0
0
AWScloud~20 mins

Secrets Manager for credentials in AWS - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Secrets Manager Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
service_behavior
intermediate
2:00remaining
How does AWS Secrets Manager rotate credentials automatically?

A developer wants AWS Secrets Manager to automatically rotate database credentials every 30 days. Which mechanism enables this automatic rotation?

ABy configuring a Lambda rotation function linked to the secret that updates credentials on schedule
BBy manually updating the secret value every 30 days in the console
CBy enabling automatic rotation in IAM user settings
DBy setting a CloudWatch alarm to notify when credentials expire
Attempts:
2 left
💡 Hint

Think about how AWS Secrets Manager can run code to update credentials without manual intervention.

security
intermediate
2:00remaining
Which IAM policy grants least privilege to read a specific secret?

You want to allow an application to read only one secret named prod/db-password from AWS Secrets Manager. Which IAM policy snippet grants the least privilege?

A{"Effect":"Allow","Action":"secretsmanager:GetSecretValue","Resource":"*"}
B{"Effect":"Allow","Action":"secretsmanager:GetSecretValue","Resource":"arn:aws:secretsmanager:region:account-id:secret:prod/db-password-*"}
C{"Effect":"Allow","Action":"secretsmanager:*","Resource":"*"}
D{"Effect":"Allow","Action":["secretsmanager:GetSecretValue","secretsmanager:DescribeSecret"],"Resource":"arn:aws:secretsmanager:region:account-id:secret:prod/db-password-*"}
Attempts:
2 left
💡 Hint

Least privilege means only needed actions on only the specific secret.

Architecture
advanced
2:00remaining
Designing secure access to secrets for multiple microservices

You have multiple microservices running on AWS ECS that need access to different secrets stored in AWS Secrets Manager. What is the best architecture to securely provide each microservice access only to its required secrets?

ACreate one IAM role per microservice with permissions scoped to only its secrets, and assign the role to the ECS task
BStore all secrets in one secret and share it with all microservices
CUse a single IAM role for all microservices with permissions to all secrets
DEmbed secrets directly in the container images for each microservice
Attempts:
2 left
💡 Hint

Think about isolating permissions per microservice to follow security best practices.

Configuration
advanced
2:00remaining
What is the correct AWS CLI command to retrieve a secret value?

You want to retrieve the plaintext value of a secret named prod/api-key using AWS CLI. Which command will return only the secret string?

Aaws secretsmanager get-secret-value --secret-id prod/api-key
Baws secretsmanager describe-secret --secret-id prod/api-key
Caws secretsmanager get-secret-value --secret-id prod/api-key --query SecretString --output text
Daws secretsmanager list-secrets --filters Key=name,Values=prod/api-key
Attempts:
2 left
💡 Hint

Focus on extracting only the secret string, not metadata.

Best Practice
expert
3:00remaining
Ensuring secure secret access in a multi-account AWS environment

Your company uses multiple AWS accounts for development, testing, and production. You want to centralize secret management in one account but allow secure read access to secrets from other accounts. What is the best practice to achieve this?

AUse AWS S3 buckets with public read access to store secrets
BUse resource-based policies on secrets in the central account to allow cross-account IAM roles from other accounts to access secrets
CShare IAM users across accounts with the same credentials
DCopy secrets manually to each account and manage them separately
Attempts:
2 left
💡 Hint

Think about how AWS Secrets Manager supports cross-account access securely.