Topic 1 Question 453
A company is developing a serverless application that requires storage of sensitive API keys as environment variables for various services. The application requires the automatic rotation of the encryption keys every year.
Which solution will meet these requirements with no development effort?
Encrypt the environment variables by using AWS Secrets Manager. Set up automatic rotation in Secrets Manager.
Encrypt the environment variables by using AWS Key Management Service (AWS KMS) customer managed keys. Enable automatic key rotation.
Encrypt the environment variables by using AWS Key Management Service (AWS KMS) AWS managed keys. Configure a custom AWS Lambda function to automate key rotation.
Encrypt the environment variables by using AWS Systems Manager Parameter Store. Set up automatic rotation in Parameter Store.
ユーザの投票
コメント(6)
A. Encrypt the environment variables by using AWS Secrets Manager. Set up automatic rotation in Secrets Manager.
Explanation: AWS Secrets Manager is designed specifically for securely managing sensitive information like API keys, database credentials, and other secrets. It provides:
Built-in encryption using AWS Key Management Service (KMS). Automatic rotation of secrets with minimal effort. Secrets Manager has a native feature for automatic rotation that can be enabled for supported use cases. Integration with AWS services (e.g., Lambda, RDS, etc.). Key Features Satisfying the Requirements:
The sensitive API keys can be stored securely as secrets. Automatic rotation can be set up without requiring custom development. Secrets Manager handles rotation using Lambda functions configured for this purpose.
👍 3YUICH2024/11/18- 正解だと思う選択肢: A
Meets the encryption and key rotation requirement but requires additional development to manage secrets rotation. A is correct
👍 2CloudChingon2024/11/14 - 正解だと思う選択肢: B
B is the correct answer. A is wrong as Secret Manager is a place to store things, it does not encrypt things.
👍 2Arad2025/01/09
シャッフルモード