Amazon DOP-C02 Exam - Topic 1 Question 2 Discussion

Actual exam question for Amazon's DOP-C02 exam

Question #: 2
Topic #: 1

A company is using an AWS CodeBuild project to build and package an application. The packages are copied to a shared Amazon S3 bucket before being deployed across multiple AWS accounts.

The buildspec.yml file contains the following:

The DevOps engineer has noticed that anybody with an AWS account is able to download the artifacts.

What steps should the DevOps engineer take to stop this?

AModify the post_build command to use --acl public-read and configure a bucket policy that grants read access to the relevant AWS accounts only.

BConfigure a default ACL for the S3 bucket that defines the set of authenticated users as the relevant AWS accounts only and grants read-only access.

CCreate an S3 bucket policy that grants read access to the relevant AWS accounts and denies read access to the principal ''*''.

DModify the post_build command to remove --acl authenticated-read and configure a bucket policy that allows read access to the relevant AWS accounts only.

Show Suggested Answer

Suggested Answer: D

by Lenna at Apr 25, 2023, 04:02 AM

Limited Time Offer

25%

Off

Get Premium DOP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Emeline

4 months ago

I disagree, modifying the post_build command is unnecessary.

upvoted 0 times

...

Ashleigh

4 months ago

Option B sounds too complicated for just read access.

upvoted 0 times

...

Dylan

4 months ago

Wait, anyone can download them? That's a huge security risk!

upvoted 0 times

...

Margery

5 months ago

I think option C is the best choice here!

upvoted 0 times

...

Vashti

5 months ago

Just set a bucket policy to restrict access.

upvoted 0 times

...

Andra

5 months ago

I recall that allowing access to specific AWS accounts is crucial, so option C makes sense, but I wonder if the bucket policy alone would be enough without adjusting the ACL.

upvoted 0 times

...

Hubert

5 months ago

I practiced a similar question where we had to manage S3 permissions, and I think option B could be a good approach too, but I'm not confident about the default ACL part.

upvoted 0 times

...

Vanda

5 months ago

I'm not entirely sure, but I feel like modifying the post_build command in option D could also work. It seems like a good way to restrict access.

upvoted 0 times

...

Mari

5 months ago

I remember studying S3 bucket policies, and I think option C might be the right choice since it explicitly denies access to everyone else.

upvoted 0 times

...

Hana

5 months ago

Okay, I've got this. A usage record tracks the sum of usage for a selected data period, so the answer is A.

upvoted 0 times

...

This seems like a straightforward question about the purpose of information classification. I'll focus on understanding the key concepts like applying labels and structuring data based on sensitivity.

upvoted 0 times

...

Myrtie

5 months ago

I'm a little confused by all the options here. I'll probably start with the Control Panel and see if I can find the System settings, as that seems like the most direct approach.

upvoted 0 times

...

Amazon DOP-C02 Exam - Topic 1 Question 2 Discussion

Contribute your Thoughts:

Emeline

Ashleigh

Dylan

Margery

Vashti

Andra

Hubert

Vanda

Mari

Hana

Tanja

Myrtie