DVA-C02 · Question #703
A developer must ensure that sensitive customer data that is stored in an AWS Lambda function is encrypted at rest and in transit. The sensitive data is stored in environment variables within the Lamb
The correct answer is B. Assign the necessary AWS KMS permissions to the Lambda function's execution role. E. Update the policy for the AWS KMS keys to include any permissions that the Lambda function. The Lambda execution role must have the necessary KMS permissions to decrypt environment variables encrypted with a customer managed key. The KMS key policy should include permissions that allow Lambda to use the key and, if applicable, interact with other AWS services securely.
Question
A developer must ensure that sensitive customer data that is stored in an AWS Lambda function is encrypted at rest and in transit. The sensitive data is stored in environment variables within the Lambda function. The developer needs to control encryption key rotation. Which combination of steps will meet these requirements? (Choose two.)
Options
- AUse AWS managed AWS KMS keys. Disable automatic key rotation. Specify the desired custom
- BAssign the necessary AWS KMS permissions to the Lambda function's execution role.
- CUse customer managed AWS KMS keys. Disable automatic key rotation. Modify the rotation
- DUse AWS Certificate Manager (ACM) to provision a public certificate. Set up manual renewal and
- EUpdate the policy for the AWS KMS keys to include any permissions that the Lambda function
How the community answered
(35 responses)- A11% (4)
- B57% (20)
- C26% (9)
- D6% (2)
Explanation
The Lambda execution role must have the necessary KMS permissions to decrypt environment variables encrypted with a customer managed key. The KMS key policy should include permissions that allow Lambda to use the key and, if applicable, interact with other AWS services securely.
Community Discussion
No community discussion yet for this question.