STION NO: 63
A company has a serverless application for internal users deployed on AWS. The application uses AWS Lambda for the front end and for business logic. The Lambda function accesses an Amazon RDS database inside a VPC. The company uses AWS Systems Manager Parameter Store for storing database credentials.
A recent security review highlighted the following issues.
• The Lambda function has internet access.
• The relational database is publicly accessible.
• The database credentials are not stored in an encrypted state.
Which combination of steps should the company take to resolve these security issues? (Select THREE)
A . Disable public access to the RDS database inside the VPC
B . Move all the Lambda functions inside the VP
D . Edit the IAM role used by Lambda to restrict internet access.
E . Create a VPC endpoint for Systems Manager. Store the credentials as a string parameter. Change the parameter type to an advanced parameter.
F . Edit the IAM role used by RDS to restrict internet access.
G . Create a VPC endpoint for Systems Manager. Store the credentials as a Secure String parameter.
Answer: A,B,E