ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 323 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 323
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company has a continuous integration pipeline where the company creates container images by using AWS CodeBuild. The created images are stored in Amazon Elastic Container Registry (Amazon ECR).

Checking for and fixing the vulnerabilities in the images takes the company too much time. The company wants to identify the image vulnerabilities quickly and notify the security team of the vulnerabilities.

Which combination of steps will meet these requirements with the LEAST operational overhead? (Choose two.)

  • A. Activate Amazon Inspector enhanced scanning for Amazon ECR. Configure the enhanced scanning to use continuous scanning. Set up a topic in Amazon Simple Notification Service (Amazon SNS).
  • B. Create an Amazon EventBridge rule for Amazon Inspector findings. Set an Amazon Simple Notification Service (Amazon SNS) topic as the rule target.
  • C. Activate AWS Lambda enhanced scanning for Amazon ECR. Configure the enhanced scanning to use continuous scanning. Set up a topic in Amazon Simple Email Service (Amazon SES).
  • D. Create a new AWS Lambda function. Invoke the new Lambda function when scan findings are detected.
  • E. Activate default basic scanning for Amazon ECR for all container images. Configure the default basic scanning to use continuous scanning. Set up a topic in Amazon Simple Notification Service (Amazon SNS).
Show Suggested Answer Hide Answer
Suggested Answer: AB 🗳️
by teo2157 at Dec. 17, 2024, 4:32 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Srikantha
4 weeks, 1 day ago
Selected Answer: AB
✅ A. Amazon Inspector Enhanced Scanning + SNS Amazon Inspector now supports enhanced container image scanning. It can be configured to use continuous scanning, which means images are scanned as soon as they are pushed or updated in ECR. SNS is used to send notifications (email, SMS, or to other systems). This setup requires minimal configuration and provides automated security insights. ✅ B. EventBridge rule for Inspector findings Inspector findings are emitted as EventBridge events. Creating an EventBridge rule to trigger SNS when findings occur allows you to immediately alert the security team. No need for custom logic — EventBridge to SNS is low-maintenance and scalable.
upvoted 1 times
...
teo2157
4 months, 2 weeks ago
Selected Answer: AB
It's AB based on this https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning-enhanced.html
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago