Q99 — AWS DVA-C02 Ch.1

Question 99 of 100 | ← Chapter 1

A company runs an application on Amazon EC2 instances behind an Application Load Balancer. The EC2 instances run in an Auto Scaling group across multiple Availability Zones. The application requires retrieving application secrets during startup and exporting them as environment variables. These secrets must be encrypted at rest and rotated monthly. Which solution meets these requirements with the least development effort?

Correct Answer: D. Store secrets in AWS Secrets Manager. Provide a new customer master key. Use that key to encrypt the secrets. Enable automatic rotation. Configure an Amazon EC2 user data script to programmatically retrieve the secrets during launch and export them as environment variables.

Explanation

Option D uses AWS Secrets Manager to store secrets and enables automatic rotation, providing secure secret management and periodic rotation without requiring developers to write additional code. Configuring an Amazon EC2 user data script to programmatically retrieve secrets and export them as environment variables is straightforward and eliminates the need for custom rotation scripts. Thus, option D satisfies the requirements with minimal development effort.