DOP-C02 · Question #478
DOP-C02 Question #478: Real Exam Question with Answer & Explanation
Sign in or unlock DOP-C02 to reveal the answer and full explanation for question #478. The question stem and answer options stay visible for context.
Question
A company uses Amazon Elastic Container Registry (Amazon ECR) for all images of the company's containerized infrastructure. The company uses the pull through cache functionality with the /external prefix to avoid throttling when the company retrieves images from external image registries. The company uses AWS Organizations for its accounts. Every image in the registry must be encrypted with a specific, pre-provisioned AWS Key Management Service (AWS KMS) key. The company's internally created images already comply with this policy. However, cached external images use server-side encryption with Amazon S3 managed keys (SSE- S3). The company must remove the noncompliant cache repositories. The company must also implement a secure solution to ensure that all new pull through cache repositories are automatically encrypted with the required KMS key. Which solution will meet these requirements?
Options
- AConfigure AWS Config. Add a custom rule that uses Guard syntax. Write the rule to enable KMS
- BConfigure an ECR repository creation template for the prefix. Specify the KMS key. Wait for the
- CConfigure an SCP for all AWS accounts that requires all ECR repositories to be KMS encrypted.
- DCreate a new Amazon EventBridge rule that triggers on all "ECR Pull Through Cache Action"
Unlock DOP-C02 to see the answer
You've previewed enough free DOP-C02 questions. Unlock DOP-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.