Bird
0
0

A developer sets an environment variable SECRET_KEY in Lambda but accidentally exposes it in logs. What is the best way to prevent this?

medium📝 Debug Q7 of 15
AWS - Lambda
A developer sets an environment variable SECRET_KEY in Lambda but accidentally exposes it in logs. What is the best way to prevent this?
ADisable CloudWatch Logs
BUse AWS Lambda encryption helpers to encrypt environment variables
CRemove the environment variable from Lambda
DSet environment variable as plaintext
Step-by-Step Solution
Solution:

  1. Step 1: Identify secure environment variable handling

    AWS Lambda encryption helpers allow encrypting environment variables to prevent exposure in logs.

  2. Step 2: Evaluate other options

    Removing variable disables functionality, disabling logs loses monitoring, plaintext increases risk.

  3. Final Answer:

    Use AWS Lambda encryption helpers to encrypt environment variables -> Option B

  4. Quick Check:

    Encrypt env vars to protect secrets [OK]
Quick Trick: Encrypt environment variables to protect secrets [OK]
Common Mistakes:
MISTAKES
  • Disabling logs instead of securing data
  • Removing variables without replacement
  • Leaving secrets as plaintext

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
API Gateway - API Gateway throttling - Quiz 15hard AWS Lambda - Why serverless matters - Quiz 7medium AWS Lambda - Creating a Lambda function - Quiz 12easy Auto Scaling - Scheduled scaling - Quiz 11easy Auto Scaling - Scaling policies (target tracking, step, simple) - Quiz 13medium CloudWatch - CloudWatch metrics - Quiz 8hard CloudWatch - CloudWatch alarms - Quiz 14medium CloudWatch - Why monitoring matters - Quiz 8hard DynamoDB - Tables, items, and attributes - Quiz 10hard DynamoDB - Time to live (TTL) for expiration - Quiz 8hard