Q75 — AWS DVA-C02 Ch.2

Question 75 of 100 | ← Chapter 2

A developer is building an application in AWS Lambda. To simplify testing and deployment, the developer needs to change the database connection string without modifying the Lambda code.

Correct Answer: A. Store the connection string as a secret in AWS Secrets Manager.

Explanation

AWS Secrets Manager is the secure, managed service designed specifically for storing and retrieving sensitive configuration data such as database connection strings. It allows developers to rotate, manage, and retrieve secrets programmatically without hardcoding them into Lambda functions. IAM user accounts control access permissions—not storage. AWS KMS encrypts/decrypts data but does not store secrets. Lambda layers distribute code and libraries, not configuration. Thus, Option A is the only correct and secure approach.