ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 129 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 129
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A DevOps engineer is working on a project that is hosted on Amazon Linux and has failed a security review. The DevOps manager has been asked to review the company buildspec.yaml file for an AWS CodeBuild project and provide recommendations. The buildspec.yaml file is configured as follows:



What changes should be recommended to comply with AWS security best practices? (Choose three.)

  • A. Add a post-build command to remove the temporary files from the container before termination to ensure they cannot be seen by other CodeBuild users.
  • B. Update the CodeBuild project role with the necessary permissions and then remove the AWS credentials from the environment variable.
  • C. Store the DB_PASSWORD as a SecureString value in AWS Systems Manager Parameter Store and then remove the DB_PASSWORD from the environment variables.
  • D. Move the environment variables to the ‘db-deploy-bucket’ Amazon S3 bucket, add a prebuild stage to download, then export the variables.
  • E. Use AWS Systems Manager run command versus scp and ssh commands directly to the instance.
  • F. Scramble the environment variables using XOR followed by Base64, add a section to install, and then run XOR and Base64 to the build phase.
Show Suggested Answer Hide Answer
Suggested Answer: BCE 🗳️
by 2pk at May 13, 2023, 11:20 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
WhyIronMan
Highly Voted 1 year, 1 month ago
Selected Answer: BCE
BCE is correct A is WRONG. CodeBuild does not keep files for next builds in that way, once the build is done, the files will be deleted.
upvoted 10 times
...
sb333
Highly Voted 1 year, 9 months ago
Selected Answer: BCE
BCE are the correct answers.
upvoted 5 times
...
heff_bezos
Most Recent 7 months, 2 weeks ago
Selected Answer: BCE
Code Build is a managed service. There's no way for other users to see what's in the container.
upvoted 2 times
...
jamesf
9 months, 1 week ago
Selected Answer: BCE
Prefer BCE Option A incorrect as - CodeBuild does not keep files for next builds in that way, once the build is done, the files will be deleted. - and don't think have such "CodeBuild users"
upvoted 1 times
...
ericphl
9 months, 2 weeks ago
Selected Answer: ABC
ABC seems right.
upvoted 1 times
...
ajeeshb
10 months ago
Selected Answer: ABC
A - Cleans up temp files that stores the my.cnf and the instance key files B - Removes hardcoded AWS credentials C - Securely stores DB password
upvoted 1 times
...
Diego1414
1 year, 2 months ago
Selected Answer: ABC
ABC seems appropriate, since the emphasis is on security.
upvoted 2 times
...
thanhnv142
1 year, 3 months ago
Selected Answer: ABC
ABC are correct: security best practices are related to removing credentials and sensitive data - A remove temporary files is important because they might contain sensitive data - B: <remove the AWS credentials> is removing the access key - C: <remove the DB_PASSWORD> means removing hardcoded DB_PASSWORD All other options dont relate to senstive data or password
upvoted 2 times
...
sarlos
1 year, 4 months ago
its BCE https://stackoverflow.com/questions/76854227/i-want-to-copy-files-to-aws-ec2-using-buildspec-yml-file-the-22-port-is-open-fo
upvoted 1 times
...
zain1258
1 year, 5 months ago
Selected Answer: BCE
It's BCE. A is wrong. I don't think there is any concept of `CodeBuild users`.
upvoted 4 times
...
buiquangbk90
1 year, 8 months ago
BCE https://www.examtopics.com/discussions/amazon/view/46729-exam-aws-devops-engineer-professional-topic-1-question-17/
upvoted 1 times
...
einn
1 year, 9 months ago
Selected Answer: ABC
A: remove sensitive data that could left behind in container B: remove crendentials and use role C: Use SecureString AWS Systems Manager Parameter Store
upvoted 1 times
...
Certified101
1 year, 9 months ago
Selected Answer: BCE
BCE are the correct ones.
upvoted 3 times
...
FunkyFresco
1 year, 10 months ago
Selected Answer: BCE
BCE are the correct ones.
upvoted 3 times
...
Kodoma
1 year, 11 months ago
BCE is correct answer
upvoted 1 times
...
devnv
1 year, 11 months ago
Sorry, I've read again and it's AB & C.
upvoted 3 times
...
devnv
1 year, 11 months ago
Yes BCE are correct
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago