Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 264 discussion

A - unlisted does not prevent download B - deleted is not a valid code artifact package version status C- archived will prevent download https://docs.aws.amazon.com/codeartifact/latest/ug/packages-overview.html#package-version-status

I had this question in my exam and checking what was the correct option for the package version led me here. C - archived seems to be the right one. A - unlisted will only remove the package version from the list of versions returned to package managers, but it WILL NOT prevent the download. B - deleted - it's not a valid package version status (https://docs.aws.amazon.com/codeartifact/latest/ug/packages-overview.html#package-version-status) C - archived - will block the package version download. D - Allow direct publishing will give the internal team permissions to upload the new version of the package E - block direct publishing means the package version are updated from external (public) repos More on the packages origin control settings here: https://docs.aws.amazon.com/codeartifact/latest/ug/package-origin-controls.html

If there's a critical vulnerability, there's no reason to archive instead of deleting https://docs.aws.amazon.com/codeartifact/latest/ug/delete-package.html

There is no delete version status - https://docs.aws.amazon.com/codeartifact/latest/ug/packages-overview.html#package-version-status

you have to delete it not archive it

Option B: Update the status of the affected CodeArtifact package version to deleted. This action will prevent the vulnerable version from being accessible. Option D: Update the CodeArtifact package origin control settings to allow direct publishing and block upstream operations. This ensures that only the security team can publish the patched version directly.

C. Update the status of the affected CodeArtifact package version to archived. - Reason: Setting the package version status to Archived will prevent it from being downloaded while still retaining its metadata. This ensures that the vulnerable version cannot be accessed or used but allows you to track or potentially restore it later if needed. D. Update the CodeArtifact package origin control settings to allow direct publishing and to block upstream operations. - Reason: Allowing direct publishing and blocking upstream operations will enable the security team to publish the patched version directly to your repository without being blocked by upstream restrictions. This ensures that the patched version can be made available while preventing any interference from upstream repositories.

---> BD

By allowing direct publishing, the security team can publish the patched version directly to the CodeArtifact repository. Blocking upstream operations ensures that only the patched version is available and prevents the vulnerable version from being pulled from the upstream repository.

-----> B,D

VOTE B,D

BE https://aws.amazon.com/blogs/devops/tighten-your-package-security-with-codeartifact-package-origin-control-toolkit/