Free Amazon DOP-C02 Exam Questions

Question 1

A company deploys its corporate infrastructure on AWS across multiple AWS Regions and Availability Zones. The infrastructure is deployed on Amazon EC2 instances and connects with AWS IoT Greengrass devices. The company deploys additional resources on on-premises servers that are located in the corporate headquarters.

The company wants to reduce the overhead involved in maintaining and updating its resources. The company’s DevOps team plans to use AWS Systems Manager to implement automated management and application of patches. The DevOps team confirms that Systems Manager is available in the Regions that the resources are deployed in. Systems Manager also is available in a Region near the corporate headquarters.

Which combination of steps must the DevOps team take to implement automated patch and configuration management across the company’s EC2 instances, IoT devices, and on-premises infrastructure? (Choose three.)

A : ply tags to all the EC2 instances, AWS IoT Greengrass devices, and on-premises servers. Use Systems Manager Session Manager to push patches to all the tagged devices.

B : Systems Manager Run Command to schedule patching for the EC2 instances, AWS IoT Greengrass devices, and on-premises servers.

C : Systems Manager Patch Manager to schedule patching for the EC2 instances, AWS IoT Greengrass devices, and on-premises servers as a Systems Manager maintenance window task.

D : nfigure Amazon EventBridge to monitor Systems Manager Patch Manager for updates to patch baselines. Associate Systems Manager Run Command with the event to initiate a patch action for all EC2 instances, AWS IoT Greengrass devices, and on-premises servers.

E : eate an IAM instance profile for Systems Manager. Attach the instance profile to all the EC2 instances in the AWS account. For the AWS IoT Greengrass devices and on-premises servers, create an IAM service role for Systems Manager.

F : nerate a managed-instance activation. Use the Activation Code and Activation ID to install Systems Manager Agent (SSM Agent) on each server in the on-premises environment. Update the AWS IoT Greengrass IAM token exchange role. Use the role to deploy SSM Agent on all the IoT devices.

Answer: A,B,C

Question 2

A development team manually builds a local artifact. The development team moves the artifact to an Amazon S3 bucket to support an application. The application has a local cache that must be cleared when the development team deploys the application to Amazon EC2 instances. For each deployment, the development team runs a command to clear the cache, download the artifact from the S3 bucket, and unzip the artifact to complete the deployment. The development team wants to migrate the deployment process to a CI/CD process and to track the progress of each deployment. Which combination of actions will meet these requirements with the MOST operational efficiency? (Select THREE.)

A : Set up an AWS CodeConnections compatible Git repository. Allow developers to merge code into the repository. Use AWS CodeBuild to build an artifact and copy the object into the S3 bucket. Configure CodeBuild to run for every merge into the main branch.

B : Create a custom script to clear the cache. Specify the script in the BeforeInstall lifecycle hook in the AppSpec file.

C : Create user data for each EC2 instance that contains the cache clearing script. Test the application after deployment. If the deployment is not successful, then redeploy.

D : Use AWS CodePipeline to deploy the application. Set up an AWS CodeConnections compatible Git repository. Allow developers to merge code into the repository as a source for the pipeline.

E : Use AWS CodeBuild to build the artifact and place the artifact in the S3 bucket. Use AWS CodeDeploy to deploy the artifact to EC2 instances.

F : Use AWS Systems Manager to fetch the artifact from the S3 bucket and to deploy the artifact to all the EC2 instances.

Answer: B,D,E

Question 3

A leading IT consulting firm is building a GraphQL API service and a mobile application that lets people post photos and videos of the traffic situations and other issues in the city's public roads. Users can include a text report and constructive feedback to the authorities. The department of public works shall rectify the problems based on the data gathered by the system. In order for the mobile app to run on various mobile and tablet devices, the firm decided to develop it using the React Native mobile framework, which will consume and send data to the GraphQL API. The backend service will be responsible for storing the photos and videos in an Amazon S3 bucket. The API will also need access to the Amazon DynamoDB database to store the text reports. The firm has recently deployed the mobile app prototype, however, during testing, the GraphQL API showed a lot of issues. The team decided to remove the API to proceed with the project and refactor the mobile application instead so that it will directly connect to both DynamoDB and S3 as well as handle user authentication.

Which of the following options provides a cost-effective and scalable architecture for this project? (Select TWO.)

A : ing the STS AssumeRoleWithWebIdentity API, set up a web identity federation and register with various social identity providers like Facebook, Google, or any other OpenID Connect (OIDC)-compatible IdP. Set up an IAM role for that provider and grant permissions for the IAM role to allow access to Amazon S3 and DynamoDB. Configure the mobile application to use the AWS access and secret keys to store the photos and videos to an S3 bucket and persist the text-based report to a DynamoDB table.

B : ing the STS AssumeRoleWithSAML API, set up a web identity federation and register with various social identity providers like Facebook, Google, or any other OpenID Connect (OIDC)-compatible IdP. Set up an IAM role for that provider and grant permissions for the IAM role to allow access to Amazon S3 and DynamoDB. Configure the mobile app to use the AWS temporary security credentials to store the photos and videos to an S3 bucket and persist the text-based reports to the DynamoDB table.

C : eate an identity pool in AWS Identity and Access Management (IAM) that will be used to store the end-user identities organized for your mobile app. IAM will automatically create the required IAM roles for authenticated identities as well as for unauthenticated 'guest' identities that define permissions for the users. Download and integrate the AWS SDK for React Native with your app, and import the files required to use IAM. Configure your app to pass the credentials provider instance to the client object, which passes the temporary security credentials to the client.

D : eate an identity pool in Amazon Cognito that will be used to store the end-user identities organized for your mobile app. Amazon Cognito will automatically create the required IAM roles for authenticated identities as well as for unauthenticated 'guest' identities that define permissions for Amazon Cognito users. Download and integrate the AWS SDK for React Native with your app, and import the files required to use Amazon Cognito. Configure your app to pass the credentials provider instance to the client object, which passes the temporary security credentials to the client.

E : ing the STS AssumeRoleWithWebIdentity API, set up a web identity federation and register with social identity providers like Facebook, Google or any other OpenID Connect (OIDC)-compatible IdP. Create a new IAM Role and grant permissions to allow access to Amazon S3 and DynamoDB. Configure the mobile application to use the AWS temporary security credentials to store the photos and videos to an S3 bucket and persist the text-based reports to the DynamoDB table.

Answer: A,D

Question 4

A DevOps engineer is creating a CI/CD pipeline to build container images. The engineer needs to store container images in Amazon Elastic Container Registry (Amazon ECR) and scan the images for common vulnerabilities. The CI/CD pipeline must be resilient to outages in upstream source container image repositories. Which solution will meet these requirements?

A : Create an ECR private repository in the private registry to store the container images and scan images when images are pushed to the repository. Configure a replication rule in the private registry to replicate images from upstream repositories.

B : Create an ECR public repository in the public registry to cache images from upstream source repositories. Create an ECR private repository to store images. Configure the private repository to scan images when images are pushed to the repository.

C : Create an ECR public repository in the public registry. Configure a pull through cache rule for the repository. Create an ECR private repository to store images. Configure the ECR private registry to perform basic scanning.

D : Create an ECR private repository in the private registry to store the container images. Enable basic scanning for the private registry, and create a pull through cache rule.

Answer: C

Question 5

A company uses AWS Control Tower and Organizations for a multi-account environment. It needs to create new accounts and ensure they receive a consistent baseline configuration. Which solution meets the requirement with the least overhead?

A : Use Account Factory Customization (AFC) blueprints for baseline setup.

B : Use Account Factory + StackSets post-setup.

C : Use Organizations with Lambda applying baseline via access role.

D : Use Organizations + StackSets manually.

Answer: A