Examice

Exam DOP-C02 All QuestionsBrowse all questions from this exam

Question 232

A company has deployed a new platform that runs on Amazon Elastic Kubernetes Service (Amazon EKS). The new platform hosts web applications that users frequently update. The application developers build the Docker images for the applications and deploy the Docker images manually to the platform.

The platform usage has increased to more than 500 users every day. Frequent updates, building the updated Docker images for the applications, and deploying the Docker images on the platform manually have all become difficult to manage.

The company needs to receive an Amazon Simple Notification Service (Amazon SNS) notification if Docker image scanning returns any HIGH or CRITICAL findings for operating system or programming language package vulnerabilities.

Which combination of steps will meet these requirements? (Choose two.)

Create an AWS CodeCommit repository to store the Dockerfile and Kubernetes deployment files. Create a pipeline in AWS CodePipeline. Use an Amazon S3 event to invoke the pipeline when a newer version of the Dockerfile is committed. Add a step to the pipeline to initiate the AWS CodeBuild project.

Create an AWS CodeCommit repository to store the Dockerfile and Kubernetes deployment files. Create a pipeline in AWS CodePipeline. Use an Amazon EventBridge event to invoke the pipeline when a newer version of the Dockerfile is committed. Add a step to the pipeline to initiate the AWS CodeBuild project.

Create an AWS CodeBuild project that builds the Docker images and stores the Docker images in an Amazon Elastic Container Registry (Amazon ECR) repository. Turn on basic scanning for the ECR repository. Create an Amazon EventBridge rule that monitors Amazon GuardDuty events. Configure the EventBridge rule to send an event to an SNS topic when the finding-severity-counts parameter is more than 0 at a CRITICAL or HIGH level.

Create an AWS CodeBuild project that builds the Docker images and stores the Docker images in an Amazon Elastic Container Registry (Amazon ECR) repository. Turn on enhanced scanning for the ECR repository. Create an Amazon EventBridge rule that monitors ECR image scan events. Configure the EventBridge rule to send an event to an SNS topic when the finding-severity-counts parameter is more than 0 at a CRITICAL or HIGH level.

Create an AWS CodeBuild project that scans the Dockerfile. Configure the project to build the Docker images and store the Docker images in an Amazon Elastic Container Registry (Amazon ECR) repository if the scan is successful. Configure an SNS topic to provide notification if the scan returns any vulnerabilities.

Correct Answer: B, D

To address the requirements, two key steps are needed: setting up a CI/CD pipeline and ensuring that Docker images are scanned and vulnerabilities are reported. First, creating an AWS CodeCommit repository to store the Dockerfile and Kubernetes deployment files, and using a pipeline in AWS CodePipeline that is triggered by an Amazon EventBridge event when a newer version is committed, ensures continuous integration and deployment. Second, creating an AWS CodeBuild project to build Docker images and store them in Amazon ECR, turning on enhanced scanning for detailed vulnerability reports, and using an EventBridge rule to monitor scan events and trigger notifications via SNS for HIGH or CRITICAL vulnerability findings, ensures that the Docker images are consistently scanned and any critical issues are promptly reported.

Discussion

tgv

---> BD

trungtdOptions: BD

B sets up a CI/CD pipeline with AWS CodePipeline triggered by changes in the AWS CodeCommit repository. Using Amazon EventBridge ensures that the pipeline is invoked whenever there is a new commit, automating the build and deployment process. D ensures that Docker images are built and pushed to ECR, where enhanced scanning is enabled. Enhanced scanning provides detailed vulnerability information. An EventBridge rule is configured to monitor scan events and trigger notifications via SNS when HIGH or CRITICAL vulnerabilities are found.

inturistOptions: BD

Agree with B,D

tgv

--> B D