Multiple Choice
A company has an application that calls AWS Lambda functions. A recent code review found database credentials stored in the source code. The database credentials need to be removed from the Lambda source code. The credentials must then be securely stored and rotated on an ongoing basis to meet security policy requirements. What should a solutions architect recommend to meet these requirements?
A) Store the password in AWS CloudHSM. Associate the Lambda function with a role that can retrieve the password from CloudHSM given its key ID.
B) Store the password in AWS Secrets Manager. Associate the Lambda function with a role that can retrieve the password from Secrets Manager given its secret ID.
C) Move the database password to an environment variable associated with the Lambda function. Retrieve the password from the environment variable upon execution.
D) Store the password in AWS Key Management Service (AWS KMS) . Associate the Lambda function with a role that can retrieve the password from AWS KMS given its key ID.
Correct Answer:
Verified
Correct Answer:
Verified
Q376: A company runs an application on a
Q377: A Solutions Architect must design a web
Q378: A company needs to implement a relational
Q379: A company is using an Amazon S3
Q380: A media company is evaluating the possibility
Q382: A company is planning to build a
Q383: A media company is using two video
Q384: A company has created a multi-tier application
Q385: A website runs a web application that
Q386: A solutions architect is designing a solution