nerdexam
Amazon

DVA-C02 · Question #171

A company is using Amazon OpenSearch Service to implement an audit monitoring system. A developer needs to create an AWS CloudFormation custom resource that is associated with an AWS Lambda function t

The correct answer is D. Use CloudFormation to create an AWS Secrets Manager secret. Use a CloudFormation dynamic. Solution (D) is the most secure way to pass the credentials to the Lambda function because it uses AWS Secrets Manager to store the credentials in encrypted form.

Submitted by diego_uy· Mar 5, 2026Security

Question

A company is using Amazon OpenSearch Service to implement an audit monitoring system. A developer needs to create an AWS CloudFormation custom resource that is associated with an AWS Lambda function to configure the OpenSearch Service domain. The Lambda function must access the OpenSearch Service domain by using OpenSearch Service internal master user credentials. What is the MOST secure way to pass these credentials to the Lambda function?

Options

  • AUse a CloudFormation parameter to pass the master user credentials at deployment to the
  • BUse a CloudFormation parameter to pass the master user credentials at deployment to the
  • CUse a CloudFormation parameter to pass the master user credentials at deployment to the
  • DUse CloudFormation to create an AWS Secrets Manager secret. Use a CloudFormation dynamic

How the community answered

(37 responses)
  • A
    11% (4)
  • B
    3% (1)
  • C
    5% (2)
  • D
    81% (30)

Explanation

Solution (D) is the most secure way to pass the credentials to the Lambda function because it uses AWS Secrets Manager to store the credentials in encrypted form.

Community Discussion

No community discussion yet for this question.

Full DVA-C02 Practice