Amazon Exam DOP-C01 Topic 18 Question 73 Discussion

Actual exam question for Amazon's DOP-C01 exam

Question #: 73
Topic #: 18

A DevOps Engineer is working on a project that is hosted on Amazon Linux and has failed a security review. The DevOps Manager has been asked to review the company buildspec.yaml file for an AWS CodeBuild project and provide recommendations. The buildspec.yaml file is configured as follows: What changes should be recommended to comply with AWS security best practices? (Select THREE.)

AAdd a post-build command to remove the temporary files from the container before termination to ensure they cannot be seen by other CodeBuild users.

BUpdate the CodeBuild project role with the necessary permissions and then remove the AWS credentials from the environment variable.

CStore the DB_PASSWORD as a SecureString value in AWS Systems Manager Parameter Store and then remove the DB_PASSWORD from the environment variables.

DMove the environment variables to the 'db-deploy-bucket' Amazon S3 bucket, add a prebuild stage to download, then export the variables.

EUse AWS Systems Manager run command versus scp and ssh commands directly to the instance.

FScramble the environment variables using XOR followed by Base64, add a section to install, and then run XOR and Base64 to the build phase.

Show Suggested Answer

Suggested Answer: B

by Goldie at Mar 31, 2023, 11:56 PM

Limited Time Offer

25%

Off

Get Premium DOP-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!