AWS Certified DevOps Engineer – Professional (DOP-C02) — Question 249

A company has set up AWS CodeArtifact repositories with public upstream repositories. The company's development team consumes open source dependencies from the repositories in the company's internal network.

The company's security team recently discovered a critical vulnerability in the most recent version of a package that the development team consumes. The security team has produced a patched version to fix the vulnerability. The company needs to prevent the vulnerable version from being downloaded. The company also needs to allow the security team to publish the patched version.

Which combination of steps will meet these requirements? (Choose two.)

Answer options

• A. Update the status of the affected CodeArtifact package version to unlisted.
• B. Update the status of the affected CodeArtifact package version to deleted.
• C. Update the status of the affected CodeArtifact package version to archived.
• D. Update the CodeArtifact package origin control settings to allow direct publishing and to block upstream operations.
• E. Update the CodeArtifact package origin control settings to block direct publishing and to allow upstream operations.

Correct answer: C, D

Explanation

The correct answer is C and D because archiving the affected package version prevents it from being downloaded while still allowing the security team to publish the patched version. Changing the origin control settings to allow direct publishing while blocking upstream operations ensures that only the approved patched version can be added to the repository, thereby securing the development environment against the vulnerable version.