Answer-first summary for fast verification
Answer: Store the secret as SecureString in SSM Parameter Store, Audit using CloudTrail
Store the secret as SecureString in SSM Parameter Store With AWS Systems Manager Parameter Store, you can create SecureString parameters, which are parameters that have a plaintext parameter name and an encrypted parameter value. Parameter Store uses AWS KMS to encrypt and decrypt the parameter values of Secure String parameters. Also, if you are using customer-managed CMKs, you can use IAM policies and key policies to manage to encrypt and decrypt permissions. To retrieve the decrypted value you only need to do one API call.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You are tasked with constructing a fleet of EBS-optimized EC2 instances to manage the load for a new application. Given the necessity for security compliance within your organization, it is crucial that any secret strings utilized in the application are encrypted to avoid the exposure of plain text values.
The solution demands that decryption events must be auditable, and the API calls should remain simple. What are the two methods to achieve this? (select two)
A
Encrypt first with KMS then store in SSM Parameter store
B
Store the secret as PlainText in SSM Parameter Store
C
Store the secret as SecureString in SSM Parameter Store
D
Audit using CloudTrail
E
Audit using SSM Audit Trail