Which solution will meet these requirements?

By:
In: SAP-C02
Tagged:
With: 1 Comment
A company is running an application that uses an Amazon ElastiCache for Redis cluster as a caching layer.A recent security audit revealed that the company has configured encryption at rest for ElastiCache.However, the company did not configure ElastiCache to use encryption in transit.Additionally, users can access the cache without authentication.A solutions architect must make changes to require user authentication and to ensure that the company is using end-to-end encryption.

Which solution will meet these requirements?

Create an AUTH token. Store the token in AWS System Manager Parameter Store, as an encrypted parameter. Create a new cluster with AUTH, and configure encryption in transit. Update the application to retrieve the AUTH token from Parameter Store when necessary and to use the AUTH token for authentication.

Create an AUTH token. Store the token in AWS Secrets Manager. Configure the existing cluster to use the AUTH token, and configure encryption in transit. Update the application to retrieve the AUTH token from Secrets Manager when necessary and to use the AUTH token for authentication.

Create an SSL certificate. Store the certificate in AWS Secrets Manager. Create a new cluster, and configure encryption in transit. Update the application to retrieve the SSL certificate from Secrets Manager when necessary and to use the certificate for authentication.

Create an SSL certificate. Store the certificate in AWS Systems Manager Parameter Store, as an encrypted advanced parameter. Update the existing cluster to configure encryption in transit. Update the application to retrieve the SSL certificate from Parameter Store when necessary and to use the certificate for authentication.

Explanations:

While this option suggests creating an AUTH token and storing it securely, it does not specify the proper method to implement encryption in transit. Additionally, it doesn’t mention using the AUTH token correctly with ElastiCache.

This option correctly proposes creating an AUTH token, storing it in AWS Secrets Manager, and configuring the existing cluster to use this token for authentication. It also addresses enabling encryption in transit, meeting all requirements effectively.

This option incorrectly suggests creating an SSL certificate for authentication, which is not necessary for ElastiCache AUTH. Instead, AUTH tokens should be used for authentication. Furthermore, it does not mention configuring the cluster for AUTH or encryption in transit properly.

Similar to option C, this option wrongly suggests using an SSL certificate for authentication rather than an AUTH token. It fails to adequately address the authentication requirement for ElastiCache and does not include the necessary steps for enabling encryption in transit.

2025-10-14

1 Comment

  1. Paul
    Author

    I surmise that the answer is:
    Create an AUTH token. Store the token in AWS Secrets Manager. Configure the existing cluster to use the AUTH token, and configure encryption in transit. Update the application to retrieve the AUTH token from Secrets Manager when necessary and to use the AUTH token for authentication.

Leave a Reply to Paul Cancel reply

Your email address will not be published. Required fields are marked *

nine + 1 =