A DevOps Engineer is working on a project that is hosted on Amazon Linux and has failed a security review. The DevOps Manager has been asked to review the company buildspec.yaml file for an AWS CodeBuild project and provide recommendations.
The buildspec.yaml file is configured as follows:
What changes should be recommended to comply with AWS security best practices? (Choose three.)
A . Add a post-build command to remove the temporary files from the container before termination to ensure they cannot be seen by other CodeBuild users.
B . Update the CodeBuild project role with the necessary permissions and then remove the AWS credentials from the environment variable.
C . Store the DB_PASSWORD as a SecureString value in AWS Systems Manager Parameter Store and then remove the DB_PASSWORD from the environment variables.
D . Move the environment variables to the ‘db-deploy-bucket’ Amazon S3 bucket, add a prebuild stage to download, then export the variables.
E . Use AWS Systems Manager run command versus scp and ssh commands directly to the instance.
F . Scramble the environment variables using XOR followed by Base64, add a section to install, and then run XOR and Base64 to the build phase.
Answer: ADE
Latest DOP-C01 Dumps Valid Version with 188 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund