ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS DevOps Engineer Professional All Questions

View all questions & answers for the AWS DevOps Engineer Professional exam
Go to Exam

Exam AWS DevOps Engineer Professional topic 1 question 96 discussion

Exam question from Amazon's AWS DevOps Engineer Professional
Question #: 96
Topic #: 1
[All AWS DevOps Engineer Professional Questions]

A security review has identified that an AWS CodeBuild project is downloading a database population script from an Amazon S3 bucket using an unauthenticated request. The security team does not allow unauthenticated requests to S3 buckets for this project.

How can this issue be corrected in the MOST secure manner?

  • A. Add the bucket name to the AllowedBuckets section of the CodeBuild project settings. Update the build spec to use the AWS CLI to download the database population script.
  • B. Modify the S3 bucket settings to enable HTTPS basic authentication and specify a token. Update the build spec to use cURL to pass the token and download the database population script.
  • C. Remove unauthenticated access from the S3 bucket with a bucket policy. Modify the service role for the CodeBuild project to include Amazon S3 access. Use the AWS CLI to download the database population script.
  • D. Remove unauthenticated access from the S3 bucket with a bucket policy. Use the AWS CLI to download the database population script using an IAM access key and a secret access key.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by adozoo at Nov. 26, 2022, 1:08 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
merki
2 years, 1 month ago
Selected Answer: C
Chatgpt said: C. The MOST secure solution to correct this issue would be to remove unauthenticated access from the S3 bucket with a bucket policy and use the AWS CLI to download the database population script using temporary security credentials obtained through an IAM role attached to the CodeBuild project. Option C partially addresses this by removing unauthenticated access from the S3 bucket and modifying the service role for the CodeBuild project to include Amazon S3 access. However, it does not address the need for secure access to the S3 bucket using temporary security credentials obtained through an IAM role attached to the CodeBuild project. Therefore, the correct answer is C with the addition of using temporary security credentials obtained through an IAM role attached to the CodeBuild project to access the S3 bucket.
upvoted 1 times
...
Netcom1999
2 years, 1 month ago
C Is the correct answer with this assessment you will get free access https://www.netcomlearning.com/en-us/assessment/36703/devops-engineering-aws.html?advid=1356
upvoted 1 times
...
easytoo
2 years, 1 month ago
C is the way.
upvoted 1 times
...
Bulti
2 years, 3 months ago
Selected Answer: C
C is correct. IAM role is a better practice than using IAM access key and secret access key.
upvoted 4 times
...
[Removed]
2 years, 4 months ago
D is the correct answer.Option C is also a secure way to correct the issue.However, using an IAM access key and secret access key in addition to modifying the service role for the CodeBuild project is a more secure way to ensure that the CodeBuild project has the necessary permissions to access the S3 bucket.
upvoted 1 times
...
Imstack
2 years, 4 months ago
CCCCCCCCCCCCCCCCCC
upvoted 1 times
...
Kapello10
2 years, 5 months ago
B is the correct answer
upvoted 1 times
...
SmileyCloud
2 years, 5 months ago
Selected Answer: C
C is correct. You need a role to access other AWS services. https://docs.aws.amazon.com/codebuild/latest/userguide/setting-up.html#setting-up-service-role
upvoted 4 times
...
adozoo
2 years, 5 months ago
Selected Answer: C
best practices
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago