Amazon
DVA-C02 · Question #725
A developer must securely access a secret during a build process in an AWS CodeBuild project that has an IAM role. The secret must remain encrypted at rest and must be passed to the buildspec.yml file
Sign in or unlock DVA-C02 to reveal the answer and full explanation for question #725. The question stem and answer options stay visible for context.
Submitted by saadiq_pk· Mar 5, 2026Security
Question
A developer must securely access a secret during a build process in an AWS CodeBuild project that has an IAM role. The secret must remain encrypted at rest and must be passed to the buildspec.yml file without appearing in the build logs. Which solution will meet these requirements with the LEAST operational overhead?
Options
- AConfigure AWS Secrets Manager to store the secret. Configure the env section of the
- BStore the secret in an encrypted Amazon S3 bucket. Download the secret during the build
- CConfigure AWS Systems Manager Parameter Store to store the secret. Configure the env section
- DStore the secret in AWS Systems Manager Parameter Store. Use a pre-build step to retrieve the
Unlock DVA-C02 to see the answer
You've previewed enough free DVA-C02 questions. Unlock DVA-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.