ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer - Associate DVA-C02 All Questions

View all questions & answers for the AWS Certified Developer - Associate DVA-C02 exam
Go to Exam

Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 57 discussion

Exam question from Amazon's AWS Certified Developer - Associate DVA-C02
Question #: 57
Topic #: 1
[All AWS Certified Developer - Associate DVA-C02 Questions]

A company needs to harden its container images before the images are in a running state. The company's application uses Amazon Elastic Container Registry (Amazon ECR) as an image registry. Amazon Elastic Kubernetes Service (Amazon EKS) for compute, and an AWS CodePipeline pipeline that orchestrates a continuous integration and continuous delivery (CI/CD) workflow.
Dynamic application security testing occurs in the final stage of the pipeline after a new image is deployed to a development namespace in the EKS cluster. A developer needs to place an analysis stage before this deployment to analyze the container image earlier in the CI/CD pipeline.
Which solution will meet these requirements with the MOST operational efficiency?

  • A. Build the container image and run the docker scan command locally. Mitigate any findings before pushing changes to the source code repository. Write a pre-commit hook that enforces the use of this workflow before commit.
  • B. Create a new CodePipeline stage that occurs after the container image is built. Configure ECR basic image scanning to scan on image push. Use an AWS Lambda function as the action provider. Configure the Lambda function to check the scan results and to fail the pipeline if there are findings.
  • C. Create a new CodePipeline stage that occurs after source code has been retrieved from its repository. Run a security scanner on the latest revision of the source code. Fail the pipeline if there are findings.
  • D. Add an action to the deployment stage of the pipeline so that the action occurs before the deployment to the EKS cluster. Configure ECR basic image scanning to scan on image push. Use an AWS Lambda function as the action provider. Configure the Lambda function to check the scan results and to fail the pipeline if there are findings.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Untamables at March 27, 2023, 12:59 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Untamables
Highly Voted 1 year, 7 months ago
Selected Answer: B
B https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning-basic.html The below blog post refers to the solution using Amazon Inspector and ECS, but the architecture is almost same as required in this scenario. The built in image scanning in Amazon ECR provides a simpler solution. https://aws.amazon.com/blogs/security/use-amazon-inspector-to-manage-your-build-and-deploy-pipelines-for-containerized-applications/
upvoted 18 times
...
love777
Highly Voted 1 year, 2 months ago
Selected Answer: B
This approach integrates security scanning directly into the CI/CD pipeline and leverages AWS services for image scanning. Here's how it works: A new CodePipeline stage is added after the container image is built, but before it's pushed to Amazon ECR. ECR basic image scanning is configured to scan the image automatically upon push. This ensures that security scanning is part of the process. An AWS Lambda function is used as an action provider in the pipeline. This Lambda function can be configured to analyze the scan results of the image. If the Lambda function detects any security findings in the scan results, it can fail the pipeline, preventing the deployment of images with security vulnerabilities.
upvoted 10 times
...
sumanshu
Most Recent 4 months ago
Selected Answer: B
C) Eliminated - Scanning the source code directly does not analyze vulnerabilities specific to the container image D) Eliminated - Adding the scan at the deployment stage is too late in the pipeline. It defeats the purpose of early detection and could allow vulnerable images to proceed further in the pipeline before being flagged
upvoted 2 times
...
trieudo
4 months, 2 weeks ago
Selected Answer: B
B vs D: B: scan before pushing ECR (after the container image is built) D: scan after pushing ECR (before the deployment to the EKS cluster)
upvoted 1 times
...
65703c1
5 months, 1 week ago
Selected Answer: B
B is the correct answer.
upvoted 1 times
...
ninomfr64
1 year, 2 months ago
Selected Answer: B
B as per https://docs.aws.amazon.com/amplify/latest/userguide/running-tests.html You can run end-to-end (E2E) tests in the test phase of your Amplify app to catch regressions before pushing code to production. The test phase can be configured in the build specification YAML. Currently, you can run only the Cypress testing framework during a build. build specification is provided in the amplify.yml file
upvoted 2 times
...
imvb88
1 year, 5 months ago
Selected Answer: D
So it narrows down to option B and D which using ECR basic image scanning. B: create a stage D: add an action to the existing stage I'd go with D since executing an additional action will be faster than executing a whole stage.
upvoted 5 times
Toby_S
1 year, 4 months ago
The question states "A developer needs to place an analysis stage" therefore I'd go with B.
upvoted 4 times
...
...
Rpod
1 year, 6 months ago
Selected Answer: D
Chat GPT says D
upvoted 3 times
Umman
1 year, 3 months ago
ChatGPT says option B
upvoted 1 times
...
...
MrTee
1 year, 6 months ago
Selected Answer: B
The developer should choose option B. Create a new CodePipeline stage that occurs after the container image is built. Configure ECR basic image scanning to scan on image push. Use an AWS Lambda function as the action provider. Configure the Lambda function to check the scan results and to fail the pipeline if there are findings. This will allow the developer to place an analysis stage before deployment to analyze the container image earlier in the CI/CD pipeline with the most operational efficiency. CHATGPT
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago