Multiple Choice
A company has an application that calls AWS Lambda functions. A code review shows that database credentials are stored in a Lambda function's source code, which violates the company's security policy. The credentials must be securely stored and must be automatically rotated on an ongoing basis to meet security policy requirements. What should a solutions architect recommend to meet these requirements in the MOST secure manner?
A) Store the password in AWS CloudHSM. Associate the Lambda function with a role that can use the key ID to retrieve the password from CloudHSM. Use CloudHSM to automatically rotate the password.
B) Store the password in AWS Secrets Manager. Associate the Lambda function with a role that can use the secret ID to retrieve the password from Secrets Manager. Use Secrets Manager to automatically rotate the password.
C) Store the password in AWS Key Management Service (AWS KMS) . Associate the Lambda function with a role that can use the key ID to retrieve the password from AWS KMS. Use AWS KMS to automatically rotate the uploaded password.
D) Move the database password to an environment variable that is associated with the Lambda function. Retrieve the password from the environment variable by invoking the function. Create a deployment script to automatically rotate the password.
Correct Answer:
Verified
Correct Answer:
Verified
Q370: A company's website is using an Amazon
Q371: A company is launching an ecommerce website
Q372: A solutions architect is tasked with transferring
Q373: A company mandates that an Amazon S3
Q374: A company is creating an architecture for
Q376: A company runs an application on a
Q377: A Solutions Architect must design a web
Q378: A company needs to implement a relational
Q379: A company is using an Amazon S3
Q380: A media company is evaluating the possibility