Free Amazon DOP-C02 Exam Questions

Question 1

A company is planning to host their enterprise web application in an Amazon ECS Cluster which uses the Fargate launch type. The database credentials, API keys, and other sensitive parameters should be provided to the application image by using environment variables. A DevOps engineer was instructed to ensure that the sensitive parameters are highly secured when passed to the image and must be kept in a dedicated storage with lifecycle management. The size of some parameters can exceed up to 12 Kb in size and must be rotated automatically.

Which of the following is the MOST suitable solution that the DevOps engineer should implement?

A : ore the API Keys and other credentials in AWS Key Management Service (AWS KMS) and enable automatic key rotation. Set up an IAM role to the ECS task definition script that allows access to AWS KMS to retrieve the necessary parameters when calling the register-task-definition action in Amazon ECS.

B : ep the credentials using the AWS Secrets Manager and then encrypt them using AWS KMS. Set up an IAM Role for your Amazon ECS task execution role and reference it with your task definition which allows access to both KMS and AWS Secrets Manager. Within your container definition, specify secrets with the name of the environment variable to set in the container and the full ARN of the Secrets Manager secret which contains the sensitive data, to present to the container. Enable the built-in automatic key rotation for the credentials.

C : ep the credentials using the AWS Systems Manager Parameter Store and then encrypt them using AWS KMS. Set up an IAM Role for your Amazon ECS task execution role and reference it with your task definition, which allows access to both KMS and the Parameter Store. Within your container definition, specify secrets with the name of the environment variable to set in the container and the full ARN of the Systems Manager Parameter Store parameter containing the sensitive data to present to the container. Enable the built-in automatic key rotation for the parameters.

D : ore the credentials using AWS Storage Gateway in the ECS task definition file of the ECS Cluster in order to centrally manage these sensitive data and securely transmit these only to those containers that need access to them. Ensure that the secrets are encrypted and can only be accessed to those services which have been granted explicit access to it via IAM Role, and only while those service tasks are running. Launch a custom rotation function in AWS Lambda and automatically rotate the credentials using Amazon EventBridge.

Answer: B

Question 2

A company uses AWS Control Tower and Organizations for a multi-account environment. It needs to create new accounts and ensure they receive a consistent baseline configuration. Which solution meets the requirement with the least overhead?

A : Use Account Factory Customization (AFC) blueprints for baseline setup.

B : Use Account Factory + StackSets post-setup.

C : Use Organizations with Lambda applying baseline via access role.

D : Use Organizations + StackSets manually.

Answer: A

Question 3

A DevOps engineer is creating a CI/CD pipeline to build container images. The engineer needs to store container images in Amazon Elastic Container Registry (Amazon ECR) and scan the images for common vulnerabilities. The CI/CD pipeline must be resilient to outages in upstream source container image repositories. Which solution will meet these requirements?

A : Create an ECR private repository in the private registry to store the container images and scan images when images are pushed to the repository. Configure a replication rule in the private registry to replicate images from upstream repositories.

B : Create an ECR public repository in the public registry to cache images from upstream source repositories. Create an ECR private repository to store images. Configure the private repository to scan images when images are pushed to the repository.

C : Create an ECR public repository in the public registry. Configure a pull through cache rule for the repository. Create an ECR private repository to store images. Configure the ECR private registry to perform basic scanning.

D : Create an ECR private repository in the private registry to store the container images. Enable basic scanning for the private registry, and create a pull through cache rule.

Answer: C

Question 4

A DevOps engineer needs to configure an AWS CodePipeline pipeline that publishes container images to an Amazon ECR repository. The pipeline must wait for the previous run to finish and must run when new Git tags are pushed to a Git repository connected to AWS CodeConnections. An existing deployment pipeline must run in response to new container image publications. Which solution will meet these requirements?

A : Configure a CodePipeline V2 type pipeline that uses QUEUED mode. Add a trigger filter to the pipeline definition that includes all tags. Configure an EventBridge rule that matches container image pushes to start the existing deployment pipeline.

B : Configure a CodePipeline V2 type pipeline that uses SUPERSEDED mode. Add a trigger filter to the pipeline definition that includes all branches. Configure an EventBridge rule that matches container image pushes to start the existing deployment pipeline.

C : Configure a CodePipeline V1 type pipeline that uses SUPERSEDED mode. Add a trigger filter to the pipeline definition that includes all tags. Add a stage at the end of the pipeline to invoke the existing deployment pipeline.

D : Configure a CodePipeline V1 type pipeline that uses QUEUED mode. Add a trigger filter to the pipeline definition that includes all branches. Add a stage at the end of the pipeline to invoke the existing deployment pipeline.

Answer: A

Question 5

The company's DevOps engineer discovered that the errors were caused by RDS connection limits being reached. The DevOps engineer also discovered that more than 90% of the API requests are GET requests that read from the DB cluster. How should the DevOps engineer solve this problem with the LEAST development effort?

A : Migrate from Amazon RDS to Amazon DynamoDB. Add an Amazon CloudFront distribution in front of the API Gateway REST API.

B : Add a proxy from Amazon RDS Proxy in front of the RDS DB cluster. Enable API caching in API Gateway.

C : Add an Amazon RDS Proxy in front of the RDS database cluster. Provision an Amazon ElastiCache (Redis OSS) cluster.

D : Migrate from Amazon RDS to Amazon DynamoDB. Enable API caching in API Gateway.

Answer: B