Topic 1 Question 154
A developer maintains applications that store several secrets in AWS Secrets Manager. The applications use secrets that have changed over time. The developer needs to identify required secrets that are still in use. The developer does not want to cause any application downtime.
What should the developer do to meet these requirements?
Configure an AWS CloudTrail log file delivery to an Amazon S3 bucket. Create an Amazon CloudWatch alarm for the GetSecretValue Secrets Manager API operation requests.
Create a secretsmanager-secret-unused AWS Config managed rule. Create an Amazon EventBridge rule to initiate notifications when the AWS Config managed rule is met.
Deactivate the applications secrets and monitor the applications error logs temporarily.
Configure AWS X-Ray for the applications. Create a sampling rule to match the GetSecretValue Secrets Manager API operation requests.
ユーザの投票
コメント(8)
- 正解だと思う選択肢: B
The correct answer is (B).
Solution (B) is the best option to meet the developer's requirements. It allows the developer to identify necessary secrets that are still in use without causing any application downtime.
👍 3Digo30sp2023/10/06 - 正解だと思う選択肢: B
I think B is correct https://docs.aws.amazon.com/config/latest/developerguide/secretsmanager-secret-unused.html
A. could work but requires additional work to identify unused secrets. C. is too risky and could cause downtime. D. not the right use case
👍 3chris_7772023/11/04 - 正解だと思う選択肢: A
A is correct. . AWS CloudTrail can track API calls, including the GetSecretValue call for AWS Secrets Manager. By setting up CloudTrail log delivery to an S3 bucket, the developer can analyze which secrets are being accessed. Using CloudWatch to create an alarm for the GetSecretValue API call provides insight into which secrets are actively being retrieved, thus indicating which secrets are in use.
👍 2dilleman2023/10/10
シャッフルモード