nerdexam
Amazon

DVA-C02 · Question #217

A developer must provide an API key to an AWS Lambda function to authenticate with a third- party system. The Lambda function will run on a schedule. The developer needs to ensure that the API key rem

The correct answer is A. Store the API key as a Lambda environment variable by using an AWS Key Management Service. Storing the API key as a Lambda environment variable using an AWS Key Management Service (AWS KMS) customer-managed key is the most secure solution. AWS KMS is a managed encryption service that provides customer-managed keys. Customer-managed keys are encrypted with an AWS KMS ma

Submitted by olafpl· Mar 5, 2026Security

Question

A developer must provide an API key to an AWS Lambda function to authenticate with a third- party system. The Lambda function will run on a schedule. The developer needs to ensure that the API key remains encrypted at rest. Which solution will meet these requirements?

Options

  • AStore the API key as a Lambda environment variable by using an AWS Key Management Service
  • BConfigure the application to prompt the user to provide the password to the Lambda function on
  • CStore the API key as a value in the application code.
  • DUse Lambda@Edge and only communicate over the HTTPS protocol.

How the community answered

(46 responses)
  • A
    74% (34)
  • B
    15% (7)
  • C
    7% (3)
  • D
    4% (2)

Explanation

Storing the API key as a Lambda environment variable using an AWS Key Management Service (AWS KMS) customer-managed key is the most secure solution. AWS KMS is a managed encryption service that provides customer-managed keys. Customer-managed keys are encrypted with an AWS KMS master key, which is stored in an AWS KMS vault.

Community Discussion

No community discussion yet for this question.

Full DVA-C02 Practice