AWS Certified Developer Associate DVA-C02 Practice Question
A developer must supply credentials for an external SaaS API to an application that runs on an Amazon EC2 instance. The credentials must not be hard-coded in the source code or stored in plaintext configuration files. Which AWS service should the developer use to store the credentials and allow the application to retrieve them securely at runtime?
AWS Systems Manager Parameter Store (String type) without encryption
Store the credentials as plaintext environment variables in the EC2 instance
Store the credentials in an encrypted Amazon S3 object
AWS Secrets Manager is specifically designed to store, encrypt, and rotate sensitive data such as API keys and database passwords. Applications can call the service at runtime to fetch the secret over TLS, and IAM policies control access. Plaintext environment variables, unencrypted AWS Systems Manager Parameter Store strings, or even encrypted objects in Amazon S3 still leave room for accidental exposure because they lack built-in secret rotation, fine-grained auditing, and enforced encryption of the secret itself.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a dedicated secrets management service?
Open an interactive chat with Bash
How does a secrets management service handle encryption?
Open an interactive chat with Bash
Why should I avoid using environment variables for storing sensitive credentials?
Open an interactive chat with Bash
AWS Certified Developer Associate DVA-C02
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access