ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 312 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 312
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company uses Amazon Elastic Container Registry (Amazon ECR) private registries to store container images.

A DevOps team needs to ensure that the container images are regularly scanned for software package vulnerabilities.

Which solution will meet this requirement?

  • A. Enable enhanced scanning for private registries in Amazon ECR.
  • B. Enable basic continuous scanning for private registries in Amazon ECR.
  • C. Create an AWS System Manager Automation document to scan images by using the AWS SDK. Configure the Automation document to run when a new image is pushed to an ECR registry.
  • D. Create an AWS Lambda function that scans all images in Amazon ECR by using the AWS SDK. Create an Amazon EventBridge rule to invoke the Lambda function each day.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by phu0298 at Nov. 27, 2024, 4:10 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Srikantha
3 months ago
Selected Answer: A
Why is Option A the Best Choice? Enhanced scanning provides the most comprehensive security coverage. It uses AWS-provided and third-party scanning tools (e.g., Amazon Inspector). It scans continuously and provides detailed vulnerability reports. Supports automatic scanning on image push and periodic rescanning. This ensures new images and existing images are continuously monitored. No need for custom scripts or Lambda functions. Fully managed by AWS → low operational overhead.
upvoted 1 times
...
phu0298
7 months ago
Selected Answer: A
Amazon ECR offers two levels of image scanning: 1. Basic Scanning: Detects vulnerabilities when images are pushed to the repository. 2. Enhanced Scanning: Provides continuous scanning of images, including detailed reports and automatic rescans when vulnerabilities are published.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel