AWS Certified Developer Associate DVA-C02 Practice Question
A developer needs to securely manage the storage and retrieval of database login credentials for an application hosted on Amazon EC2 instances. The application code requires these credentials to establish database connections at runtime. Which method is the recommended best practice for handling these credentials securely?
Use a secret management service like AWS Secrets Manager to store the database credentials, allowing the application to retrieve them securely at runtime.
Embed the database credentials directly in the source code of the application after encrypting them with a basic encryption algorithm.
Configure environment variables on the EC2 instances to hold the login details, and read them directly within the application when needed.
Create an IAM policy that grants the EC2 instance profile the necessary permissions to connect to the database without needing to store explicit credentials.
The correct method for handling sensitive login information is to utilize a dedicated secret management service, such as AWS Secrets Manager or AWS Systems Manager Parameter Store. These services provide a centralized and secure repository to store, manage, retrieve, and rotate credentials. Storing sensitive information in plaintext within application code or in environment variables on the server are insecure practices that can lead to inadvertent exposure in logs, version control, or to anyone with access to the server environment. While IAM database authentication is a secure method that uses an access policy to allow EC2 instances to connect to supported RDS databases without a password, a secret management service is the more general and recommended solution for storing and managing explicit credentials for any type of database.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is AWS Secrets Manager considered a best practice for managing credentials?
Open an interactive chat with Bash
How does AWS Secrets Manager help with credential rotation?
Open an interactive chat with Bash
What is the difference between Secrets Manager and AWS Systems Manager Parameter Store?
Open an interactive chat with Bash
AWS Certified Developer Associate DVA-C02
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .