AWS Certified Data Engineer – Associate (DEA-C01) — Question 54

During a security review, a company identified a vulnerability in an AWS Glue job. The company discovered that credentials to access an Amazon Redshift cluster were hard coded in the job script.
A data engineer must remediate the security vulnerability in the AWS Glue job. The solution must securely store the credentials.
Which combination of steps should the data engineer take to meet these requirements? (Choose two.)

Answer options

• A. Store the credentials in the AWS Glue job parameters.
• B. Store the credentials in a configuration file that is in an Amazon S3 bucket.
• C. Access the credentials from a configuration file that is in an Amazon S3 bucket by using the AWS Glue job.
• D. Store the credentials in AWS Secrets Manager.
• E. Grant the AWS Glue job IAM role access to the stored credentials.

Correct answer: D, E

Explanation

The correct answer is D and E because AWS Secrets Manager is designed to securely store sensitive information like credentials, and granting the AWS Glue job's IAM role access ensures it can retrieve those credentials when needed. Options A and B are not secure methods for storing sensitive information, while option C, although it involves accessing credentials, does not provide a secure storage solution.