# AWS-Certified-DevOps-Engineer---Professional-DOP-C02 — Question 425

**Type:** multiple_choice
**Topics:** topic_1

## Question

A security review has identified that an AWS CodeBuild project is downloading a database population script from an Amazon S3 bucket using an unauthenticated request. The security team does not allow unauthenticated requests to S3 buckets for this project.
How can this issue be corrected in the MOST secure manner?

## Correct Answer

_See scenario._

## Explanation

C is correct:
+ Remove unauthenticated access from the S3 bucket with a bucket policy
+ Modify the service role for the CodeBuild project to include Amazon S3 access.

**Reference:** examtopics_top_comment

---
Source: https://hiexam.net/q/amazon/AWS-Certified-DevOps-Engineer---Professional-DOP-C02/425  
Practice (tracked): https://hiexam.net/study/AWS-Certified-DevOps-Engineer---Professional-DOP-C02/practice