Practice Test

True or False: AWS Secrets Manager helps to securely encrypt, store, and manage sensitive information like database credentials.

  • True

Answer: True

Explanation: AWS Secrets Manager protects access to applications, services, and IT resources. This eliminates upfront and ongoing security expenditures, and reduces the risk of exposing sensitive information.

What type of data is AWS Systems Manager Parameter Store designed to manage?

  • a) Non-sensitive data and application configuration settings.
  • b) Sensitive information like passwords, database strings, and license codes.
  • c) Web application data.
  • d) Cloud storage data.

Answer: b) Sensitive information like passwords, database strings, and license codes.

Explanation: AWS Systems Manager Parameter Store helps in managing, storing, and retrieving sensitive information like database strings, license codes, and passwords securely.

True or False: AWS Secrets Manager is less expensive than AWS Systems Manager Parameter Store.

  • False

Answer: False

Explanation: Unlike AWS Secrets Manager, AWS Systems Manager Parameter Store is free, hence making AWS Secrets Manager more expensive.

AWS Secrets Manager can automatically rotate secret credentials without requiring code updates:

  • a) Only for AWS RDS.
  • b) Only for AWS ElasticCache.
  • c) For all AWS resources.
  • d) For AWS RDS, documentDB, and Redshift.

Answer: d) For AWS RDS, documentDB, and Redshift.

Explanation: AWS Secrets Manager includes built-in integration for Amazon RDS, Amazon DocumentDB, and Amazon Redshift to easily rotate, manage, and retrieve database credentials to access these services.

What does AWS Secrets Manager use to encrypt secrets?

  • a) AWS Key Management Service (KMS)
  • b) AWS Encryption SDK
  • c) AES-256 encryption
  • d) AWS Certificate Manager

Answer: a) AWS Key Management Service (KMS)

Explanation: AWS Secrets Manager uses AWS Key Management Service (KMS) to encrypt the secrets at rest.

True or False: With AWS Systems Manager Parameter Store, the parameters are limited to 64 KB.

  • False

Answer: False

Explanation: AWS Systems Manager Parameter Store allows standard parameters, which have a maximum length of 4,096 characters, and advanced parameters that do have a maximum size of 64 KB.

True or False: To retrieve secrets from AWS Secrets Manager, you need to modify the application to include a call to the Secrets Manager APIs.

  • True

Answer: True

Explanation: An application needs to call the API of Secrets Manager to retrieve secrets. The application then decrypts these secrets for use in the application stack.

AWS Secrets Manager does not support which of the methods to access the secret?

  • a) CLI
  • b) API Calls
  • c) SDK
  • d) All are Supported

Answer: d) All are Supported

Explanation: The AWS Secrets Manager supports all these methods – CLI, API calls, and SDK – to access the secret.

Which AWS service will help you to track changes in your secret over time?

  • a) AWS Secrets Manager
  • b) AWS CloudTrail
  • c) AWS Systems Manager Parameter Store
  • d) All of the above

Answer: b) AWS CloudTrail

Explanation: AWS CloudTrail allows you to track changes to your secrets, it provides history of AWS API calls for your account, including API calls made via the AWS Management Console, AWS SDKs, command-line tools, and other AWS services, including AWS Secrets Manager.

True or False: AWS Secrets Manager is region-specific.

  • True

Answer: True

Explanation: Like many other AWS services, AWS Secrets Manager is region-specific and you need to choose the area where you want to store your secrets.

Interview Questions

What is AWS Secrets Manager designed for?

AWS Secrets Manager is designed for protecting access to applications, services, and IT resources. It enables users to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.

What benefits do you get from using the AWS Systems Manager Parameter Store?

AWS Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management. It helps keep systems in compliance by controlling who can access this information and auditing access and retrieval of secrets.

When would you typically use AWS Secrets Manager?

AWS Secrets Manager is typically used to replace hardcoded secrets in your applications with an API call to Secrets Manager to retrieve these secrets programmatically.

Can AWS Secrets Manager handle the credentials used to access services outside of AWS?

Yes, AWS Secrets Manager can certainly store and manage the credentials used to access external services, not only AWS services.

How does AWS Secrets Manager support the principle of least privilege?

AWS Secrets Manager supports the principle of least privilege by allowing admins to configure fine-grained policies to define who can access secrets. Also, every secret access request is logged into AWS CloudTrail to achieve better visibility.

How does the Secrets Manager integrate with AWS IAM?

Secrets Manager integrates with IAM so you can control which employees or applications can access secrets. IAM policies can specify who can create, retrieve, update, or delete secrets.

What is the difference between AWS Secrets Manager and AWS Parameter Store?

While both solutions store secrets, AWS Secrets Manager is more advanced, offering features such as automatic rotation of secrets and closer integration with other AWS services. However, AWS Parameter Store is a low-cost, simple solution if basic secret storage is all you need.

Does AWS Secrets Manager rotate all secrets automatically?

AWS Secrets Manager doesn’t automatically rotate all secrets. You can configure it to rotate secrets for Amazon RDS, Amazon DocumentDB, and Amazon Redshift automatically. For other secrets or databases, you need to write custom Lambda functions.

How does AWS Secrets Manager rotate secrets for databases hosted on Amazon RDS?

AWS Secrets Manager rotates secrets for databases on Amazon RDS by creating a new secret and then changing the database password to match the new secret.

What types of secrets can you store with AWS Secrets Manager?

You can store API keys, database credentials, and other sensitive configuration details with AWS Secrets Manager.

With AWS Systems Manager Parameter Store, how are secrets encrypted?

Secrets in AWS Systems Manager Parameter Store are encrypted using AWS Key Management Service (AWS KMS).

How is AWS Secrets Manager billed?

AWS Secrets Manager is billed based on secrets stored and API operations performed.

Can you access the AWS Secrets Manager from within a VPC?

Yes, you can access AWS Secrets Manager from within a VPC using a VPC endpoint.

Can AWS Secrets Manager be used in multi-cloud environments?

Yes, AWS Secrets Manager can store and retrieve secrets in any environment, including multi-cloud environments.

How long are secrets retained in AWS Secrets Manager?

Secrets in AWS Secrets Manager are retained until they are explicitly deleted. After deletion, there is a recovery window of 7 to 30 days.

Leave a Reply

Your email address will not be published. Required fields are marked *