Multiple Choice
A company is deploying a container-based application using AWS CodeBuild. The Security team mandates that all containers are scanned for vulnerabilities prior to deployment using a password-protected endpoint. All sensitive information must be stored securely. Which solution should be used to meet these requirements?
A) Encrypt the password using AWS KMS. Store the encrypted password in the buildspec.yml file as an environment variable under the variables mapping. Reference the environment variable to initiate scanning.
B) Import the password into an AWS CloudHSM key. Reference the CloudHSM key in the buildpec.yml file as an environment variable under the variables mapping. Reference the environment variable to initiate scanning.
C) Store the password in the AWS Systems Manager Parameter Store as a secure string. Add the Parameter Store key to the buildspec.yml file as an environment variable under the parameter-store mapping. Reference the environment variable to initiate scanning.
D) Use the AWS Encryption SDK to encrypt the password and embed in the buildspec.yml file as a variable under the secrets mapping. Attach a policy to CodeBuild to enable access to the required decryption key.
Correct Answer:
Verified
Correct Answer:
Verified
Q548: When writing custom Ansible modules, which language
Q549: A company's web application will be migrated
Q550: You are using AWS Elastic Beanstalk to
Q551: The Deployment team has grown substantially in
Q552: In which Docker Swarm model does the
Q554: For auditing, analytics, and troubleshooting purposes, a
Q555: Your development team wants account-level access to
Q556: A DevOps Engineer is building a continuous
Q557: Which of the following Dockerfile commands cannot
Q558: Which of these is not a reason