Free Amazon DOP-C02 Exam Questions

Question 1

A company is planning to host their enterprise web application in an Amazon ECS Cluster which uses the Fargate launch type. The database credentials, API keys, and other sensitive parameters should be provided to the application image by using environment variables. A DevOps engineer was instructed to ensure that the sensitive parameters are highly secured when passed to the image and must be kept in a dedicated storage with lifecycle management. The size of some parameters can exceed up to 12 Kb in size and must be rotated automatically.

Which of the following is the MOST suitable solution that the DevOps engineer should implement?

A : ore the API Keys and other credentials in AWS Key Management Service (AWS KMS) and enable automatic key rotation. Set up an IAM role to the ECS task definition script that allows access to AWS KMS to retrieve the necessary parameters when calling the register-task-definition action in Amazon ECS.

B : ep the credentials using the AWS Secrets Manager and then encrypt them using AWS KMS. Set up an IAM Role for your Amazon ECS task execution role and reference it with your task definition which allows access to both KMS and AWS Secrets Manager. Within your container definition, specify secrets with the name of the environment variable to set in the container and the full ARN of the Secrets Manager secret which contains the sensitive data, to present to the container. Enable the built-in automatic key rotation for the credentials.

C : ep the credentials using the AWS Systems Manager Parameter Store and then encrypt them using AWS KMS. Set up an IAM Role for your Amazon ECS task execution role and reference it with your task definition, which allows access to both KMS and the Parameter Store. Within your container definition, specify secrets with the name of the environment variable to set in the container and the full ARN of the Systems Manager Parameter Store parameter containing the sensitive data to present to the container. Enable the built-in automatic key rotation for the parameters.

D : ore the credentials using AWS Storage Gateway in the ECS task definition file of the ECS Cluster in order to centrally manage these sensitive data and securely transmit these only to those containers that need access to them. Ensure that the secrets are encrypted and can only be accessed to those services which have been granted explicit access to it via IAM Role, and only while those service tasks are running. Launch a custom rotation function in AWS Lambda and automatically rotate the credentials using Amazon EventBridge.

Answer: B

Question 2

A company uses Amazon Redshift as its data warehouse solution. The company wants to create a dashboard to view changes to the Redshift users and the queries the users perform. Which combination of steps will meet this requirement? (Select TWO.)

A : Create an Amazon CloudWatch log group. Create an AWS CloudTrail trail that writes to the CloudWatch log group.

B : Create a new Amazon S3 bucket. Configure default audit logging on the Redshift cluster. Configure the S3 bucket as the target.

C : Configure the Redshift cluster database audit logging to include user activity logs. Configure Amazon CloudWatch as the target.

D : Create an Amazon CloudWatch dashboard that has a log widget. Configure the widget to display user details from the Redshift logs.

E : Create an AWS Lambda function that uses Amazon Athena to query the Redshift logs. Create an Amazon CloudWatch dashboard that has a custom widget type that uses the Lambda function.

Answer: B,D

Question 3

A company manages an application that stores logs in Amazon CloudWatch Logs. The company wants to archive the logs to an Amazon S3 bucket. Logs are rarely accessed after 90 days and must be retained for 10 years.

Which combination of steps should a DevOps engineer take to meet these requirements? (Choose two.)

A : nfigure a CloudWatch Logs subscription filter to use AWS Glue to transfer all logs to an S3 bucket.

B : nfigure a CloudWatch Logs subscription filter to use Amazon Kinesis Data Firehose to stream all logs to an S3 bucket.

C : nfigure a CloudWatch Logs subscription filter to stream all logs to an S3 bucket.

D : nfigure the S3 bucket lifecycle policy to transition logs to S3 Glacier after 90 days and to expire logs after 3.650 days.

E : nfigure the S3 bucket lifecycle policy to transition logs to Reduced Redundancy after 90 days and to expire logs after 3.650 days.

Answer: B,D

Question 4

The company's DevOps engineer discovered that the errors were caused by RDS connection limits being reached. The DevOps engineer also discovered that more than 90% of the API requests are GET requests that read from the DB cluster. How should the DevOps engineer solve this problem with the LEAST development effort?

A : Migrate from Amazon RDS to Amazon DynamoDB. Add an Amazon CloudFront distribution in front of the API Gateway REST API.

B : Add a proxy from Amazon RDS Proxy in front of the RDS DB cluster. Enable API caching in API Gateway.

C : Add an Amazon RDS Proxy in front of the RDS database cluster. Provision an Amazon ElastiCache (Redis OSS) cluster.

D : Migrate from Amazon RDS to Amazon DynamoDB. Enable API caching in API Gateway.

Answer: B

Question 5

A software team is using AWS CodePipeline to automate its Java application release pipeline. The pipeline consists of a source stage, then a build stage, and then a deploy stage. Each stage contains a single action that has a runOrder value of 1.

The team wants to integrate unit tests into the existing release pipeline. The team needs a solution that deploys only the code changes that pass all unit tests.

Which solution will meet these requirements?

A : Modify the build stage. Add a test action that has a runOrder value of 1. Use AWS CodeDeploy as the action provider to run unit tests.

B : Modify the build stage. Add a test action that has a runOrder value of 2. Use AWS CodeBuild as the action provider to run unit tests.

C : Modify the deploy stage. Add a test action that has a runOrder value of 1. Use AWS CodeDeploy as the action provider to run unit tests.

D : Modify the deploy stage. Add a test action that has a runOrder value of 2. Use AWS CodeBuild as the action provider to run unit tests.

Answer: C