ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer - Associate DVA-C02 All Questions

View all questions & answers for the AWS Certified Developer - Associate DVA-C02 exam
Go to Exam

Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 453 discussion

Exam question from Amazon's AWS Certified Developer - Associate DVA-C02
Question #: 453
Topic #: 1
[All AWS Certified Developer - Associate DVA-C02 Questions]

A company is developing a serverless application that requires storage of sensitive API keys as environment variables for various services. The application requires the automatic rotation of the encryption keys every year.

Which solution will meet these requirements with no development effort?

  • A. Encrypt the environment variables by using AWS Secrets Manager. Set up automatic rotation in Secrets Manager.
  • B. Encrypt the environment variables by using AWS Key Management Service (AWS KMS) customer managed keys. Enable automatic key rotation.
  • C. Encrypt the environment variables by using AWS Key Management Service (AWS KMS) AWS managed keys. Configure a custom AWS Lambda function to automate key rotation.
  • D. Encrypt the environment variables by using AWS Systems Manager Parameter Store. Set up automatic rotation in Parameter Store.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by CloudChingon at Nov. 14, 2024, 9:41 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
0bdf3af
1 month, 3 weeks ago
Selected Answer: B
B is correct WIth custom key in KMS, we can set automatic rotation after 365. To configure rotation in Secrets Manager we need to provide lambda function. It is costs some develpment effort, right?
upvoted 1 times
...
Arad
3 months, 2 weeks ago
Selected Answer: B
B is the correct answer. A is wrong as Secret Manager is a place to store things, it does not encrypt things.
upvoted 2 times
...
fbx01
4 months, 1 week ago
Selected Answer: A
automatic rotation in Secrets Manager.
upvoted 1 times
...
YUICH
5 months, 1 week ago
A. Encrypt the environment variables by using AWS Secrets Manager. Set up automatic rotation in Secrets Manager. Explanation: AWS Secrets Manager is designed specifically for securely managing sensitive information like API keys, database credentials, and other secrets. It provides: Built-in encryption using AWS Key Management Service (KMS). Automatic rotation of secrets with minimal effort. Secrets Manager has a native feature for automatic rotation that can be enabled for supported use cases. Integration with AWS services (e.g., Lambda, RDS, etc.). Key Features Satisfying the Requirements: The sensitive API keys can be stored securely as secrets. Automatic rotation can be set up without requiring custom development. Secrets Manager handles rotation using Lambda functions configured for this purpose.
upvoted 4 times
...
albert_kuo
5 months, 1 week ago
Selected Answer: B
AWS KMS supports key rotation
upvoted 1 times
YUICH
4 months, 3 weeks ago
While KMS enables automatic key rotation, it does not manage secrets. The task of securely storing and rotating API keys requires additional development effort, such as creating a Lambda function or a custom solution to integrate with KMS. This contradicts the requirement of "no development effort."
upvoted 1 times
...
...
CloudChingon
5 months, 2 weeks ago
Selected Answer: A
Meets the encryption and key rotation requirement but requires additional development to manage secrets rotation. A is correct
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago