SAA-C03 · Question #424
SAA-C03 Question #424: Real Exam Question with Answer & Explanation
The correct answer is D: Create an AWS Key Management Service (AWS KMS) key. Enable encryption helpers on the. AWS Lambda supports encrypting environment variables at rest using AWS KMS. You can use encryption helpers (or Lambda's built-in support) to encrypt sensitive environment variable values using a KMS key. These encrypted variables are not visible in plaintext to developers, either
Question
A company has AWS Lambda functions that use environment variables. The company does not want its developers to see environment variables in plaintext. Which solution will meet these requirements?
Options
- ADeploy code to Amazon EC2 instances instead of using Lambda functions.
- BConfigure SSL encryption on the Lambda functions to use AWS CloudHSM to store and encrypt
- CCreate a certificate in AWS Certificate Manager (ACM). Configure the Lambda functions to use
- DCreate an AWS Key Management Service (AWS KMS) key. Enable encryption helpers on the
Explanation
AWS Lambda supports encrypting environment variables at rest using AWS KMS. You can use encryption helpers (or Lambda's built-in support) to encrypt sensitive environment variable values using a KMS key. These encrypted variables are not visible in plaintext to developers, either in the console or when running the code.
Community Discussion
No community discussion yet for this question.