ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 140 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 140
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company uses user data scripts that contain sensitive information to bootstrap Amazon EC2 instances. A security engineer discovers that this sensitive information is viewable by people who should not have access to it.

What is the MOST secure way to protect the sensitive information used to bootstrap the instances?

  • A. Store the scripts in the AMI and encrypt the sensitive data using AWS KMS. Use the instance role profile to control access to the KMS keys needed to decrypt the data.
  • B. Store the sensitive data in AWS Systems Manager Parameter Store using the encrypted string parameter and assign the GetParameters permission to the EC2 instance role.
  • C. Externalize the bootstrap scripts in Amazon S3 and encrypt them using AWS KMS. Remove the scripts from the instance and clear the logs after the instance is configured.
  • D. Block user access of the EC2 instance's metadata service using IAM policies. Remove all scripts and clear the logs after the scripts have completed.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Certified101 at May 19, 2024, 8:42 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
cumzle_com
10 months, 1 week ago
Selected Answer: B
Using AWS Systems Manager Parameter Store with encrypted string parameters and IAM roles ensures that sensitive information is securely stored, managed, and accessed only by authorized instances. This approach minimizes the risk of exposure and simplifies the management of sensitive data.
upvoted 2 times
...
Certified101
11 months, 2 weeks ago
Selected Answer: B
B is correct
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago