Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 163 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 163
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company is running an application that uses an Amazon ElastiCache for Redis cluster as a caching layer. A recent security audit revealed that the company has configured encryption at rest for ElastiCache. However, the company did not configure ElastiCache to use encryption in transit. Additionally, users can access the cache without authentication.

A solutions architect must make changes to require user authentication and to ensure that the company is using end-to-end encryption.

Which solution will meet these requirements?

  • A. Create an AUTH token. Store the token in AWS System Manager Parameter Store, as an encrypted parameter. Create a new cluster with AUTH, and configure encryption in transit. Update the application to retrieve the AUTH token from Parameter Store when necessary and to use the AUTH token for authentication.
  • B. Create an AUTH token. Store the token in AWS Secrets Manager. Configure the existing cluster to use the AUTH token, and configure encryption in transit. Update the application to retrieve the AUTH token from Secrets Manager when necessary and to use the AUTH token for authentication.
  • C. Create an SSL certificate. Store the certificate in AWS Secrets Manager. Create a new cluster, and configure encryption in transit. Update the application to retrieve the SSL certificate from Secrets Manager when necessary and to use the certificate for authentication.
  • D. Create an SSL certificate. Store the certificate in AWS Systems Manager Parameter Store, as an encrypted advanced parameter. Update the existing cluster to configure encryption in transit. Update the application to retrieve the SSL certificate from Parameter Store when necessary and to use the certificate for authentication.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by bititan at Feb. 2, 2023, 7:28 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
ke1dy
3 months, 2 weeks ago
Selected Answer: A
It seems to configure in-transit encryption in both new cluster and existing cluster, but updating is supported on Redis version 7 and later. So I will choose option A. https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/in-transit-encryption.html#in-transit-encryption-constraints
upvoted 1 times
helloworldabc
3 weeks ago
just B
upvoted 1 times
...
...
gofavad926
6 months ago
Selected Answer: B
A or B? I didn't read any comparison between these 2 options... For sure we need an auth token. Both, using SSM Parameter Store or Secrets Manager will work. Both, create a new cluster or update the current one will work. I will choose B because this approach avoids the need to set up a new cluster, potentially reducing effort and costs associated with migration or duplication of resources...
upvoted 3 times
...
career360guru
8 months, 3 weeks ago
Selected Answer: B
Option B
upvoted 1 times
...
career360guru
9 months, 3 weeks ago
Selected Answer: B
Option B
upvoted 1 times
...
NikkyDicky
1 year, 2 months ago
Selected Answer: B
B, per redis docs. EC encr in transit is a config option
upvoted 1 times
...
easytoo
1 year, 2 months ago
b-b-b-b-b-b-b Creating an AUTH token provides a form of authentication for accessing the ElastiCache cluster. Storing the AUTH token in AWS Secrets Manager ensures secure and centralized management of the token. Configuring the existing ElastiCache cluster to use the AUTH token enables authentication for accessing the cache. Enabling encryption in transit ensures that data is encrypted when it is transferred between the client and the ElastiCache cluster. Updating the application to retrieve the AUTH token from Secrets Manager and use it for authentication ensures that only authorized users can access the cache.
upvoted 3 times
...
mfsec
1 year, 5 months ago
Selected Answer: B
Create an AUTH token. Store the token in AWS Secrets Manager.
upvoted 1 times
...
God_Is_Love
1 year, 6 months ago
Selected Answer: B
Redis CLI has AUTH command as a feature to SET/ROTATE strategies https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/auth.html
upvoted 3 times
...
Zek
1 year, 6 months ago
B seems right. To enable authentication on an existing Redis server, call the ModifyReplicationGroup API operation. Call ModifyReplicationGroup with the --auth-token parameter as the new token and the --auth-token-update-strategy with the value ROTATE. After the modification is complete, the cluster supports the AUTH token specified in the auth-token parameter in addition to supporting connecting without authentication. Enabling authentication is only supported on Redis servers with encryption in transit (TLS) enabled. https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/auth.html
upvoted 3 times
...
spd
1 year, 7 months ago
Selected Answer: B
As per https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/in-transit-encryption.html
upvoted 2 times
...
harleydog
1 year, 7 months ago
You have to create a new cluster, otherwise the the cluster supports the AUTH token specified and supports connecting without authentication.
upvoted 1 times
...
jojom19980
1 year, 7 months ago
Selected Answer: B
Previously, you needed to set up authentication for ElastiCache for Redis clusters using Redis user passwords or store the password in AWS Secrets Manager or on a third-party secrets management tool. However, in large organizations that host many applications, passwords can often become out of sync when it comes time to rotate the password. IAM authentication provides a streamlined security posture by allowing access management from a centralized service. With IAM authentication, ElastiCache users can use their IAM identities when connecting to their Redis clusters
upvoted 1 times
...
bititan
1 year, 7 months ago
Selected Answer: B
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/in-transit-encryption.html
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel