Topic 1 Question 136
A developer is setting up a deployment pipeline. The pipeline includes an AWS CodeBuild build stage that requires access to a database to run integration tests. The developer is using a buildspec.yml file to configure the database connection. Company policy requires automatic rotation of all database credentials.
Which solution will handle the database credentials MOST securely?
Retrieve the credentials from variables that are hardcoded in the buildspec.yml file. Configure an AWS Lambda function to rotate the credentials.
Retrieve the credentials from an environment variable that is linked to a SecureString parameter in AWS Systems Manager Parameter Store. Configure Parameter Store for automatic rotation.
Retrieve the credentials from an environment variable that is linked to an AWS Secrets Manager secret. Configure Secrets Manager for automatic rotation.
Retrieve the credentials from an environment variable that contains the connection string in plaintext. Configure an Amazon EventBridge event to rotate the credentials.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: C
C is correct. Explanation: "requires automatic rotation of all database credentials" => "Secrets Manager for automatic rotation." With the Systems Manager Parameter Store, you have to do that manually.
👍 3Parsons2023/08/04 - 正解だと思う選択肢: C
Secure + Rotation are key words for Secrets Manager
👍 3cmonthatsme2023/08/06 c is the correct answer
👍 3Gold072023/09/28
シャッフルモード