Amazon Exam DOP-C02 Topic 1 Question 2 Discussion

Actual exam question for Amazon's DOP-C02 exam

Question #: 2
Topic #: 1

A company is using an AWS CodeBuild project to build and package an application. The packages are copied to a shared Amazon S3 bucket before being deployed across multiple AWS accounts.

The buildspec.yml file contains the following:

The DevOps engineer has noticed that anybody with an AWS account is able to download the artifacts.

What steps should the DevOps engineer take to stop this?

AModify the post_build command to use --acl public-read and configure a bucket policy that grants read access to the relevant AWS accounts only.

BConfigure a default ACL for the S3 bucket that defines the set of authenticated users as the relevant AWS accounts only and grants read-only access.

CCreate an S3 bucket policy that grants read access to the relevant AWS accounts and denies read access to the principal ''*''.

DModify the post_build command to remove --acl authenticated-read and configure a bucket policy that allows read access to the relevant AWS accounts only.

Show Suggested Answer

Suggested Answer: D

by Lenna at Apr 25, 2023, 04:02 AM

Limited Time Offer

25%

Off

Get Premium DOP-C02 Questions as Interactive Web-Based Practice Test or PDF

Comments

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!