ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 75 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 75
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company has developed a serverless web application that is hosted on AWS. The application consists of Amazon S3. Amazon API Gateway, several AWS Lambda functions, and an Amazon RDS for MySQL database. The company is using AWS CodeCommit to store the source code. The source code is a combination of AWS Serverless Application Model (AWS SAM) templates and Python code.
A security audit and penetration test reveal that user names and passwords for authentication to the database are hardcoded within CodeCommit repositories. A DevOps engineer must implement a solution to automatically detect and prevent hardcoded secrets.
What is the MOST secure solution that meets these requirements?

  • A. Enable Amazon CodeGuru Profiler. Decorate the handler function with @with_lambda_profiler(). Manually review the recommendation report. Write the secret to AWS Systems Manager Parameter Store as a secure string. Update the SAM templates and the Python code to pull the secret from Parameter Store.
  • B. Associate the CodeCommit repository with Amazon CodeGuru Reviewer. Manually check the code review for any recommendations. Choose the option to protect the secret. Update the SAM templates and the Python code to pull the secret from AWS Secrets Manager.
  • C. Enable Amazon CodeGuru Profiler. Decorate the handler function with @with_lambda_profiler(). Manually review the recommendation report. Choose the option to protect the secret. Update the SAM templates and the Python code to pull the secret from AWS Secrets Manager.
  • D. Associate the CodeCommit repository with Amazon CodeGuru Reviewer. Manually check the code review for any recommendations. Write the secret to AWS Systems Manager Parameter Store as a string. Update the SAM templates and the Python code to pull the secret from Parameter Store.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by haazybanj at May 1, 2023, 7:42 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
haazybanj
Highly Voted 1 year, 6 months ago
Selected Answer: B
B The MOST secure solution that meets the requirement of automatically detecting and preventing hardcoded secrets is to use AWS CodeGuru Reviewer to check the code for any hardcoded secrets, and then update the SAM templates and Python code to retrieve the secrets from AWS Secrets Manager. Option B is the correct answer. By associating the CodeCommit repository with Amazon CodeGuru Reviewer, the code can be checked for any hardcoded secrets during code reviews. When a hardcoded secret is detected, CodeGuru Reviewer will recommend updating the code to retrieve the secret from a secure storage service like AWS Secrets Manager. The DevOps engineer can choose the option to protect the secret and then update the SAM templates and Python code to retrieve the secret from AWS Secrets Manager instead of hardcoding it in the code.
upvoted 12 times
...
rhinozD
Highly Voted 1 year, 4 months ago
Selected Answer: B
B is correct. CodeGuru Reviewer for security problems. Amazon CodeGuru Profiler is for performance.
upvoted 8 times
...
thanhnv142
Most Recent 9 months ago
B is correct: <implement a solution to automatically detect and prevent hardcoded secrets> means we need CodeGuru reviewer to analyze the code and uncover hardcoded credentials. A and C: no mention of CodeGuru reviewer D: using System Manager Parameter store is a good method to avoid hardcoded credentials. However, the question requires <the MOST secure solution>, so we should use AWS secret manager (option B). It costs more than Para store, but more secure.
upvoted 1 times
...
a16a848
10 months, 1 week ago
Selected Answer: C
I'd say it's C, because the system to examine includes Python code and CodeGuru profiles for Python needs the decorator: https://docs.aws.amazon.com/codeguru/latest/profiler-ug/python-lambda.html
upvoted 1 times
...
Aja1
1 year, 3 months ago
option C https://docs.aws.amazon.com/codeguru/latest/profiler-ug/python-lambda-command-line.html
upvoted 1 times
Aja1
1 year, 2 months ago
Sorry B Amazon CodeGuru Reviewer and Amazon CodeGuru Profiler are both tools that can be used to improve the quality and security of your code. However, they have different strengths and weaknesses. CodeGuru Reviewer is a static code analysis tool that can be used to find potential defects in your code. It can scan your code for hardcoded secrets, security vulnerabilities, and other potential problems. CodeGuru Reviewer can also provide recommendations on how to fix the problems that it finds. CodeGuru Profiler is a dynamic code analysis tool that can be used to understand how your code performs. It can track the performance of your code, identify bottlenecks, and suggest ways to improve performance. CodeGuru Profiler can also be used to find potential memory leaks and other performance problems.
upvoted 6 times
...
...
MarDog
1 year, 4 months ago
Selected Answer: B
Definitely B.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago