ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer - Associate DVA-C02 All Questions

View all questions & answers for the AWS Certified Developer - Associate DVA-C02 exam
Go to Exam

Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 196 discussion

Exam question from Amazon's AWS Certified Developer - Associate DVA-C02
Question #: 196
Topic #: 1
[All AWS Certified Developer - Associate DVA-C02 Questions]

A company built a new application in the AWS Cloud. The company automated the bootstrapping of new resources with an Auto Scaling group by using AWS CloudFormation templates. The bootstrap scripts contain sensitive data.

The company needs a solution that is integrated with CloudFormation to manage the sensitive data in the bootstrap scripts.

Which solution will meet these requirements in the MOST secure way?

  • A. Put the sensitive data into a CloudFormation parameter. Encrypt the CloudFormation templates by using an AWS Key Management Service (AWS KMS) key.
  • B. Put the sensitive data into an Amazon S3 bucket. Update the CloudFormation templates to download the object from Amazon S3 during bootstrap.
  • C. Put the sensitive data into AWS Systems Manager Parameter Store as a secure string parameter. Update the CloudFormation templates to use dynamic references to specify template values.
  • D. Put the sensitive data into Amazon Elastic File System (Amazon EFS). Enforce EFS encryption after file system creation. Update the CloudFormation templates to retrieve data from Amazon EFS.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by fordiscussionstwo at Oct. 6, 2023, 2:56 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Digo30sp
Highly Voted 1 year ago
Selected Answer: C
The correct answer is (C). Solution (C) is the best option because: It's the most secure solution: Sensitive data is stored in AWS Systems Manager Parameter Store, which is a secret management service managed by AWS. Secure string parameters in AWS Systems Manager Parameter Store are encrypted with an AWS KMS key. It's integrated with CloudFormation: Secure string parameters can be referenced in CloudFormation templates using dynamic references. This means that sensitive data does not need to be stored in CloudFormation code.
upvoted 7 times
...
65703c1
Most Recent 5 months ago
Selected Answer: C
C is the correct answer.
upvoted 1 times
...
KarBiswa
7 months, 3 weeks ago
Selected Answer: C
https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html
upvoted 1 times
...
TanTran04
10 months, 2 weeks ago
Selected Answer: C
AWS Systems Manager Parameter Store is a secure and scalable solution for storing configuration data, including sensitive information. In this case, using a secure string parameter allows you to store the sensitive data in Parameter Store in an encrypted form. Option C is the most secure because it leverages AWS Systems Manager Parameter Store's capabilities for securely storing sensitive data, and dynamic references allow you to directly reference the parameter values in CloudFormation templates. This approach avoids exposing sensitive data in the templates themselves and provides a central and secure storage solution for sensitive configuration information.
upvoted 2 times
...
kashtelyan
1 year ago
Selected Answer: A
A option leverages CloudFormation parameters, which can securely store sensitive data. By using an AWS KMS key to encrypt the CloudFormation templates, you ensure that the sensitive data is protected. It follows the principle of least privilege and provides secure access to sensitive information directly within CloudFormation. Option B is less secure because it involves storing sensitive data in an S3 bucket, which could be compromised. Option C suggests using AWS Systems Manager Parameter Store, which is secure, but using CloudFormation parameters and KMS keys provides an integrated solution directly within CloudFormation. Option D involves Amazon EFS, which is typically used for file storage and is not designed for securely storing sensitive data directly within CloudFormation.
upvoted 1 times
...
dilleman
1 year ago
Selected Answer: C
C is the correct choice. Parameter Store's secure string parameter encrypts the data using AWS KMS
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago