ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 10 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 10
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A security review has identified that an AWS CodeBuild project is downloading a database population script from an Amazon S3 bucket using an unauthenticated request. The security team does not allow unauthenticated requests to S3 buckets for this project.
How can this issue be corrected in the MOST secure manner?

  • A. Add the bucket name to the AllowedBuckets section of the CodeBuild project settings. Update the build spec to use the AWS CLI to download the database population script.
  • B. Modify the S3 bucket settings to enable HTTPS basic authentication and specify a token. Update the build spec to use cURL to pass the token and download the database population script.
  • C. Remove unauthenticated access from the S3 bucket with a bucket policy. Modify the service role for the CodeBuild project to include Amazon S3 access. Use the AWS CLI to download the database population script.
  • D. Remove unauthenticated access from the S3 bucket with a bucket policy. Use the AWS CLI to download the database population script using an IAM access key and a secret access key.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by ele at April 7, 2023, 2:24 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
thanhnv142
Highly Voted 1 year, 3 months ago
C is correct: + Remove unauthenticated access from the S3 bucket with a bucket policy + Modify the service role for the CodeBuild project to include Amazon S3 access.
upvoted 6 times
...
namtp
Most Recent 9 months ago
Selected Answer: C
C is a correct answer. Inside AWS, using of service roles is the best option.
upvoted 1 times
...
z_inderjot
1 year, 4 months ago
Selected Answer: C
all these questions seem fairly to be part of aws devops exam
upvoted 3 times
...
zain1258
1 year, 6 months ago
Selected Answer: C
C is correct
upvoted 1 times
...
Cervus18
1 year, 6 months ago
Selected Answer: C
Involves using a service role also, which make it the most secure manner
upvoted 2 times
...
SanChan
1 year, 10 months ago
Selected Answer: C
C is the correct answer because it involves removing unauthenticated access from the S3 bucket with a bucket policy, which ensures that only authorized users or services can access the bucket.
upvoted 4 times
...
madperro
1 year, 10 months ago
Selected Answer: C
C is the best answer.
upvoted 1 times
...
alce2020
2 years ago
c is the answer
upvoted 2 times
...
ataince
2 years ago
c is the answer.
upvoted 1 times
...
ele
2 years ago
Selected Answer: C
C most secure
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago