Multiple Choice
A DevOps Engineer is working on a project that is hosted on Amazon Linux and has failed a security review. The DevOps Manager has been asked to review the company buildspec.yaml file for an AWS CodeBuild project and provide recommendations. The buildspec.yaml file is configured as follows: 
What changes should be recommended to comply with AWS security best practices? (Choose three.)
A) Add a post-build command to remove the temporary files from the container before termination to ensure they cannot be seen by other CodeBuild users.
B) Update the CodeBuild project role with the necessary permissions and then remove the AWS credentials from the environment variable.
C) Store the DB_PASSWORD as a SecureString value in AWS Systems Manager Parameter Store and then remove the DB_PASSWORD from the environment variables.
D) Move the environment variables to the 'db-deploy-bucket' Amazon S3 bucket, add a prebuild stage to download, then export the variables.
E) Use AWS Systems Manager run command versus scp and ssh commands directly to the instance.
F) Scramble the environment variables using XOR followed by Base64, add a section to install, and then run XOR and Base64 to the build phase.
Correct Answer:
Verified
Correct Answer:
Verified
Q507: A DevOps Engineer has been asked to
Q508: You need to create a Route53 record
Q509: The Development team has grown substantially in
Q510: A DevOps engineer is assisting with a
Q511: A web application is being actively developed
Q513: A media customer has several thousand amazon
Q514: A company is using AWS Organizations to
Q515: A company is building a solution for
Q516: A company has developed an AWS Lambda
Q517: A Security team is concerned that a