SAP-C02 · Question #349
SAP-C02 Question #349: Real Exam Question with Answer & Explanation
The correct answer is A: Use Amazon EC2 instance profiles with an IAM role.. A - roles and instance profiles attached to an instance defining who and what access is a best B - not required if your using SSM session manager so you would not need access keys for C - parameter store can be used to store secrets so we are green better option would be secrets
Question
A company's AWS architecture currently uses access keys and secret access keys stored on each instance to access AWS services. Database credentials are hard-coded on each instance. SSH keys for command-tine remote access are stored in a secured Amazon S3 bucket. The company has asked its solutions architect to improve the security posture of the architecture without adding operational complexity. Which combination of steps should the solutions architect take to accomplish this? (Choose three.)
Options
- AUse Amazon EC2 instance profiles with an IAM role.
- BUse AWS Secrets Manager to store access keys and secret access keys.
- CUse AWS Systems Manager Parameter Store to store database credentials.
- DUse a secure fleet of Amazon EC2 bastion hosts (or remote access.
- EUse AWS KMS to store database credentials.
- FUse AWS Systems Manager Session Manager tor remote access
Explanation
A - roles and instance profiles attached to an instance defining who and what access is a best B - not required if your using SSM session manager so you would not need access keys for C - parameter store can be used to store secrets so we are green better option would be secrets manager which password rotation D - not wrong but why would you when you can use session manager? https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html
Community Discussion
No community discussion yet for this question.