ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS DevOps Engineer Professional All Questions

View all questions & answers for the AWS DevOps Engineer Professional exam
Go to Exam

Exam AWS DevOps Engineer Professional topic 1 question 72 discussion

Exam question from Amazon's AWS DevOps Engineer Professional
Question #: 72
Topic #: 1
[All AWS DevOps Engineer Professional Questions]

A company is deploying a container-based application using AWS CodeBuild. The Security team mandates that all containers are scanned for vulnerabilities prior to deployment using a password-protected endpoint. All sensitive information must be stored securely.
Which solution should be used to meet these requirements?

  • A. Encrypt the password using AWS KMS. Store the encrypted password in the buildspec.yml file as an environment variable under the variables mapping. Reference the environment variable to initiate scanning.
  • B. Import the password into an AWS CloudHSM key. Reference the CloudHSM key in the buildpec.yml file as an environment variable under the variables mapping. Reference the environment variable to initiate scanning.
  • C. Store the password in the AWS Systems Manager Parameter Store as a secure string. Add the Parameter Store key to the buildspec.yml file as an environment variable under the parameter-store mapping. Reference the environment variable to initiate scanning.
  • D. Use the AWS Encryption SDK to encrypt the password and embed in the buildspec.yml file as a variable under the secrets mapping. Attach a policy to CodeBuild to enable access to the required decryption key.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Augustoosouza at Aug. 11, 2020, 9:57 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Augustoosouza
Highly Voted 3 years, 7 months ago
Ans C https://docs.aws.amazon.com/pt_br/codebuild/latest/userguide/build-spec-ref.html
upvoted 12 times
...
Piccaso
Most Recent 2 years, 2 months ago
Selected Answer: C
A: "Store the encrypted password in the buildspec.yml file ..." , does it make any sense ? B: AWS CloudHSM lets you manage and access your keys on FIPS-validated hardware, protected with customer-owned, single-tenant HSM instances that run in your own Virtual Private Cloud (VPC), does not match this context. D: unreliable method
upvoted 2 times
...
Bulti
2 years, 3 months ago
C is the right answer
upvoted 1 times
...
saggy4
2 years, 4 months ago
Selected Answer: C
It is C
upvoted 1 times
...
gmandala
3 years, 6 months ago
C it is
upvoted 1 times
...
dnevado
3 years, 6 months ago
Its completely C
upvoted 1 times
...
jackdryan
3 years, 6 months ago
I'll go with C
upvoted 3 times
...
ChauPhan
3 years, 7 months ago
C is fine
upvoted 1 times
...
incorrigble_maverick
3 years, 7 months ago
C without a shadow of a doubt
upvoted 2 times
...
halfway
3 years, 7 months ago
C. Store password in System manager parameter store.
upvoted 1 times
...
krrish96
3 years, 7 months ago
I will go with C
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago