exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 705 discussion

A company's AWS architecture currently uses access keys and secret access keys stored on each instance to access AWS services. Database credentials are hard-coded on each instance. SSH keys for command-line remote access are stored in a secured Amazon S3 bucket. The company has asked its solutions architect to improve the security posture of the architecture without adding operational complexity.
Which combination of steps should the solutions architect take to accomplish this? (Choose three.)

  • A. Use Amazon EC2 instance profiles with an IAM role
  • B. Use AWS Secrets Manager to store access keys and secret access keys
  • C. Use AWS Systems Manager Parameter Store to store database credentials
  • D. Use a secure fleet of Amazon EC2 bastion hosts for remote access
  • E. Use AWS KMS to store database credentials
  • F. Use AWS Systems Manager Session Manager for remote access
Show Suggested Answer Hide Answer
Suggested Answer: ACF 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
wasabidev
Highly Voted 3 years, 2 months ago
I think ACF are better
upvoted 29 times
...
cnethers
Highly Voted 3 years, 1 month ago
ACF A - roles and instance profiles attached to an instance defining who and what access is a best practice B - not required if your using SSM session manager so you would not need access keys for instances C - parameter store can be used to store secrets so we are green better option would be secrets manager which password rotation D - not wrong but why would you when you can use session manager? E - just wrong F - no brainer https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html
upvoted 16 times
...
ggrodskiy
Most Recent 1 year, 4 months ago
Correct ACF.
upvoted 1 times
...
SkyZeroZx
1 year, 5 months ago
Selected Answer: ABF
I'll go with ABF I agree with @gnic - ABF - Database Credential should be stored in secret manager
upvoted 1 times
...
[Removed]
1 year, 9 months ago
Selected Answer: ACF
A - removes the need for access keys to access services, use role instead B - No need as role removes need for keys C - Correct, although i would use Secrets manager if it was up to me D - No need E - Just wrong F - Correct, best to use Session manager rather than bastion host
upvoted 1 times
...
evargasbrz
1 year, 11 months ago
Selected Answer: ABF
I'll go with ABF I agree with @gnic - ABF - Database Credential should be stored in secret manager
upvoted 1 times
...
gnic
2 years, 3 months ago
ABF - Database Credential should be stored in secret manager
upvoted 2 times
...
JYZ
2 years, 7 months ago
F is not a good choice as it requires the access to console.
upvoted 1 times
...
cldy
2 years, 12 months ago
A. Use Amazon EC2 instance profiles with an IAM role C. Use AWS Systems Manager Parameter Store to store database credentials F. Use AWS Systems Manager Session Manager for remote access
upvoted 1 times
...
AzureDP900
2 years, 12 months ago
A,C,F correct
upvoted 1 times
...
acloudguru
3 years ago
Selected Answer: ACF
ACF A - roles and instance profiles attached to an instance defining who and what access is a best practice B - not required if your using SSM session manager so you would not need access keys for instances C - parameter store can be used to store secrets so we are green better option would be secrets manager which password rotation D - not wrong but why would you when you can use session manager? E - just wrong F - no brainer https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html
upvoted 3 times
...
andylogan
3 years ago
It's A C F
upvoted 1 times
...
Kopa
3 years, 1 month ago
A,C,F no doubt
upvoted 1 times
...
tgv
3 years, 1 month ago
AAA CCC FFF ---
upvoted 1 times
...
blackgamer
3 years, 1 month ago
ACF is the answer
upvoted 1 times
...
WhyIronMan
3 years, 1 month ago
I'll go with A, C, F
upvoted 1 times
...
vimgoru24
3 years, 1 month ago
ACF no doubts
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago