ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 56 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 56
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A DevOps engineer has automated a web service deployment by using AWS CodePipeline with the following steps:
1. An AWS CodeBuild project compiles the deployment artifact and runs unit tests.
2. An AWS CodeDeploy deployment group deploys the web service to Amazon EC2 instances in the staging environment.
3. A CodeDeploy deployment group deploys the web service to EC2 instances in the production environment.
The quality assurance (QA) team requests permission to inspect the build artifact before the deployment to the production environment occurs. The QA team wants to run an internal penetration testing tool to conduct manual tests. The tool will be invoked by a REST API call.
Which combination of actions should the DevOps engineer take to fulfill this request? (Choose two.)

  • A. Insert a manual approval action between the test actions and deployment actions of the pipeline.
  • B. Modify the buildspec.yml file for the compilation stage to require manual approval before completion.
  • C. Update the CodeDeploy deployment groups so that they require manual approval to proceed.
  • D. Update the pipeline to directly call the REST API for the penetration testing tool.
  • E. Update the pipeline to invoke an AWS Lambda function that calls the REST API for the penetration testing tool.
Show Suggested Answer Hide Answer
Suggested Answer: AE 🗳️
by alce2020 at April 15, 2023, 5:17 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
tartarus23
Highly Voted 1 year, 10 months ago
Selected Answer: AE
Explanation: The manual approval action (A) will allow the QA team to inspect the build artifact and run their internal penetration testing tool before the deployment to the production environment proceeds. Using an AWS Lambda function (E) would provide an automated way to call the REST API of the penetration testing tool. This would allow for the tests to be conducted automatically within the pipeline. This is beneficial because it ensures consistency in the testing process and could be run programmatically, reducing manual steps.
upvoted 8 times
...
iulian0585
Most Recent 9 months ago
Selected Answer: AE
Option D (updating the pipeline to directly call the REST API for the penetration testing tool) is not recommended because it tightly couples the pipeline with the QA team's tool, making it less flexible and harder to maintain. Using a Lambda function as an intermediary provides better separation of concerns and easier maintainability.
upvoted 2 times
...
jamesf
9 months, 1 week ago
Selected Answer: AE
Should be AE Although there are limitation 15mins of Lambda function. But Option D is wrong as CodePipeline does not have the ability to execute HTTP requests "directly". https://docs.aws.amazon.com/codepipeline/latest/userguide/actions-invoke-lambda-function.html
upvoted 1 times
jamesf
9 months ago
For option A, keywords: conduct manual tests
upvoted 1 times
...
...
zijo
1 year, 1 month ago
This is tricky but AD should be a better choice because of the 15 min timeout of Lambda functions. To call REST API in CodePipeline these are the two options For complex API calls, security requirements, and access to external resources, an AWS Lambda function is the recommended approach. For simple API calls with limited requirements, consider the inline script approach within CodeBuild, but with caution due to security and maintainability limitations.
upvoted 1 times
...
Shasha1
1 year, 2 months ago
AE there is no way to call REST API directly in the code pipeline, it is possible invoke via Lambda function only
upvoted 4 times
...
dzn
1 year, 2 months ago
Selected Answer: AE
CodePipeline does not have the ability to execute HTTP requests "directly".
upvoted 3 times
...
thanhnv142
1 year, 3 months ago
A and D are correct: a manual approval action between the test actions and deployment actions allows tester to verify and test built artifacts before allowing deploying to production B and C: no mentions of test and deployment env E: manual test take more than 15 minutes, which is the maximum execution time of lambda
upvoted 1 times
...
a54b16f
1 year, 3 months ago
Selected Answer: AE
D is wrong, alternative option ( not using Lambda, for example, if the pen testing will take more than 15 minutes) is using codebuild, either add a new codebuild for pen testing, or update existing unit testing codebuild to include pen testing. You should never run Pen testing inside codepipeline directly , it lacks the hooks to collect test result, inform result, etc
upvoted 2 times
...
2pk
1 year, 5 months ago
Selected Answer: AD
Tricky one: CodeDeploy can't do actions directly like invoke REST API but code Build can. e.g. it's mentioned to test build artifacts.. So after the build artifact is created This means the solution uses Code Build even not from Code Build you can setup a python script and run it directly using Code Build Command: I'd not use Lambda as an alternative due to the time taken for penetration tests would take more than 15 mins. and the pipeline would failed with Lambda execution timeout.
upvoted 4 times
shammous
9 months, 1 week ago
The lambda function would just invoke the REST API, it won't execute the pen test itself. An asynchronous mechanism involving SQS could handle the waiting time between the requesting sending and the response receiving, which can indeed last more than 15mn.
upvoted 1 times
...
...
Seoyong
1 year, 8 months ago
conducting manual tests might takes more than 15m.
upvoted 1 times
...
s50600822
1 year, 9 months ago
A, E in practice is a cheap and handy off-switch, recommended, for some contributors to CI/CD that we don't control directly. However, no idea what the writer of the question wanted.
upvoted 1 times
...
DavidPham
1 year, 9 months ago
why don't you choose D
upvoted 1 times
...
habros
1 year, 9 months ago
Selected Answer: AE
I’ll choose AE. I can tie up multiple REST calls in a Lambda and customize it as I wish. A web hook is not flexible in this aspect I feel.
upvoted 2 times
...
madperro
1 year, 10 months ago
Selected Answer: AD
AD, Lambda is not needed, a webhook can call REST API directly.
upvoted 1 times
cocegas
1 year, 8 months ago
But there is no option to invoke call an API directly = https://docs.aws.amazon.com/codepipeline/latest/userguide/integrations-action-type.html#integrations-invoke
upvoted 1 times
...
...
bcx
1 year, 11 months ago
Selected Answer: AE
"AWS Lambda is a compute service that lets you run code without provisioning or managing servers. You can create Lambda functions and add them as actions in your pipelines. Because Lambda allows you to write functions to perform almost any task, you can customize the way your pipeline works. " https://docs.aws.amazon.com/codepipeline/latest/userguide/actions-invoke-lambda-function.html
upvoted 3 times
...
qsergii
1 year, 11 months ago
Selected Answer: AD
A & D, lambda (E) is extra and not needed.
upvoted 2 times
...
Akaza
1 year, 11 months ago
Selected Answer: AE
Yepp A, E for me
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago