exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 840 discussion

A company is running a containerized application in the AWS Cloud. The application is running by using Amazon Elastic Container Service (Amazon ECS) on a set of Amazon EC2 instances. The EC2 instances run in an Auto Scaling group.
The company uses Amazon Elastic Container Registry (Amazon ECR) to store its container images. When a new image version is uploaded, the new image version receives a unique tag.
The company needs a solution that inspects new image versions for common vulnerabilities and exposures. The solution must automatically delete new image tags that have Critical or High severity findings. The solution also must notify the development team when such a deletion occurs.
Which solution meets these requirements?

  • A. Configure scan on push on the repository. Use Amazon EventBridge (Amazon CloudWatch Events) to invoke an AWS Step Functions state machine when a scan is complete for images that have Critical or High severity findings. Use the Step Functions state machine to delete the image tag for those images and to notify the development team through Amazon Simple Notification Service (Amazon SNS).
  • B. Configure scan on push on the repository. Configure scan results to be pushed to an Amazon Simple Queue Service (Amazon SQS) queue. Invoke an AWS Lambda function when a new message is added to the SQS queue. Use the Lambda function to delete the image tag for images that have Critical or High severity findings. Notify the development team by using Amazon Simple Email Service (Amazon SES).
  • C. Schedule an AWS Lambda function to start a manual image scan every hour. Configure Amazon EventBridge (Amazon CloudWatch Events) to invoke another Lambda function when a scan is complete. Use the second Lambda function to delete the image tag for images that have Critical or High severity findings. Notify the development team by using Amazon Simple Notification Service (Amazon SNS).
  • D. Configure periodic image scan on the repository. Configure scan results to be added to an Amazon Simple Queue Service (Amazon SQS) queue. Invoke an AWS Step Functions state machine when a new message is added to the SQS queue. Use the Step Functions state machine to delete the image tag for images that have Critical or High severity findings. Notify the development team by using Amazon Simple Email Service (Amazon SES).
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
asfsdfsdf
Highly Voted 2 years, 4 months ago
Selected Answer: A
A - ECR scans supports only eventbridge https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html#scanning-repository
upvoted 7 times
...
jyrajan69
Highly Voted 2 years, 4 months ago
First of all this is ECR so you can enable scan on push, eliminating answers C and D. So between A and B, answer A, Step Functions is a Work Flow service, it can call up other services, but the answer here indicates that StepFunctions is doing something, so I will have to go with B
upvoted 6 times
sb333
2 years, 2 months ago
Answer B suggests using Amazon SES for notifications. That's the wrong service and should instead use Amazon SNS. Answer A has all the correct parts. The Step Function is the mechanism used to coordinate the effort to both remove the image tag and notify the developers through SNS. The details of exactly what is used to remove the image tag really isn't necessary. It's like saying CodePipeline is used to deploy an application. That can be a correct statement without going into the details of exactly what is part of that pipeline.
upvoted 6 times
...
...
evargasbrz
Most Recent 1 year, 11 months ago
Selected Answer: A
I'll go with A
upvoted 1 times
...
janvandermerwer
2 years ago
Selected Answer: A
A - Yes - Appears to be the best option. B - Could potentially work - however seems overly complex, also set to use SES - Which is the wrong productfor this scenario. C - no - requirement states new images and this does not allow for images to be scanned when uploaded to the register. D - No - Overly complex.
upvoted 1 times
...
AwsBRFan
2 years, 1 month ago
Selected Answer: A
confused by A https://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr-eventbridge.html "Activating an AWS Step Functions state machine" https://docs.aws.amazon.com/step-functions/latest/dg/tutorial-creating-lambda-state-machine.html
upvoted 2 times
...
skywalker
2 years, 1 month ago
Selected Answer: B
B .. as Step Functions is a workflow and don't work here.
upvoted 1 times
...
sidweed
2 years, 4 months ago
Selected Answer: B
step functions cannot perform actions. they can only coordinate. So A is wrong. B is correct.
upvoted 4 times
Rocketeer
2 years, 3 months ago
Step functions can invoke lambdas or other actions
upvoted 2 times
Rocketeer
2 years, 3 months ago
I would prefer event bridge than SQS and it is serverless.
upvoted 1 times
...
...
...
michaelbaib
2 years, 6 months ago
why C is wrong?
upvoted 1 times
...
pankajrawat
2 years, 7 months ago
Selected Answer: A
A is realtime
upvoted 5 times
...
snakecharmer2
2 years, 7 months ago
Selected Answer: A
A - the scan result is sent to EventBridge, there is no support for Lambda today
upvoted 5 times
...
shailurtm2001
2 years, 7 months ago
I'll go for A. https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html#scanning-repository
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...