pairs into AWS KMS and setting up automatic rotation also seems like a good choice.
upvoted 0 times
...
Laurena
7 months ago
I agree with Yoko. Storing keys in AWS Secrets Manager and using Lambda function for rotation seems efficient.
upvoted 0 times
...
Yoko
7 months ago
I think option A sounds like a good solution for key rotation policy.
upvoted 0 times
...
Merrilee
8 months ago
What about Option C with AWS KMS? If we can configure automatic key rotation and use EventBridge to trigger the rotation, that might be the best way to meet the downtime requirement.
upvoted 0 times
Dante
7 months ago
Option C it is then, let's implement this solution for our EC2 instances.
upvoted 0 times
...
Adelle
7 months ago
Agreed, AWS KMS with automatic key rotation and EventBridge triggering seems like the way to go.
upvoted 0 times
...
Stephaine
8 months ago
Let's go with Option C then, it seems like the most suitable solution for our needs.
upvoted 0 times
...
Lucina
8 months ago
Automatic key rotation can definitely help in keeping the instances secure without causing much downtime.
upvoted 0 times
...
Alisha
8 months ago
It's important to ensure the key rotation process is smooth and quick to meet the downtime requirement.
upvoted 0 times
...
Boris
8 months ago
I agree, configuring automatic key rotation with AWS KMS and using EventBridge for triggering sounds like a solid plan.
upvoted 0 times
...
Leatha
8 months ago
Option C sounds like a good choice. Using AWS KMS for automatic key rotation seems efficient.
upvoted 0 times
...
...
Carol
8 months ago
No kidding! I don't even want to think about the potential for human error. Automation is definitely the way to go here.
upvoted 0 times
...
Joni
8 months ago
That's a good point. KMS could handle the key rotation more seamlessly and reduce the downtime. Plus, it's a secure service for storing the keys.
upvoted 0 times
...
Leandro
8 months ago
True, but we also need to consider the downtime requirement. I'm not sure if Secrets Manager can guarantee less than 1 minute of downtime during the rotation.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77