A company uses Amazon API Gateway and AWS Lambda functions to implement an API. The compa…

Question

A company uses Amazon API Gateway and AWS Lambda functions to implement an API. The company uses a pipeline in AWS CodePipeline to build and deploy the API. The pipeline contains a source stage, build stage, and deployment stage. The company deploys the API without performing smoke tests. Soon after the deployment, the company observes multiple issues with the API. A security audit finds security vulnerabilities in the production code. The company wants to prevent these issues from happening in the future. Which combination of steps will meet this requirement? (Choose two.)

Accepted Answer

Correct answer: B, D. B. Create a smoke test script that returns an error code if the API code fails the test. Add an action in the deployment stage to run the smoke test script after deployment. Configure the deployment stage to fail if the smoke test script returns an error code. — D. Add an action in the build stage to run an Amazon CodeGuru code scan after the code is built. Configure the build stage to fail if the scan returns any security findings. — To detect and block security vulnerabilities before code reaches production, Amazon CodeGuru should be utilized in the build stage to conduct static application security testing (SAST), failing the build if findings are detected. To address functional issues post-deployment, a smoke test script should run as a step in the deployment stage, which is configured to fail the pipeline if the script returns an error code. Amazon Inspector is not designed for static code analysis during the build stage, and performing security scans post-deployment in the deployment stage is too late to prevent vulnerable code from being deployed.

AWS Certified DevOps Engineer – Professional (DOP-C02) — Question 371

Answer options

Correct answer: B, D

Explanation