Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon DOP-C02 Exam - Topic 1 Question 2 Discussion

A company is using an AWS CodeBuild project to build and package an application. The packages are copied to a shared Amazon S3 bucket before being deployed across multiple AWS accounts.The buildspec.yml file contains the following:The DevOps engineer has noticed that anybody with an AWS account is able to download the artifacts.What steps should the DevOps engineer take to stop this?
D) Modify the post_build command to remove --acl authenticated-read and configure a bucket policy that allows read access to the relevant AWS accounts only.
A) Modify the post_build command to use --acl public-read and configure a bucket policy that grants read access to the relevant AWS accounts only.
B) Configure a default ACL for the S3 bucket that defines the set of authenticated users as the relevant AWS accounts only and grants read-only access.
C) Create an S3 bucket policy that grants read access to the relevant AWS accounts and denies read access to the principal ''*''.

Amazon DOP-C02 Exam - Topic 1 Question 2 Discussion

Actual exam question for Amazon's DOP-C02 exam
Question #: 2
Topic #: 1
[All DOP-C02 Questions]

A company is using an AWS CodeBuild project to build and package an application. The packages are copied to a shared Amazon S3 bucket before being deployed across multiple AWS accounts.

The buildspec.yml file contains the following:

The DevOps engineer has noticed that anybody with an AWS account is able to download the artifacts.

What steps should the DevOps engineer take to stop this?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Lenna at Apr 25, 2023, 04:02 AM

Limited Time Offer

25%

Off

Get Premium DOP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Emeline
7 months ago
I disagree, modifying the post_build command is unnecessary.
upvoted 0 times
...
Ashleigh
7 months ago
Option B sounds too complicated for just read access.
upvoted 0 times
...
Dylan
7 months ago
Wait, anyone can download them? That's a huge security risk!
upvoted 0 times
...
Margery
8 months ago
I think option C is the best choice here!
upvoted 0 times
...
Vashti
8 months ago
Just set a bucket policy to restrict access.
upvoted 0 times
...
Andra
8 months ago
I recall that allowing access to specific AWS accounts is crucial, so option C makes sense, but I wonder if the bucket policy alone would be enough without adjusting the ACL.
upvoted 0 times
...
Hubert
8 months ago
I practiced a similar question where we had to manage S3 permissions, and I think option B could be a good approach too, but I'm not confident about the default ACL part.
upvoted 0 times
...
Vanda
8 months ago
I'm not entirely sure, but I feel like modifying the post_build command in option D could also work. It seems like a good way to restrict access.
upvoted 0 times
...
Mari
8 months ago
I remember studying S3 bucket policies, and I think option C might be the right choice since it explicitly denies access to everyone else.
upvoted 0 times
...
Hana
8 months ago
Okay, I've got this. A usage record tracks the sum of usage for a selected data period, so the answer is A.
upvoted 0 times
...
Tanja
8 months ago
This seems like a straightforward question about the purpose of information classification. I'll focus on understanding the key concepts like applying labels and structuring data based on sensitivity.
upvoted 0 times
...
Myrtie
8 months ago
I'm a little confused by all the options here. I'll probably start with the Control Panel and see if I can find the System settings, as that seems like the most direct approach.
upvoted 0 times
...

Save Cancel