A company is deploying a container-based application using AWS CodeBuild. The Security team mandates that all containers are scanned for vulnerabilities prior to deployment using a password-protected endpoint. All sensitive information must be stored securely. Which solution should be used to meet these requirements?
A) Encrypt the password using AWS KMS. Store the encrypted password in the buildspec.yml file as an environment variable under the variables mapping. Reference the environment variable to initiate scanning.
B) Import the password into an AWS CloudHSM key. Reference the CloudHSM key in the buildpec.yml file as an environment variable under the variables mapping. Reference the environment variable to initiate scanning.
C) Store the password in the AWS Systems Manager Parameter Store as a secure string. Add the Parameter Store key to the buildspec.yml file as an environment variable under the parameter-store mapping. Reference the environment variable to initiate scanning.
D) Use the AWS Encryption SDK to encrypt the password and embed in the buildspec.yml file as a variable under the secrets mapping. Attach a policy to CodeBuild to enable access to the required decryption key.
Correct Answer:
Verified
Q487: A company has multiple development teams sharing
Q488: A company recently launched an application that
Q489: You have an application which consists of
Q490: A Development team wants to deploy an
Q491: A company has multiple child accounts that
Q493: An application running on multiple Amazon EC2
Q494: A company's legacy application uses IAM user
Q495: A company has an application deployed using
Q496: You have decided that you need to
Q497: Which Auto Scaling process would be helpful
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents