Amazon DOP-C02 Exam - Topic 5 Question 37 Discussion

Actual exam question for Amazon's DOP-C02 exam

Question #: 37
Topic #: 5

A company has deployed a new platform that runs on Amazon Elastic Kubernetes Service (Amazon EKS). The new platform hosts web applications that users frequently update. The application developers build the Docker images for the applications and deploy the Docker images manually to the platform.

The platform usage has increased to more than 500 users every day. Frequent updates, building the updated Docker images for the applications, and deploying the Docker images on the platform manually have all become difficult to manage.

The company needs to receive an Amazon Simple Notification Service (Amazon SNS) notification if Docker image scanning returns any HIGH or CRITICAL findings for operating system or programming language package vulnerabilities.

Which combination of steps will meet these requirements? (Select TWO.)

ACreate an AWS CodeCommit repository to store the Dockerfile and Kubernetes deployment files. Create a pipeline in AWS CodePipeline. Use an Amazon S3 event to invoke the pipeline when a newer version of the Dockerfile is committed. Add a stop to the pipeline to initiate the AWS CodeBuild project.

BCreate an AWS CodeCommit repository to store the Dockerfile and Kubernetes deployment files. Create a pipeline in AWS CodePipeline. Use an Amazon EvenlBridge event to invoke the pipeline when a newer version of the Dockerfile is committed. Add a step to the pipeline to initiate the AWS CodeBuild project.

CCreate an AWS CodeBuild project that builds the Docker images and stores the Docker images in an Amazon Elastic Container Registry (Amazon ECR) repository. Turn on basic scanning for the ECR repository. Create an Amazon EventBridge rule that monitors Amazon GuardDuty events. Configure the EventBridge rule to send an event to an SNS topic when the finding-severity-counts parameter is more than 0 at a CRITICAL or HIGH level.

DCreate an AWS CodeBuild project that builds the Docker images and stores the Docker images in an Amazon Elastic Container Registry (Amazon ECR) repository. Turn on enhanced scanning for the ECR repository. Create an Amazon EventBridge rule that monitors ECR image scan events. Configure the EventBridge rule to send an event to an SNS topic when the finding-severity-counts parameter is more than 0 at a CRITICAL or HIGH level.

ECreate an AWS CodeBuild project that scans the Dockerfile. Configure the project to build the Docker images and store the Docker images in an Amazon Elastic Container Registry (Amazon ECR) repository if the scan is successful. Configure an SNS topic to provide notification if the scan returns any vulnerabilities.
* Step 1: Automate Docker Image Deployment using AWS CodePipeline
The first challenge is the manual process of building and deploying Docker images. To address this, you can use AWS CodePipeline to automate the process. AWS CodePipeline integrates with CodeCommit (for source code and Dockerfile storage) and CodeBuild (to build Docker images and store them in Amazon Elastic Container Registry (ECR)).
Action: Create an AWS CodeCommit repository to store the Dockerfile and Kubernetes deployment files. Then, create a pipeline in AWS CodePipeline that triggers on new commits via an Amazon EventBridge event.
Why: This automation significantly reduces the manual effort of building and deploying Docker images when updates are made to the codebase.

Show Suggested Answer

Suggested Answer: B, D

This corresponds to Option B: Create an AWS CodeCommit repository to store the Dockerfile and Kubernetes deployment files. Create a pipeline in AWS CodePipeline. Use an Amazon EventBridge event to invoke the pipeline when a newer version of the Dockerfile is committed. Add a step to the pipeline to initiate the AWS CodeBuild project.

* Step 2: Enabling Enhanced Scanning on Amazon ECR and Monitoring Vulnerabilities To scan for vulnerabilities in Docker images, Amazon ECR provides both basic and enhanced scanning options. Enhanced scanning offers deeper and more frequent scans, and integrates with Amazon EventBridge to send notifications based on findings.

Action: Turn on enhanced scanning for the Amazon ECR repository where the Docker images are stored. Use Amazon EventBridge to monitor image scan events and trigger an Amazon SNS notification if any HIGH or CRITICAL vulnerabilities are found.

Why: Enhanced scanning provides a detailed analysis of operating system and programming language package vulnerabilities, which can trigger notifications in real-time.

This corresponds to Option D: Create an AWS CodeBuild project that builds the Docker images and stores the Docker images in an Amazon Elastic Container Registry (Amazon ECR) repository. Turn on enhanced scanning for the ECR repository. Create an Amazon EventBridge rule that monitors ECR image scan events. Configure the EventBridge rule to send an event to an SNS topic when the finding-severity-counts parameter is more than 0 at a CRITICAL or HIGH level.

by Noel at Sep 13, 2024, 08:13 PM

Limited Time Offer

25%

Off

Get Premium DOP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Gerardo

3 months ago

A little confused about the EventBridge choice in B vs. A.

upvoted 0 times

...

Matt

3 months ago

Totally agree with D, enhanced scanning is a must!

upvoted 0 times

...

Dannie

3 months ago

Wait, can ECR really handle that level of scanning?

upvoted 0 times

...

Hillary

4 months ago

I think B is better for triggering the pipeline.

upvoted 0 times

...

Olive

4 months ago

Option D seems solid for scanning and notifications.

upvoted 0 times

...

Talia

4 months ago

I recall that we need to ensure the Docker images are stored in ECR, but I'm not clear if we should use basic or enhanced scanning for the vulnerabilities.

upvoted 0 times

...

Shaunna

4 months ago

I feel like option D sounds right because it mentions enhanced scanning, but I'm a bit confused about how the EventBridge rule works with SNS notifications.

upvoted 0 times

...

Blair

4 months ago

I think we practiced a similar question where we had to set up notifications for vulnerabilities, and I believe using EventBridge with ECR scanning was part of the solution.

upvoted 0 times

...

Naomi

5 months ago

I remember we discussed using AWS CodePipeline to automate the deployment process, but I'm not sure if it should be triggered by S3 events or EventBridge.

upvoted 0 times

...

Louis

5 months ago

This seems straightforward enough. I think the key is to focus on automating the Docker image build and deployment process, and then setting up the vulnerability scanning and notification system. Options A and D look like they would work well together to meet all the requirements.

upvoted 0 times

...

Whitney

5 months ago

I'm a bit confused by the different options. Do I need to do both the CodePipeline setup and the ECR scanning, or can I just choose one? I want to make sure I select the most efficient and effective solution.

upvoted 0 times

...

Armando

5 months ago

Okay, I've got a plan. First, I'll set up the CodeCommit repository and CodePipeline to automate the Docker image build and deployment. Then, I'll add the enhanced scanning for the ECR repository and the EventBridge rule to send notifications for high or critical vulnerabilities. That should cover all the bases.

upvoted 0 times

...

Bettina

5 months ago

Hmm, this is a tricky one. There are a few different options presented, and I'm not sure which combination is the best. I'll need to carefully read through each step and think about how they address the requirements.

upvoted 0 times

...

Chantay

5 months ago

This question seems straightforward. I think I can approach it by focusing on the key requirements - automating the Docker image build and deployment process, and setting up notifications for vulnerabilities.

upvoted 0 times

...

Oretha

5 months ago

Hmm, I'm a bit unsure about this one. The question mentions the CRM can only be accessed on the corporate network, so I'm not sure if a proxy or VPN would be the best solution. I'll need to think this through carefully.

upvoted 0 times

...

Flo

1 year ago

The combination of CodeCommit, CodePipeline, and CodeBuild looks like a solid solution to address the requirements. Automating the entire process is the way to go.

upvoted 0 times

Lenita

1 year ago

The combination of CodeCommit, CodePipeline, and CodeBuild looks like a solid solution to address the requirements. Automating the entire process is the way to go.

upvoted 0 times

...

Shayne

1 year ago

E) Create an AWS CodeBuild project that scans the Dockerfile. Configure the project to build the Docker images and store the Docker images in an Amazon Elastic Container Registry (Amazon ECR) repository if the scan is successful. Configure an SNS topic to provide notification if the scan returns any vulnerabilities.

upvoted 0 times

...

Brynn

1 year ago

C) Create an AWS CodeBuild project that builds the Docker images and stores the Docker images in an Amazon Elastic Container Registry (Amazon ECR) repository. Turn on basic scanning for the ECR repository. Create an Amazon EventBridge rule that monitors Amazon GuardDuty events. Configure the EventBridge rule to send an event to an SNS topic when the finding-severity-counts parameter is more than 0 at a CRITICAL or HIGH level.

upvoted 0 times

...

Deonna

1 year ago

I prefer option C because it includes scanning for vulnerabilities and sending notifications through SNS.

upvoted 0 times

...

Dong

1 year ago

I agree with you, Carissa. Option A seems to address the challenge of manual deployment effectively.

upvoted 0 times

...

Carissa

1 year ago

I think option A is a good choice for automating the Docker image deployment process.

upvoted 0 times

...

Lovetta

1 year ago

Haha, I bet the developers are tired of manually building and deploying those Docker images. This automation is going to save them a lot of time and headaches.

upvoted 0 times

Corazon

1 year ago

A: Absolutely, it will save them a lot of time and effort in the long run.

upvoted 0 times

...

Kaycee

1 year ago

D: The automation will also ensure they get notified of any critical vulnerabilities in the Docker images.

upvoted 0 times

...

Rosendo

1 year ago

C: With over 500 users daily, manual updates would be a nightmare.

upvoted 0 times

...

Amalia

1 year ago

B: I agree, it's a smart move to use AWS CodePipeline for that.

upvoted 0 times

...

Skye

1 year ago

B: I agree, it's a smart move to use AWS CodePipeline for that.

upvoted 0 times

...

Pearlene

1 year ago

A: Yeah, automating the Docker image deployment process will definitely make their lives easier.

upvoted 0 times

...

Clarence

1 year ago

A: Yeah, automating the Docker image deployment process will definitely make their lives easier.

upvoted 0 times

...

Chaya

1 year ago

The enhanced scanning of Docker images in Amazon ECR and the EventBridge rule to trigger SNS notifications for critical or high vulnerabilities is a nice touch. This will help the team stay on top of security concerns.

upvoted 0 times

...

Daniela

1 year ago

I like the idea of automating the build and deployment of Docker images. This will definitely help the company manage the increased platform usage and frequent updates more efficiently.

upvoted 0 times

...

Myra

1 year ago

This looks like a great solution to streamline the Docker image deployment process. The use of AWS CodePipeline and EventBridge event triggers seems like a smart approach.

upvoted 0 times

Anglea

1 year ago

This looks like a great solution to streamline the Docker image deployment process. The use of AWS CodePipeline and EventBridge event triggers seems like a smart approach.

upvoted 0 times

...