Topic 1 Question 147

AWS Certified Developer - Associate

Topic 1 Question 147
A developer is building an application that gives users the ability to view bank accounts from multiple sources in a single dashboard. The developer has automated the process to retrieve API credentials for these sources. The process invokes an AWS Lambda function that is associated with an AWS CloudFormation custom resource.

The developer wants a solution that will store the API credentials with minimal operational overhead.

Which solution will meet these requirements in the MOST secure way?
- Add an AWS Secrets Manager GenerateSecretString resource to the CloudFormation template. Set the value to reference new credentials for the CloudFormation resource.
- Use the AWS SDK ssm:PutParameter operation in the Lambda function from the existing custom resource to store the credentials as a parameter. Set the parameter value to reference the new credentials. Set the parameter type to SecureString.
- Add an AWS Systems Manager Parameter Store resource to the CloudFormation template. Set the CloudFormation resource value to reference the new credentials. Set the resource NoEcho attribute to true.
- Use the AWS SDK ssm:PutParameter operation in the Lambda function from the existing custom resource to store the credentials as a parameter. Set the parameter value to reference the new credentials. Set the parameter NoEcho attribute to true.
ユーザの投票
コメント(11)
- Answer is B A is not correct as the requirement asked to store API credentials, GenerateSecretString will create a random string as password. C the API credential will be retrieved by the Lambda function, it is un-available to the template. D no echo is a attribute of cloud formation template.
  
  👍 10
  Jing20232023/10/11
- 正解だと思う選択肢: D
  The correct answer is (D).
  
  Solution (D) is the most secure because it stores the API credentials in AWS Secrets Manager, which is a managed service that provides secure, policy-controlled storage for secrets. The parameter's NoEcho attribute prevents the parameter value from being displayed in the console or request history.
  
  👍 6
  Digo30sp2023/10/06
- 正解だと思う選択肢: B
  B should be correct since the type SecureString encrypts the value i think?
  
  👍 4
  dilleman2023/10/10
シャッフルモード

ユーザの投票

コメント(11)