AWS Certified Developer Associate DVA-C02 Practice Question
You are in charge of deploying an application that must access a database using specific credentials. The deployment requires setting environment variables that the application will utilize at runtime. How should you securely store and supply these database access details to the application?
You selected this option
Use a configuration management service with KMS to store the database credentials and control access through roles.
You selected this option
Encrypt the database credentials and include them in the versioned application configuration, decrypting them with a stored key when the application starts.
You selected this option
Adopt a managed secrets management service to handle the database credentials and dynamically provide them to the application when needed.
You selected this option
Implement environment variables in the application source code with encryption logic that decrypts these values on initialization.
Utilizing a managed service for secrets management to store credentials and securely retrieving them during application execution is the optimal solution. This approach avoids hardcoding sensitive information and leverages automatic rotation of secrets, as well as fine-grained permissions for access control. Encrypting environment variables within the application code provides some level of security but lacks the management features and automated rotations offered by a dedicated secrets management service. Storing encrypted credentials in the deployment configuration introduces the additional burden of managing encryption keys and does not offer the same level of access control or rotation capabilities. While parameter stores provide secure storage for configuration data, a service specifically designed for secrets management will include enhanced features suitable for managing sensitive credentials, such as automated secret rotation, which is particularly important for database credentials.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a managed secrets management service?
Open an interactive chat with Bash
Why is avoiding hardcoding credentials important?
Open an interactive chat with Bash
What are the benefits of automated secret rotation?
Open an interactive chat with Bash
AWS Certified Developer Associate DVA-C02
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Oh snap!
Loading...
Loading...
Loading...
Information Technology Package Join Premium for Full Access