Examice

Exam DVA-C02 All QuestionsBrowse all questions from this exam

Question 147

A developer is building an application that gives users the ability to view bank accounts from multiple sources in a single dashboard. The developer has automated the process to retrieve API credentials for these sources. The process invokes an AWS Lambda function that is associated with an AWS CloudFormation custom resource.

The developer wants a solution that will store the API credentials with minimal operational overhead.

Which solution will meet these requirements in the MOST secure way?

Add an AWS Secrets Manager GenerateSecretString resource to the CloudFormation template. Set the value to reference new credentials for the CloudFormation resource.

Use the AWS SDK ssm:PutParameter operation in the Lambda function from the existing custom resource to store the credentials as a parameter. Set the parameter value to reference the new credentials. Set the parameter type to SecureString.

Add an AWS Systems Manager Parameter Store resource to the CloudFormation template. Set the CloudFormation resource value to reference the new credentials. Set the resource NoEcho attribute to true.

Correct Answer: B

The most secure and appropriate solution for storing API credentials with minimal operational overhead is by using the AWS SDK ssm:PutParameter operation in the Lambda function to store the credentials as a SecureString parameter. AWS Systems Manager Parameter Store allows developers to securely store and manage secret data such as API credentials, and setting the parameter type to SecureString encrypts the data using AWS Key Management Service (KMS), ensuring its security. This approach meets the requirement of minimal operational overhead while maintaining a high level of security for the API credentials.

Discussion

Jing2023

Answer is B A is not correct as the requirement asked to store API credentials, GenerateSecretString will create a random string as password. C the API credential will be retrieved by the Lambda function, it is un-available to the template. D no echo is a attribute of cloud formation template.

Digo30spOption: D

The correct answer is (D). Solution (D) is the most secure because it stores the API credentials in AWS Secrets Manager, which is a managed service that provides secure, policy-controlled storage for secrets. The parameter's NoEcho attribute prevents the parameter value from being displayed in the console or request history.

Bolu_Jay

Answer is A AWS Secrets Manager is specifically designed for securely storing sensitive information like API credentials, database passwords, and other secrets

kaesOption: D

ANS: D NoEcho https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/82#issuecomment-517704282

Melisa202401Option: C

I choose C, not choose A due to minimal cost I dont understand why most of you choose B

KarBiswa

its B only https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html#:~:text=You%20can%20also%20use%20SecureString%20parameters%20with%20other%20AWS%20services.%20In%20the%20following%20example%2C%20the%20Lambda%20function%20retrieves%20a%20SecureString%20parameter%20by%20using%20the%20GetParameters%20API.

KillThemWithKindnessOption: B

The solution that will meet the requirements is to use the AWS SDK ssm PutParameter operation in the Lambda function from the existing custom resource to store the credentials as a parameter. Set the parameter value to reference the new credentials. Set the parameter type to SecureString. This way, the developer can store the API credentials with minimal operational overhead, as AWS Systems Manager Parameter Store provides secure and scalable storage for configuration data. The SecureString parameter type encrypts the parameter value with AWS Key Management Service (AWS KMS). The other options either involve adding additional resources to the CloudFormation template, which increases complexity and cost, or do not encrypt the parameter value, which reduces security.

Certified101Option: B

Agree with B - D will be stored in plain text, this is credentials so should be secure string

ut18

Is B the correct answer? SecureString isn't currently supported for AWS CloudFormation templates. https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PutParameter.html

NagasoracleOption: B

I agree with Jing2023 answer

AnandeshOption: D

https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PutParameter.html

65703c1Option: B

B is the correct answer.

KarBiswaOption: A

I will got with A. Becausehttps://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/parameters-section-structure.html nullifying the B&D. Justifying A https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html

KarBiswa

Reverting the Option to B

SerialiDrOption: B

B. Use the AWS SDK ssm:PutParameter operation in the Lambda function from the existing custom resource to store the credentials as a parameter. Set the parameter value to reference the new credentials. Set the parameter type to SecureString: This is a secure and operationally efficient solution. AWS Systems Manager Parameter Store can securely store parameters as SecureString, which encrypts the parameter value. The ssm:PutParameter operation can be used within the Lambda function to store the credentials directly after retrieval, minimizing operational overhead.

SnapeOption: B

Answer is B

rrshah83Option: B

noecho is CF feature, not ssm param store

kaes

ANS: D NoEcho https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/82#issuecomment-517704282