AWS Certified Developer Associate DVA-C02 Practice Question
When preparing a microservice for deployment that requires multiple sensitive configurations, which approach would ensure the secure and environment-agnostic management of these settings?
Embed the configurations into the application code within the container image
Dynamically inject the configurations using a secrets management service at container startup
Declare sensitive environment variables within the build specification file of the container
Fetch the configurations from the host's instance metadata service upon container initialization
Using a secrets management service to dynamically inject configurations at runtime ensures that the microservice remains environment-agnostic and that sensitive information is not stored within the container image. This approach promotes security and flexibility in configuration management, essential for maintaining best practices in cloud application deployments. Hard-coding settings violates security best practices and reduces flexibility. Instance metadata is meant for obtaining information about the host, not for storing sensitive configuration data. Defining sensitive information as environment variables within the image build process exposes them in the image layers, which is not secure.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a secrets management service and how does it work?
Open an interactive chat with Bash
Why is it important to avoid hard-coding sensitive configurations?
Open an interactive chat with Bash
What are environment variables, and why can they be a security risk?
Open an interactive chat with Bash
AWS Certified Developer Associate DVA-C02
Deployment
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access