DVA-C02 · Question #746
DVA-C02 Question #746: Real Exam Question with Answer & Explanation
The correct answer is A: Store the database credentials as a secret in AWS Secrets Manager. Set the secret's Amazon. AWS Secrets Manager is the most secure and purpose-built solution for storing sensitive information like database credentials. By setting the secret’s ARN as an environment variable and using the AWS Parameters and Secrets Lambda Extension, the Lambda function can securely and ef
Question
A developer owns and supports an application that has database credentials that are stored in environment variables for AWS Lambda functions. The developer needs an alternate storage method for the credentials as environment variables in plaintext. Which solution will handle the credentials MOST securely?
Options
- AStore the database credentials as a secret in AWS Secrets Manager. Set the secret's Amazon
- BUse base64 encoding for the database credentials. Include the database credentials into the
- CStore the database credentials as a string type parameter in the AWS Systems Manager
- DUse AWS CloudFormation to deploy the application. Ensure that the NoEcho property to true for
Explanation
AWS Secrets Manager is the most secure and purpose-built solution for storing sensitive information like database credentials. By setting the secret’s ARN as an environment variable and using the AWS Parameters and Secrets Lambda Extension, the Lambda function can securely and efficiently retrieve the secret at runtime, avoiding plaintext storage and improving both security and manageability.
Community Discussion
No community discussion yet for this question.