New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon DOP-C02 Exam - Topic 8 Question 12 Discussion

Actual exam question for Amazon's DOP-C02 exam
Question #: 12
Topic #: 8
[All DOP-C02 Questions]

A company runs its container workloads in AWS App Runner. A DevOps engineer manages the company's container repository in Amazon Elastic Container Registry (Amazon ECR).

The DevOps engineer must implement a solution that continuously monitors the container repository. The solution must create a new container image when the solution detects an operating system vulnerability or language package vulnerability.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: A

The solution that meets the requirements is to use EC2 Image Builder to create a container image pipeline, use Amazon ECR as the target repository, turn on enhanced scanning on the ECR repository, create an Amazon EventBridge rule to capture an Inspector2 finding event, and use the event to invoke the image pipeline. Re-upload the container to the repository.

This solution will continuously monitor the container repository for vulnerabilities using enhanced scanning, which is a feature of Amazon ECR that provides detailed information and guidance on how to fix security issues found in your container images. Enhanced scanning uses Inspector2, a security assessment service that integrates with Amazon ECR and generates findings for any vulnerabilities detected in your images. You can use Amazon EventBridge to create a rule that triggers an action when an Inspector2 finding event occurs. The action can be to invoke an EC2 Image Builder pipeline, which is a service that automates the creation of container images. The pipeline can use the latest patches and updates to build a new container image and upload it to the same ECR repository, replacing the vulnerable image.

The other options are not correct because they do not meet all the requirements or use services that are not relevant for the scenario.

Option B is not correct because it uses Amazon GuardDuty Malware Protection, which is a feature of GuardDuty that detects malicious activity and unauthorized behavior on your AWS accounts and resources. GuardDuty does not scan container images for vulnerabilities, nor does it integrate with Amazon ECR or EC2 Image Builder.

Option C is not correct because it uses basic scanning on the ECR repository, which only provides a summary of the vulnerabilities found in your container images. Basic scanning does not use Inspector2 or generate findings that can be captured by Amazon EventBridge. Moreover, basic scanning does not provide guidance on how to fix the vulnerabilities.

Option D is not correct because it uses AWS Systems Manager Compliance, which is a feature of Systems Manager that helps you monitor and manage the compliance status of your AWS resources based on AWS Config rules and AWS Security Hub standards. Systems Manager Compliance does not scan container images for vulnerabilities, nor does it integrate with Amazon ECR or EC2 Image Builder.


by Kasandra at Oct 03, 2023, 06:14 AM

Limited Time Offer

25%

Off

Get Premium DOP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Rolf
3 months ago
Not sure about D, seems a bit overcomplicated for this task.
upvoted 0 times
...
Walker
3 months ago
A is definitely the way to go for continuous monitoring.
upvoted 0 times
...
Carla
3 months ago
Wait, can EC2 Image Builder really handle all that?
upvoted 0 times
...
Shad
4 months ago
I think B is better since GuardDuty adds extra security.
upvoted 0 times
...
Claribel
4 months ago
Option A sounds solid with enhanced scanning and Inspector2!
upvoted 0 times
...
Daron
4 months ago
I feel like option C might be too basic with just basic scanning, but I can't remember if CodeBuild is the right tool for this kind of automation.
upvoted 0 times
...
Gilberto
4 months ago
I practiced a similar question where we had to set up EventBridge rules, but I’m uncertain if using GuardDuty in option B is the right approach for this scenario.
upvoted 0 times
...
Slyvia
4 months ago
I think option A sounds familiar because it mentions Inspector2, but I can't recall if that's the best way to handle both OS and language package vulnerabilities.
upvoted 0 times
...
Henriette
5 months ago
I remember we discussed using EC2 Image Builder for creating container images, but I'm not sure if enhanced scanning is enough for vulnerabilities.
upvoted 0 times
...
Laurel
5 months ago
This question is testing our understanding of container security and CI/CD processes. I feel pretty confident I can work through this step-by-step.
upvoted 0 times
...
Timmy
5 months ago
I'm not too familiar with EC2 Image Builder, so I'll need to do some research on that service before I can confidently choose an answer.
upvoted 0 times
...
Holley
5 months ago
Okay, the key here is to set up continuous monitoring and triggering a new image build when vulnerabilities are detected. I think option A looks the most comprehensive.
upvoted 0 times
...
Shaun
5 months ago
Hmm, I'm a bit confused about the different scanning options and how they fit into the solution. I'll need to review that part carefully.
upvoted 0 times
...
Rossana
5 months ago
This looks like a pretty straightforward question. I think I can handle this one.
upvoted 0 times
...
Laura
5 months ago
I'm a little confused by this question. Is the "security system administrator" a standard role, or is that something specific to this organization? I'll have to make an educated guess on this one.
upvoted 0 times
...
Marylyn
5 months ago
Hmm, I'm a bit confused by the reference to the OSI model layers. I'll need to review my understanding of how firewalls operate at different layers.
upvoted 0 times
...
Merissa
5 months ago
This one seems pretty straightforward. I'd go with Languages and Skills as the two most relevant attributes to ensure interactions are routed to the most qualified agent.
upvoted 0 times
...

Save Cancel