ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 86 - DOP-C02 discussion

Report
Export

A DevOps engineer is working on a project that is hosted on Amazon Linux and has failed a security review. The DevOps manager has been asked to review the company buildspec. yaml die for an AWS CodeBuild project and provide recommendations. The buildspec. yaml file is configured as follows:

What changes should be recommended to comply with AWS security best practices? (Select THREE.)

A.
Add a post-build command to remove the temporary files from the container before termination to ensure they cannot be seen by other CodeBuild users.
Answers
A.
Add a post-build command to remove the temporary files from the container before termination to ensure they cannot be seen by other CodeBuild users.
B.
Update the CodeBuild project role with the necessary permissions and then remove the AWS credentials from the environment variable.
Answers
B.
Update the CodeBuild project role with the necessary permissions and then remove the AWS credentials from the environment variable.
C.
Store the db_password as a SecureString value in AWS Systems Manager Parameter Store and then remove the db_password from the environment variables.
Answers
C.
Store the db_password as a SecureString value in AWS Systems Manager Parameter Store and then remove the db_password from the environment variables.
D.
Move the environment variables to the 'db.-deploy-bucket 'Amazon S3 bucket, add a prebuild stage to download then export the variables.
Answers
D.
Move the environment variables to the 'db.-deploy-bucket 'Amazon S3 bucket, add a prebuild stage to download then export the variables.
E.
Use AWS Systems Manager run command versus sec and ssh commands directly to the instance.
Answers
E.
Use AWS Systems Manager run command versus sec and ssh commands directly to the instance.
Suggested answer: B, C, E

Explanation:

B) Update the CodeBuild project role with the necessary permissions and then remove the AWS credentials from the environment variable. C. Store the DB_PASSWORD as a SecureString value in AWS Systems Manager Parameter Store and then remove the DB_PASSWORD from the environment variables. E. Use AWS Systems Manager run command versus scp and ssh commands directly to the instance.

asked 16/09/2024
Tshimangadzo Mbulawa
35 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first