Q10 — AWS DVA-C02 Ch.2
Question 10 of 100 | ← Chapter 2
A data visualization company wants to enhance security for its core applications, which are deployed on AWS across development, test, pre-production, and production environments. The company needs to encrypt all sensitive credentials at rest. Credentials must be automatically rotated. Each environment must store one version of the credentials. Which solution satisfies these requirements in the most efficient way?
- A. Configure AWS Secrets Manager versions to store different copies of the same credential across multiple environments.
- B. Create a new parameter version in AWS Systems Manager Parameter Store for each environment. Store environment-specific credentials in the parameter version.
- C. Configure environment variables in the application code, using different names for each environment type.
- D. Configure AWS Secrets Manager to create a new secret for each environment type. Store environment-specific credentials in the secret. ✓
Correct Answer: D. Configure AWS Secrets Manager to create a new secret for each environment type. Store environment-specific credentials in the secret.
Explanation
Option D is the most efficient approach. AWS Secrets Manager provides capabilities to isolate and manage credentials per environment. By creating a new secret for each environment type and storing environment-specific credentials in that secret, all requirements—including encryption, automatic rotation, and versioning—are satisfied. 【Lantern Certification provided by: swufelp1999】