AWS Certified Developer Associate DVA-C02 Practice Question
A developer is deploying an application to an AWS compute service. The application requires access keys and database credentials for its configuration. What is the BEST practice for handling these secrets?
Embed encrypted access information in the codebase and use code to decode upon application start.
Keep the secrets as custom attributes within the platform's user management service, accessible at runtime.
Store encrypted secrets within an object storage service and allow the application to retrieve them at runtime.
Use a dedicated service for secret management that provides encrypted storage and fine-grained access control.
The best practice for managing secrets is to use a dedicated secret management service, which allows for secure storage, fine-grained access control, auditing, and rotation of secrets without embedding them in the application's code or environment. AWS offers AWS Secrets Manager and AWS Systems Manager Parameter Store for this purpose, allowing you to store data securely as encrypted parameters and strictly manage access via IAM policies. Embedding credentials directly in the code is insecure and makes rotation difficult. Using an object storage service can partially solve the problem but lacks the dedicated secret management functionalities like automated rotation. Using custom attributes in a user management service is not the service's intended use and does not provide the rigorous management or auditing capabilities required for handling application secrets securely.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AWS Secrets Manager, and how does it improve secret management?
Open an interactive chat with Bash
How does AWS Systems Manager Parameter Store differ from AWS Secrets Manager?
Open an interactive chat with Bash
Why is embedding secrets directly in application code a security risk?
Open an interactive chat with Bash
AWS Certified Developer Associate DVA-C02
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .