AWS Certified DevOps Engineer – Professional — Question 68

A company has containerized all of its in-house quality control applications. The company is running Jenkins on Amazon EC2, which requires patching and upgrading. The compliance officer has requested a DevOps engineer begin encrypting build artifacts since they contain company intellectual property.

What should the DevOps engineer do to accomplish this in the MOST maintainable manner?

Answer options

• A. Automate patching and upgrading using AWS Systems Manager on EC2 instances and encrypt Amazon EBS volumes by default.
• B. Deploy Jenkins to an Amazon ECS cluster and copy build artifacts to an Amazon S3 bucket with default encryption enabled.
• C. Leverage AWS CodePipeline with a build action and encrypt the artifacts using AWS Secrets Manager.
• D. Use AWS CodeBuild with artifact encryption to replace the Jenkins instance running on Amazon EC2.

Correct answer: D

Explanation

The correct answer is D because AWS CodeBuild provides built-in support for artifact encryption, making it a more maintainable solution compared to managing Jenkins on EC2. Option A focuses on patching and volume encryption, which does not address artifact encryption. Option B moves Jenkins to ECS and uses S3 encryption, but doesn't utilize the advantages of a native build service. Option C uses AWS CodePipeline but relies on AWS Secrets Manager for encryption, which is not as efficient as CodeBuild's direct artifact encryption.