{"id":581,"date":"2021-01-06T16:50:01","date_gmt":"2021-01-06T16:50:01","guid":{"rendered":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/aws-certified-solutions-architect-professional-sap-c01-question574\/"},"modified":"2021-01-06T16:50:01","modified_gmt":"2021-01-06T16:50:01","slug":"aws-certified-solutions-architect-professional-sap-c01-question574","status":"publish","type":"post","link":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/aws-certified-solutions-architect-professional-sap-c01-question574\/","title":{"rendered":"AWS Certified Solutions Architect &#8211; Professional SAP-C01 &#8211; Question574"},"content":{"rendered":"<div class=\"question\">During a security audit of a Service team\u2019s application, a Solutions Architect discovers that a username and password for an Amazon RDS database and a set of AWS IAM user credentials can be viewed in the AWS Lambda function code. The Lambda function uses the username and password to run queries on the database, and it uses the IAM credentials to call AWS services in a separate management account.<br \/>\nThe Solutions Architect is concerned that the credentials could grant inappropriate access to anyone who can view the Lambda code. The management account and the Service team\u2019s account are in separate AWS Organizations organizational units (OUs).<br \/>\nWhich combination of changes should the Solutions Architect make to improve the solution\u2019s security? (Choose two.) <br \/><strong><br \/>A.<\/strong> Configure Lambda to assume a role in the management account with appropriate access to AWS. <br \/><strong>B.<\/strong> Configure Lambda to use the stored database credentials in AWS Secrets Manager and enable automatic rotation. <br \/><strong>C.<\/strong> Create a Lambda function to rotate the credentials every hour by deploying a new Lambda version with the updated credentials. <br \/><strong>D.<\/strong> Use an SCP on the management account\u2019s OU to prevent IAM users from accessing resources in the Service team\u2019s account. <br \/><strong>E.<\/strong> Enable AWS Shield Advanced on the management account to shield sensitive resources from unauthorized IAM access.<\/div>\n<p><\/p>\n<style> .hidden-div{ display:none } <\/style>\n<p>\t\t\t\t\t\t\t<button onclick=\"getElementById('hidden-div').style.display = 'block'\"> Show Answer <\/button> <button onclick=\"getElementById('hidden-div').style.display = 'none'\">Hide Answer<\/button><\/p>\n<div class=\"hidden-div\" id=\"hidden-div\"><span style=\"\"><\/p>\n<div class=\"answer\">Correct Answer: <strong>BD<\/strong><\/div>\n<p><\/strong><\/span> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>During a security audit of a Service team\u2019s application, a Solutions Architect discovers that a username and password for an Amazon RDS database and a set of AWS IAM user credentials can be viewed in the AWS Lambda function code. The Lambda function uses the username and password to run queries on the database, and [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,577],"class_list":["post-581","post","type-post","status-publish","format-standard","hentry","category-aws-certified-solutions-architect-professional-sap-c01","tag-aws-certified-solutions-architect-professional-sap-c01","tag-question-574"],"_links":{"self":[{"href":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/wp-json\/wp\/v2\/posts\/581","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/wp-json\/wp\/v2\/comments?post=581"}],"version-history":[{"count":0,"href":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/wp-json\/wp\/v2\/posts\/581\/revisions"}],"wp:attachment":[{"href":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/wp-json\/wp\/v2\/media?parent=581"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/wp-json\/wp\/v2\/categories?post=581"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/wp-json\/wp\/v2\/tags?post=581"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}