Free Amazon DOP-C02 Exam Questions

Question 1

A company has several AWS accounts. An Amazon Connect instance runs in each account. The company uses an Amazon EventBridge default event bus in each account for event handling. A DevOps team needs to receive all the Amazon Connect events in a single DevOps account. Which solution meets these requirements?

A : Update the resource-based policy of the default event bus in each account to allow the DevOps account to replay events. Configure an EventBridge rule in the DevOps account that matches Amazon Connect events and has a target of the default event bus in the other accounts.

B : Update the resource-based policy of the default event bus in each account to allow the DevOps account to receive events. Configure an EventBridge rule in the DevOps account that matches Amazon Connect events and has a target of the default event bus in the other accounts.

C : Update the resource-based policy of the default event bus in the DevOps account. Update the policy to allow events to be received from the accounts. Configure an EventBridge rule in each account that matches Amazon Connect events and has a target of the DevOps account's default event bus

D : Update the resource-based policy of the default event bus in the DevOps account. Update the policy to allow events to be replayed by the accounts. Configure an EventBridge rule in each account that matches Amazon Connect events and has a target of the DevOps account's default event bus.

Answer: C

Question 2

A company runs an Amazon EKS cluster and must implement comprehensive logging for the control plane and nodes. The company must analyze API requests and monitor container performance. Which solution will meet these requirements with the LEAST operational overhead?

A : Enable AWS CloudTrail for control plane logging and deploy Logstash on nodes.

B : Enable control plane logging to CloudWatch and use CloudWatch Container Insights for node and pod metrics.

C : Enable API server logging to S3 and deploy Kubernetes Event Exporter to nodes.

D : Use AWS Distro for OpenTelemetry and stream logs to Amazon Redshift.

Answer: B

Question 3

A leading game development company is planning to host its latest video game on AWS. It is expected that there will be millions of users around the globe that will play the game. The architecture should allow players to send or receive data on the backend in real-time for a better gaming experience. The application libraries and user data of the game must also comply with the data residency requirement wherein all files must remain in the same region. CodeCommit, CodeBuild, CodeDeploy, and CodePipeline should be utilized to build the CI/CD process.

As a DevOps Engineer, which of the following is the MOST suitable and efficient solution that you should implement to satisfy this requirement?

A : eate a new pipeline using AWS CodePipeline and a CodeCommit repository as the source on multiple AWS regions. Configure the repository of the pipeline for each region to trigger the build and deployment actions whenever there is a new code update. The pipeline will automatically store output files on a default artifact bucket on each region.

B : eate a new pipeline using AWS CodePipeline and a CodeCommit repository as the source in your primary AWS region. Set a CodeBuild test action to run the automated unit and integration tests. Configure the repository to trigger the build and deployment actions whenever there is a new code update. Using the AWS Management Console, set up the pipeline to use cross-region actions that will run the build and deployment actions to other regions. Manually configure the pipeline to automatically store output files on a single S3 bucket.

C : eate a new pipeline using AWS CodePipeline and a CodeCommit repository as the source in your primary AWS region. Configure the repository to trigger the build and deployment actions whenever there is a new code update. Using the AWS Management Console, set up the pipeline to use cross-region actions that will run the build and deployment actions to other regions. The pipeline will automatically store output files on a default artifact bucket on each region.

D : eate a new pipeline using AWS CodePipeline and a CodeCommit repository as the source in your primary AWS region. Configure the repository to trigger the build and deployment actions whenever there is a new code update. Using the AWS Management Console, set up the pipeline to use cross-AZ actions that will run the build and deployment actions to other Availability Zones. The pipeline will automatically store output files on a default artifact bucket on each AZ.

Answer: C

Question 4

A DevOps engineer is creating a CI/CD pipeline to build container images. The engineer needs to store container images in Amazon Elastic Container Registry (Amazon ECR) and scan the images for common vulnerabilities. The CI/CD pipeline must be resilient to outages in upstream source container image repositories. Which solution will meet these requirements?

A : Create an ECR private repository in the private registry to store the container images and scan images when images are pushed to the repository. Configure a replication rule in the private registry to replicate images from upstream repositories.

B : Create an ECR public repository in the public registry to cache images from upstream source repositories. Create an ECR private repository to store images. Configure the private repository to scan images when images are pushed to the repository.

C : Create an ECR public repository in the public registry. Configure a pull through cache rule for the repository. Create an ECR private repository to store images. Configure the ECR private registry to perform basic scanning.

D : Create an ECR private repository in the private registry to store the container images. Enable basic scanning for the private registry, and create a pull through cache rule.

Answer: C

Question 5

A DevOps engineer must implement a solution that immediately terminates Amazon EC2 instances in Auto Scaling groups when cryptocurrency mining activity is detected. Which solution will meet these requirements with the LEAST development effort?

A : Configure Amazon Route 53 query logs # CloudWatch # Lambda every 5 mins to detect mining-related domains and terminate EC2 instances.

B : Configure VPC Flow Logs # S3 # Lambda every 5 mins # Athena query # terminate EC2 instances.

C : Enable Amazon GuardDuty. Monitor EC2 findings. Create an EventBridge rule triggered by GuardDuty. Invoke a Lambda function that terminates the affected EC2 instances.

D : Enable AWS Security Hub. Monitor EC2 findings. Create an EventBridge rule triggered by SecurityHub. Invoke Lambda to terminate EC2 instances.

Answer: C