A devops team uses AWS CloudFormation to build their infrastructure. The security team is concerned about sensitive parameters, such as passwords, being exposed. Which combination of steps will enhance the security of AWS CloudFormation? (Choose three.)

Topic #: - All AWS DevOps Engineer Professional Questions

A. Create a secure string with AWS KMS and choose a KMS encryption key. Reference the ARN of the secure string, and give AWS CloudFormation permission to the KMS key for decryption.
B. Create secrets using the AWS Secrets Manager AWS::SecretsManager::Secret resource type. Reference the secret resource return attributes in resources that need a password, such as an Amazon RDS database. Most Voted
C. Store sensitive static data as secure strings in the AWS Systems Manager Parameter Store. Use dynamic references in the resources that need access to the data. Most Voted
D. Store sensitive static data in the AWS Systems Manager Parameter Store as strings. Reference the stored value using types of Systems Manager parameters.
E. Use AWS KMS to encrypt the CloudFormation template.
F. Use the CloudFormation NoEcho parameter property to mask the parameter value. Most Voted

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

A devops team uses AWS CloudFormation to build their infrastructure. The security team is concerned about sensitive parameters, such as passwords, being exposed. Which combination of steps will enhance the security of AWS CloudFormation? (Choose three.)

Suggested Answer:

Reference Material:

A devops team uses AWS CloudFormation to build their infrastructure. The security team is concerned about sensitive parameters, such as passwords, being exposed. Which combination of steps will enhance the security of AWS CloudFormation? (Choose three.)

Suggested Answer:

Reference Material:

Share this post

Join the Discussion