ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS DevOps Engineer Professional All Questions

View all questions & answers for the AWS DevOps Engineer Professional exam
Go to Exam

Exam AWS DevOps Engineer Professional topic 1 question 196 discussion

Exam question from Amazon's AWS DevOps Engineer Professional
Question #: 196
Topic #: 1
[All AWS DevOps Engineer Professional Questions]

A company needs to scan code changes for security issues before deployment and must prevent noncompliant code from being deployed. The company uses an AWS CodePipeline pipeline that starts when code changes occur. The code changes occur many times each day.

The company's security team supports a third-party application for code scans and has provided command-line integration steps to submit code scans. The code scan step requires a user name and password.

Which solution will meet these requirements in the MOST secure way?

  • A. Create a new AWS CodeBuild project. Configure the user name and password in an environment variable. Use the user name and password to run the command-line integration steps. Update the CodePipeline pipeline to include a new scan stage. In the new scan stage, include a test action that uses the newly created CodeBuild project.
  • B. Create a new AWS CodeBuild project. Store the user name and password as a secret in AWS Secrets Manager Read the secret from Secrets Manager. Use the user name and password to run the command-line integration steps. Update the CodePipeline pipeline to include a new scan stage. In the new scan stage, include a test action that uses the newly created CodeBuild project.
  • C. Create a new AWS CodeBuild project. Store the user name and password as a string in AWS Systems Manager Parameter Store. Read the string from Parameter Store. Use the user name and password to run the command-line integration steps. Update the CodePipeline pipeline to include a new scan stage. In the new scan stage, include a test action that uses the newly created CodeBuild project.
  • D. Upload the user name and password in an encrypted JSON file to an Amazon S3 bucket that has a specific policy to allow only administrators to read the file. Create a new AWS CodeBuild project. Use the user name and password from the file in Amazon S3 to run the command-line integration steps. Update the CodePipeline pipeline to include a new scan stage. In the new scan stage, include a test action that uses the newly created CodeBuild project.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by CloudFloater at March 1, 2023, 5:39 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
CloudFloater
Highly Voted 2 years, 2 months ago
Selected Answer: B
B is most secure way
upvoted 5 times
...
easytoo
Most Recent 2 years ago
It's B. if you need to store secrets like API keys, database credentials, and certificates, Secrets Manager is the best choice. On the other hand, if you need to store configuration data like application settings and parameters, Parameter Store is the better option.
upvoted 1 times
...
ParagSanyashiv
2 years ago
Selected Answer: B
B is more secure
upvoted 2 times
...
tycho
2 years ago
Parameter Store in theory can do the same with 'secure' string. Here he secret manager looks better...
upvoted 1 times
...
Mark1000
2 years, 2 months ago
B is correct (Secret Manager is key)
upvoted 3 times
...
catboy
2 years, 2 months ago
agree with B
upvoted 2 times
...
saeidp
2 years, 2 months ago
Selected Answer: B
B is correct "Secret manager"
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago