ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 74 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 74
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company is using an AWS CodeBuild project to build and package an application. The packages are copied to a shared Amazon S3 bucket before being deployed across multiple AWS accounts.
The buildspec.yml file contains the following:

The DevOps engineer has noticed that anybody with an AWS account is able to download the artifacts.
What steps should the DevOps engineer take to stop this?

  • A. Modify the post_build command to use --acl public-read and configure a bucket policy that grants read access to the relevant AWS accounts only.
  • B. Configure a default ACL for the S3 bucket that defines the set of authenticated users as the relevant AWS accounts only and grants read-only access.
  • C. Create an S3 bucket policy that grants read access to the relevant AWS accounts and denies read access to the principal “*”.
  • D. Modify the post_build command to remove --acl authenticated-read and configure a bucket policy that allows read access to the relevant AWS accounts only.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by haazybanj at May 1, 2023, 7:39 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
haazybanj
Highly Voted 2 years ago
Selected Answer: D
D is correct
upvoted 14 times
...
beanxyz
Highly Voted 1 year, 8 months ago
Selected Answer: A
--acl authenticated-read means any authenticated users can read the S3 bucket. We should remove it and configure the bucket policy to explicitly grant access
upvoted 5 times
beanxyz
1 year, 8 months ago
I mean D...
upvoted 6 times
...
...
jamesf
Most Recent 9 months, 1 week ago
Selected Answer: D
"--acl authenticated-read" means any authenticated users can read the S3 bucket. We should remove it and configure the bucket policy to explicitly grant access
upvoted 3 times
...
zijo
1 year ago
D is the answer ACL-authenticated users: This refers to any user who has successfully authenticated with AWS credentials, including IAM users and federated users. It does not include anonymous users (public access). It's generally recommended to use bucket policies for access control in S3 rather than ACLs. Bucket policies offer more granular control and better security practices. You can achieve "acl-authenticated reads" access using a bucket policy as well.
upvoted 2 times
...
dzn
1 year, 2 months ago
Selected Answer: D
`remove --acl authenticated-read` is required to fulfill the requirement.
upvoted 4 times
...
thanhnv142
1 year, 3 months ago
B is correct: In the "buildspec.yml file", we see that there is "--acl authenticated-read". This allow all aws users who successfully authen to AWS can download the file. To restrict access, we need to modify ACL that only grant access to some specific users. Note that we should not use bucket policy because it will affect all ojbects in the bucket (that is why it is called BUCKET policy). We only need to restrict acess to an object, then ACL is the right choice. A is incorrect: Use use --acl public-read means we allow all user to access the object C and D: Use bucket policy, which is incorrect
upvoted 1 times
...
zolthar_z
1 year, 5 months ago
Selected Answer: D
D is correct
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago