AWS Certified Security – Specialty — Question 6

A water utility company uses a number of Amazon EC2 instances to manage updates to a fleet of 2,000 Internet of Things (IoT) field devices that monitor water quality. These devices each have unique access credentials.
An operational safety policy requires that access to specific credentials is independently auditable.
What is the MOST cost-effective way to manage the storage of credentials?

Answer options

• A. Use AWS Systems Manager to store the credentials as Secure Strings Parameters. Secure by using an AWS KMS key.
• B. Use AWS Key Management System to store a master key, which is used to encrypt the credentials. The encrypted credentials are stored in an Amazon RDS instance.
• C. Use AWS Secrets Manager to store the credentials.
• D. Store the credentials in a JSON file on Amazon S3 with server-side encryption.

Correct answer: A

Explanation

Using AWS Systems Manager to store credentials as Secure Strings Parameters is cost-effective and allows for independent auditing, meeting the operational safety policy's requirements. While AWS Secrets Manager is an option, it typically incurs higher costs compared to Systems Manager. Storing credentials in an RDS instance or a JSON file on S3 may introduce unnecessary complexity and potential security risks.