AWS Certified DevOps Engineer – Professional (DOP-C02) — Question 31

A company has containerized all of its in-house quality control applications. The company is running Jenkins on Amazon EC2 instances, which require patching and upgrading. The compliance officer has requested a DevOps engineer begin encrypting build artifacts since they contain company intellectual property.
What should the DevOps engineer do to accomplish this in the MOST maintainable manner?

Answer options

• A. Automate patching and upgrading using AWS Systems Manager on EC2 instances and encrypt Amazon EBS volumes by default.
• B. Deploy Jenkins to an Amazon ECS cluster and copy build artifacts to an Amazon S3 bucket with default encryption enabled.
• C. Leverage AWS CodePipeline with a build action and encrypt the artifacts using AWS Secrets Manager.
• D. Use AWS CodeBuild with artifact encryption to replace the Jenkins instance running on EC2 instances.

Correct answer: D

Explanation

The correct answer is D because AWS CodeBuild provides built-in support for artifact encryption, making it a straightforward solution to replace Jenkins. The other options either do not directly address artifact encryption or involve additional complexity that does not align with the request for a maintainable solution.