Topic 1 Question 359
A company has an application that uses an AWS Lambda function to process data. A developer must implement encryption in transit for all sensitive configuration data, such as API keys, that is stored in the application. The developer creates an AWS Key Management Service (AWS KMS) customer managed key.
What should the developer do next to meet the encryption requirement?
Create parameters of the String type in AWS Systems Manager Parameter Store. For each parameter, specify the KMS key ID to encrypt the parameter in transit. Reference the GetParameter API call in the Lambda environment variables.
Create secrets in AWS Secrets Manager by using the customer managed KMS key. Create a new Lambda function and set up a Lambda layer. Configure the Lambda layer to retrieve the values from Secrets Manager.
Create objects in Amazon S3 for each sensitive data field. Specify the customer managed KMS key to encrypt the object. Configure the Lambda function to retrieve the objects from Amazon S3 during data processing.
Create encrypted Lambda environment variables. Specify the customer managed KMS key to encrypt the variables. Enable encryption helpers for encryption in transit. Grant permission to the Lambda function's execution role to access the KMS key.
ユーザの投票
コメント(7)
- 正解だと思う選択肢: D
Considering: "API keys, that is stored in the application".
D is the most direct approach. Lambda supports encrypting environment variables with a KMS key, eliminating the need for additional services or layers.
👍 8cachac2024/06/30 D is the correct answer
👍 1[Removed]2024/07/05OPTION B ---CORRECT . To meet the requirement of encrypting sensitive configuration data in transit while using it within an AWS Lambda function, the developer should leverage AWS Secrets Manager. Secrets Manager is specifically designed for handling and securing sensitive information like API keys, database credentials, and similar data, making it suitable for this scenario.
👍 1tomchandler0772024/07/17
シャッフルモード