ITGSS Certified DevOps Engineer Practice Test

Which AWS service is considered more expensive than a parameter store but offers more features?

• A. Parameter store
• B. Secrets manager
• C. AWS Lambda
• D. S3 bucket

The correct answer is: Secrets manager

The AWS Secrets Manager is a service specifically designed to store, manage, and retrieve sensitive information, such as credentials and API keys. It is considered more expensive than the Parameter Store because it offers additional features that enhance its functionality and provide a higher level of security and manageability. One of the primary advantages of Secrets Manager over Parameter Store is its ability to automatically rotate secrets on a defined schedule without requiring additional code. This is crucial for maintaining security best practices, as it reduces the risk of credential leakage over time. Furthermore, Secrets Manager integrates with various AWS services and provides fine-grained access control through AWS Identity and Access Management (IAM) policies, allowing for a more secure and flexible management process. In addition, Secrets Manager offers built-in support for encrypting secrets at rest and in transit, further enhancing their security posture. This level of protection, along with the automatically managed lifecycle of secrets, makes it a preferable option for applications requiring stringent security measures while being a more costly solution compared to Parameter Store. Other options listed do not serve the same purpose as a secret management solution, making them less relevant in this context. AWS Lambda, for instance, is primarily a serverless compute service, and while S3 buckets are used for object storage, they do