AWS Certified Security - Specialty

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Store the API key value in AWS Secrets Manager. In the template, replace all references to the value with {{resolve:secretsmanager:MySecretId:SecretString}}.

The correct answer is B. AWS Secrets Manager is designed specifically for managing sensitive information such as API keys, passwords, and other secret data. It provides additional features like automatic rotation of secrets and fine-grained access control, making it a more secure option compared to AWS Systems Manager Parameter Store, which can also store secrets but lacks some of Secrets Manager's advanced security features. Therefore, the most secure way to manage the API key while still allowing it to be referenced in the CloudFormation template is by storing it in AWS Secrets Manager and using the dynamic reference {{resolve:secretsmanager:MySecretId:SecretString}}.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: Store the API key value in AWS Secrets Manager. In the template, replace all references to the value with {{resolve:secretsmanager:MySecretId:SecretString}}.

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A security engineer is tasked with auditing an AWS CloudFormation template and identifies a parameter that inadvertently exposes an application's API key in plaintext by default. This parameter is used in multiple locations within the template. The engineer must address this vulnerability by replacing the parameter in a way that ensures the API key can still be securely referenced throughout the template. Which of the following solutions offers the highest level of security for managing this sensitive information?

Exam-Like

Store the API key value as a SecureString parameter in AWS Systems Manager Parameter Store. In the template, replace all references to the value with {{resolve:ssm:MySSMParameterName:1}}.

0.0%

Store the API key value in AWS Secrets Manager. In the template, replace all references to the value with {{resolve:secretsmanager:MySecretId:SecretString}}.

100.0%

Store the API key value in Amazon DynamoDB. In the template, replace all references to the value with {{resolve:dynamodb:MyTableName:MyPrimaryKey}}.

Store the API key value in a new Amazon S3 bucket. In the template, replace all references to the value with {{resolve:s3:MyBucketName:MyObjectName}}.