DVA-C02 · Question #211
DVA-C02 Question #211: Real Exam Question with Answer & Explanation
The correct answer is C: Put the sensitive data into AWS Systems Manager Parameter Store as a secure string parameter.. The most secure and integrated way to handle sensitive data in CloudFormation templates is to store the data in AWS Systems Manager Parameter Store as a secure string, then reference it in the CloudFormation template using dynamic references. This ensures that the sensitive data
Question
A company built a new application in the AWS Cloud. The company automated the bootstrapping of new resources with an Auto Scaling group by using AWS CloudFormation templates. The bootstrap scripts contain sensitive data. The company needs a solution that is integrated with CloudFormation to manage the sensitive data in the bootstrap scripts. Which solution will meet these requirements in the MOST secure way?
Options
- APut the sensitive data into a CloudFormation parameter. Encrypt the CloudFormation templates
- BPut the sensitive data into an Amazon S3 bucket. Update the CloudFormation templates to
- CPut the sensitive data into AWS Systems Manager Parameter Store as a secure string parameter.
- DPut the sensitive data into Amazon EFS. Enforce EFS encryption after file system creation.
Explanation
The most secure and integrated way to handle sensitive data in CloudFormation templates is to store the data in AWS Systems Manager Parameter Store as a secure string, then reference it in the CloudFormation template using dynamic references. This ensures that the sensitive data is encrypted, not exposed in plaintext, and retrieved securely at runtime.
Community Discussion
No community discussion yet for this question.