exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 71 discussion

A company uses AWS Signer with all of the company's AWS Lambda functions. A developer recently stopped working for the company. The company wants to ensure that all the code that the developer wrote can no longer be deployed to the Lambda functions.

Which solution will meet this requirement?

  • A. Revoke all versions of the signing profile assigned to the developer.
  • B. Examine the developer's IAM roles. Remove all permissions that grant access to Signer.
  • C. Re-encrypt all source code with a new AWS Key Management Service (AWS KMS) key.
  • D. Use Amazon CodeGuru to profile all the code that the Lambda functions use.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
IPLogic
1 day, 16 hours ago
Selected Answer: A
Option B, which involves examining the developer's IAM roles and removing all permissions that grant access to AWS Signer, is not as effective as revoking the signing profile. While removing IAM permissions can prevent the developer from accessing AWS Signer in the future, it does not invalidate the signatures that have already been created using the developer's signing profile. This means that any code signed by the developer before their permissions were revoked could still be deployed to the Lambda functions. Revoking all versions of the signing profile assigned to the developer ensures that any signatures generated by that profile are no longer valid, effectively preventing the deployment of the developer's cod
upvoted 1 times
...
rahav
11 months, 2 weeks ago
Selected Answer: A
https://docs.aws.amazon.com/signer/latest/developerguide/revocation.html
upvoted 1 times
...
vincentsr7
11 months, 3 weeks ago
The privilege has to be removed from signer , for this option b is the right answer
upvoted 1 times
helloworldabc
2 months, 2 weeks ago
just A
upvoted 1 times
...
...
vincentsr7
11 months, 3 weeks ago
Option A suggests revoking all versions of the signing profile assigned to the developer, but this is not the most effective solution for preventing the developer from deploying code to Lambda functions. Signing profiles primarily deal with the integrity and authenticity of code, rather than controlling the ability to deploy code
upvoted 1 times
...
kejam
1 year ago
Selected Answer: A
Answer A New URL: https://docs.aws.amazon.com/signer/latest/developerguide/revocation.html
upvoted 3 times
...
lmimi
1 year ago
A Refer to https://docs.aws.amazon.com/signer/latest/developerguide/revoking.html https://docs.aws.amazon.com/signer/latest/developerguide/revoking.html
upvoted 3 times
...
AgboolaKun
1 year ago
Selected Answer: A
A is the correct answer. Revoke the developer signing profile - https://docs.aws.amazon.com/signer/latest/developerguide/revocation.html
upvoted 2 times
...
[Removed]
1 year ago
Selected Answer: A
A will handle prevention
upvoted 2 times
...
oioi
1 year ago
Selected Answer: B
correct
upvoted 1 times
Aamee
1 year ago
Source pls?
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...