Free Amazon DOP-C02 Exam Questions

Question 1

A DevOps engineer must implement a solution that immediately terminates Amazon EC2 instances in Auto Scaling groups when cryptocurrency mining activity is detected. Which solution will meet these requirements with the LEAST development effort?

A : Configure Amazon Route 53 query logs # CloudWatch # Lambda every 5 mins to detect mining-related domains and terminate EC2 instances.

B : Configure VPC Flow Logs # S3 # Lambda every 5 mins # Athena query # terminate EC2 instances.

C : Enable Amazon GuardDuty. Monitor EC2 findings. Create an EventBridge rule triggered by GuardDuty. Invoke a Lambda function that terminates the affected EC2 instances.

D : Enable AWS Security Hub. Monitor EC2 findings. Create an EventBridge rule triggered by SecurityHub. Invoke Lambda to terminate EC2 instances.

Answer: C

Question 2

A DevOps engineer is supporting early-stage development for a developer platform running on Amazon EKS. Recently, the platform has experienced an increased rate of container restart failures. The DevOps engineer wants diagnostic information to isolate and resolve issues. Which solution will meet this requirement?

A : Configure CloudWatch dashboards using default EKS service metrics.

B : Configure AWS CloudTrail for the EKS cluster.

C : Configure CloudTrail Insights for the EKS cluster.

D : Configure Amazon CloudWatch Container Insights for the EKS cluster by enabling the CloudWatch Observability add-on.

Answer: D

Question 3

A company hosts its staging website using an Amazon EC2 instance backed with Amazon EBS storage. The company wants to recover quickly with minimal data losses in the event of network connectivity issues or power failures on the EC2 instance.

Which solution will meet these requirements?

A : the instance to an EC2 Auto Scaling group with the minimum, maximum, and desired capacity set to 1.

B : the instance to an EC2 Auto Scaling group with a lifecycle hook to detach the EBS volume when the EC2 instance shuts down or terminates.

C : eate an Amazon CloudWatch alarm for the StatusCheckFailed System metric and select the EC2 action to recover the instance.

D : eate an Amazon CloudWatch alarm for the StatusCheckFailed Instance metric and select the EC2 action to reboot the instance

Answer: C

Question 4

A leading digital consultancy company has two teams in its IT department: the DevOps team and the Security team, that are working together on different components of its cloud architecture. AWS CloudFormation is used to manage its resources across all of its AWS accounts, including AWS Config for configuration management. The Security team applies the operating system-level updates and patches while the DevOps team manages application-level dependencies and updates. The DevOps team must use the latest AMI when launching new EC2 instances and deploying its flagship application.

Which of the following options is the MOST scalable method for integrating the two processes and teams?

A : Instruct the Security team to maintain a nested stack in AWS CloudFormation that includes both the OS and the templates from the DevOps team. Order the Security team to use the stack update action to deploy updates to the application stack whenever the DevOps team changes the application code.

B : truct the Security team to set up an AWS CloudFormation stack that creates an AWS CodePipeline pipeline that builds new Amazon Machine Images. Then, store the AMI ARNs as parameters in AWS Systems Manager Parameter Store as part of the pipeline output. Order the DevOps team to use the AWS::SSM::Parameter section in their CloudFormation stack to obtain the most recent AMI ARN from the Parameter Store.

C : truct the Security team to use a CloudFormation stack that launches an AWS CodePipeline pipeline that builds new AMIs then store the latest AMI ARNs in an encrypted S3 object as part of the pipeline output. Order the DevOps team to use a cross-stack reference within their own CloudFormation template to get that S3 object location and obtain the most recent AMI ARNs to use when deploying their application.

D : truct the Security team to set up an AWS CloudFormation template that creates new versions of their AMIs and lists the Amazon Resource names (ARNs) of the AMIs in an encrypted S3 object as part of the stack output section. Direct the DevOps team to use the cross-stack reference to load the encrypted S3 object and obtain the most recent AMI ARNs.

Answer: B

Question 5

A company has several AWS accounts. An Amazon Connect instance runs in each account. The company uses an Amazon EventBridge default event bus in each account for event handling. A DevOps team needs to receive all the Amazon Connect events in a single DevOps account. Which solution meets these requirements?

A : Update the resource-based policy of the default event bus in each account to allow the DevOps account to replay events. Configure an EventBridge rule in the DevOps account that matches Amazon Connect events and has a target of the default event bus in the other accounts.

B : Update the resource-based policy of the default event bus in each account to allow the DevOps account to receive events. Configure an EventBridge rule in the DevOps account that matches Amazon Connect events and has a target of the default event bus in the other accounts.

C : Update the resource-based policy of the default event bus in the DevOps account. Update the policy to allow events to be received from the accounts. Configure an EventBridge rule in each account that matches Amazon Connect events and has a target of the DevOps account's default event bus

D : Update the resource-based policy of the default event bus in the DevOps account. Update the policy to allow events to be replayed by the accounts. Configure an EventBridge rule in each account that matches Amazon Connect events and has a target of the DevOps account's default event bus.

Answer: C