Q63 — AWS SAP-C02 Ch.1

Question 63 of 75 | ← Chapter 1

Q138. A company is running an application that uses an Amazon ElastiCache for Redis cluster as a caching layer. A recent security audit revealed that the company has configured encryption at rest for ElastiCache. However, the company did not configure ElastiCache to use encryption in transit. Additionally, users can access the cache without authentication.A solutions architect must make changes to require user authentication and to ensure that the company is using end-to-end encryption.Which solution will meet these requirements?

Correct Answer: B. Create an AUTH token. Store the token in AWS Secrets Manager. Configure the existing cluster to use the AUTH token, and configure encryption in transit. Update the application to retrieve the AUTH token from Secrets Manager when necessary and to use the AUTH token for authentication

Explanation

The solution that will meet the requirements is Option B: -- Create an AUTH token and store it securely in AWS Secrets Manager. -- Configure the existing ElastiCache cluster to use the AUTH token for authentication and enable encryption in transit. -- Update the application code to retrieve the AUTH token from Secrets Manager when necessary and use it for authentication.This solution addresses both security issues identified by the audit: lack of user authentication and lack of encryption in transit. The use of a secure AWS service like Secrets Manager ensures that the AUTH token can be managed securely, while enabling encryption in transit provides end-to-end data protection. Updating the application code to retrieve the AUTH token from Secrets Manager ensures that sensitive information is not hardcoded or exposed.