Topic 1 Question 71
2 つ選択During a security review, a company identified a vulnerability in an AWS Glue job. The company discovered that credentials to access an Amazon Redshift cluster were hard coded in the job script. A data engineer must remediate the security vulnerability in the AWS Glue job. The solution must securely store the credentials. Which combination of steps should the data engineer take to meet these requirements?
Store the credentials in the AWS Glue job parameters.
Store the credentials in a configuration file that is in an Amazon S3 bucket.
Access the credentials from a configuration file that is in an Amazon S3 bucket by using the AWS Glue job.
Store the credentials in AWS Secrets Manager.
Grant the AWS Glue job IAM role access to the stored credentials.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: DE
D because it's AWS best practice for securing creds and E because after you put cred in secrets you will need permissions for accesing
👍 9GiorgioGss2024/09/19 - 正解だと思う選択肢: DE
D. Store the credentials in AWS Secrets Manager: AWS Secrets Manager is a service that helps you protect access to your applications, services, and IT resources without the upfront investment and on-going maintenance costs of operating your own infrastructure. It's specifically designed for storing and retrieving credentials securely, and therefore, it is an appropriate choice for handling the Redshift cluster credentials.
E. Grant the AWS Glue job IAM role access to the stored credentials: IAM roles for AWS Glue will allow the job to assume a role with the necessary permissions to access the credentials in AWS Secrets Manager. This method avoids embedding credentials directly in the script or a configuration file and allows for centralized management of the credentials.
👍 3rralucard_2024/08/02 Ans, DE
👍 1damaldon2024/09/07
シャッフルモード