Examice

Exam DOP-C02 All QuestionsBrowse all questions from this exam

Question 264

A company has set up AWS CodeArtifact repositories with public upstream repositories. The company's development team consumes open source dependencies from the repositories in the company's internal network.

The company's security team recently discovered a critical vulnerability in the most recent version of a package that the development team consumes. The security team has produced a patched version to fix the vulnerability. The company needs to prevent the vulnerable version from being downloaded. The company also needs to allow the security team to publish the patched version.

Which combination of steps will meet these requirements? (Choose two.)

Update the status of the affected CodeArtifact package version to unlisted.

Update the status of the affected CodeArtifact package version to deleted.

Update the status of the affected CodeArtifact package version to archived.

Update the CodeArtifact package origin control settings to allow direct publishing and to block upstream operations.

Update the CodeArtifact package origin control settings to block direct publishing and to allow upstream operations.

Correct Answer: C, D

To meet the requirements, the company needs to prevent downloading the vulnerable package version and allow the security team to publish the patched version. Updating the status of the affected CodeArtifact package version to archived will block it from being downloaded. Updating the CodeArtifact package origin control settings to allow direct publishing and block upstream operations will allow the security team to publish the patched version directly while preventing the vulnerable version from being pulled from the upstream repository.

Discussion

WeninkaOptions: CD

I had this question in my exam and checking what was the correct option for the package version led me here. C - archived seems to be the right one. A - unlisted will only remove the package version from the list of versions returned to package managers, but it WILL NOT prevent the download. B - deleted - it's not a valid package version status (https://docs.aws.amazon.com/codeartifact/latest/ug/packages-overview.html#package-version-status) C - archived - will block the package version download. D - Allow direct publishing will give the internal team permissions to upload the new version of the package E - block direct publishing means the package version are updated from external (public) repos More on the packages origin control settings here: https://docs.aws.amazon.com/codeartifact/latest/ug/package-origin-controls.html

tgvOptions: BD

---> BD

trungtdOptions: BD

By allowing direct publishing, the security team can publish the patched version directly to the CodeArtifact repository. Blocking upstream operations ensures that only the patched version is available and prevents the vulnerable version from being pulled from the upstream repository.

inturistOptions: BD

-----> B,D

siheomOptions: BD

VOTE B,D

getadroit

BE https://aws.amazon.com/blogs/devops/tighten-your-package-security-with-codeartifact-package-origin-control-toolkit/