Multiple Choice
A devops team uses AWS CloudFormation to build their infrastructure. The security team is concerned about sensitive parameters, such as passwords, being exposed. Which combination of steps will enhance the security of AWS CloudFormation? (Choose three.)
A) Create a secure string with AWS KMS and choose a KMS encryption key. Reference the ARN of the secure string, and give AWS CloudFormation permission to the KMS key for decryption.
B) Create secrets using the AWS Secrets Manager AWS::SecretsManager::Secret resource type. Reference the secret resource return attributes in resources that need a password, such as an Amazon RDS database.
C) Store sensitive static data as secure strings in the AWS Systems Manager Parameter Store. Use dynamic references in the resources that need access to the data.
D) Store sensitive static data in the AWS Systems Manager Parameter Store as strings. Reference the stored value using types of Systems Manager parameters.
E) Use AWS KMS to encrypt the CloudFormation template.
F) Use the CloudFormation NoEcho parameter property to mask the parameter value.
Correct Answer:
Verified
Correct Answer:
Verified
Q450: A DevOps Engineer manages a large commercial
Q451: If Ansible encounters a resource that does
Q452: You need to deploy an AWS stack
Q453: A company wants to use Amazon ECS
Q454: A DevOps Engineer just joined a new
Q456: A DevOps Engineer is tasked with migrating
Q457: An application is being deployed with two
Q458: A company hosts its staging website using
Q459: A company has developed a static website
Q460: You need to deploy a new application