SCS-C02 · Question #25
SCS-C02 Question #25: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C02 to reveal the answer and full explanation for question #25. The question stem and answer options stay visible for context.
Question
A security engineer is checking an AWS CloudFormation template for vulnerabilities. The security engineer finds a parameter that has a default value that exposes an application's API key in plaintext. The parameter is referenced several times throughout the template. The security engineer must replace the parameter while maintaining the ability to reference the value in the template. Which solution will meet these requirements in the MOST secure way?
Options
- AStore the API key value as a SecureString parameter in AWS Systems Manager Parameter
- BStore the API key value in AWS Secrets Manager. In the template, replace all references to the
- CStore the API key value in Amazon DynamoDB. In the template, replace all references to the
- DStore the API key value in a new Amazon S3 bucket. In the template, replace all references to the
Unlock SCS-C02 to see the answer
You've previewed enough free SCS-C02 questions. Unlock SCS-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.