Free Amazon DOP-C02 Exam Questions

Question 1

A company updated the AWS CloudFormation template for a critical business application. The stack update process failed due to an error in the updated template, and AWS CloudFormation automatically began the stack rollback process. Later, a DevOps engineer discovered that the application was still unavailable and that the stack was in the UPDATE_ROLLBACK_FAILED state.

Which combination of actions should the DevOps engineer perform so that the stack rollback can complete successfully? (Choose two.)

A : tach the AWSCloudFormationFullAccess IAM policy to the AWS CloudFormation role.

B : tomatically recover the stack resources by using AWS CloudFormation drift detection.

C : ue a ContinueUpdateRollback command from the AWS CloudFormation console or the AWS CLI.

D : nually adjust the resources to match the expectations of the stack.

E : date the existing AWS CloudFormation stack by using the original template.

Answer: C,D

Question 2

A company is planning to host their enterprise web application in an Amazon ECS Cluster which uses the Fargate launch type. The database credentials, API keys, and other sensitive parameters should be provided to the application image by using environment variables. A DevOps engineer was instructed to ensure that the sensitive parameters are highly secured when passed to the image and must be kept in a dedicated storage with lifecycle management. The size of some parameters can exceed up to 12 Kb in size and must be rotated automatically.

Which of the following is the MOST suitable solution that the DevOps engineer should implement?

A : ore the API Keys and other credentials in AWS Key Management Service (AWS KMS) and enable automatic key rotation. Set up an IAM role to the ECS task definition script that allows access to AWS KMS to retrieve the necessary parameters when calling the register-task-definition action in Amazon ECS.

B : ep the credentials using the AWS Secrets Manager and then encrypt them using AWS KMS. Set up an IAM Role for your Amazon ECS task execution role and reference it with your task definition which allows access to both KMS and AWS Secrets Manager. Within your container definition, specify secrets with the name of the environment variable to set in the container and the full ARN of the Secrets Manager secret which contains the sensitive data, to present to the container. Enable the built-in automatic key rotation for the credentials.

C : ep the credentials using the AWS Systems Manager Parameter Store and then encrypt them using AWS KMS. Set up an IAM Role for your Amazon ECS task execution role and reference it with your task definition, which allows access to both KMS and the Parameter Store. Within your container definition, specify secrets with the name of the environment variable to set in the container and the full ARN of the Systems Manager Parameter Store parameter containing the sensitive data to present to the container. Enable the built-in automatic key rotation for the parameters.

D : ore the credentials using AWS Storage Gateway in the ECS task definition file of the ECS Cluster in order to centrally manage these sensitive data and securely transmit these only to those containers that need access to them. Ensure that the secrets are encrypted and can only be accessed to those services which have been granted explicit access to it via IAM Role, and only while those service tasks are running. Launch a custom rotation function in AWS Lambda and automatically rotate the credentials using Amazon EventBridge.

Answer: B

Question 3

A company is testing a web application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The company uses a blue/green deployment process with immutable instances when deploying new software.

During testing, users are being automatically logged out of the application at random times. Testers also report that, when a new version of the application is deployed, all users are logged out. The development team needs a solution to ensure users remain logged in across scaling events and application deployments.

What is the MOST operationally efficient way to ensure users remain logged in?

A : able smart sessions on the load balancer and modify the application to check for an existing session.

B : able session sharing on the load balancer and modify the application to read from the session store.

C : re user session information in an Amazon S3 bucket and modify the application to read session information from the bucket.

D : dify the application to store user session information in an Amazon ElastiCache cluster.

Answer: D

Question 4

A company is building a web and mobile application that uses a serverless architecture powered by AWS Lambda and Amazon API Gateway. The company wants to fully automate the backend Lambda deployment based on code that is pushed to the appropriate environment branch in an AWS CodeCommit repository.

The deployment must have the following:

• Separate environment pipelines for testing and production

• Automatic deployment that occurs for test environments only

Which steps should be taken to meet these requirements?

A : Configure a new AWS CodePipeline service. Create a CodeCommit repository for each environment. Set up CodePipeline to retrieve the source code from the appropriate repository. Set up the deployment step to deploy the Lambda functions with AWS CloudFormation.

B : Create two AWS CodePipeline configurations for test and production environments. Configure the production pipeline to have a manual approval step. Create a CodeCommit repository for each environment. Set up each CodePipeline to retrieve the source code from the appropriate repository. Set up the deployment step to deploy the Lambda functions with AWS CloudFormation.

C : Create two AWS CodePipeline configurations for test and production environments. Configure the production pipeline to have a manual approval step. Create one CodeCommit repository with a branch for each environment. Set up each CodePipeline to retrieve the source code from the appropriate branch in the repository. Set up the deployment step to deploy the Lambda functions with AWS CloudFormation

D : Create an AWS CodeBuild configuration for test and production environments. Configure the production pipeline to have a manual approval step. Create one CodeCommit repository with a branch for each environment. Push the Lambda function code to an Amazon S3 bucket. Set up the deployment step to deploy the Lambda functions from the S3 bucket.

Answer: C

Question 5

A company is developing a web application that runs on Amazon EC2 Linux instances. The application requires monitoring of custom performance metrics. The company must collect metrics for API response times and database query latency across multiple instances. Which solution will generate the custom metrics with the LEAST operational overhead?

A : Install the Amazon CloudWatch agent on the instances. Configure the agent to collect the custom metrics. Instrument the application to send the metrics to the agent.

B : Use Amazon Managed Service for Prometheus to scrape the custom metrics from the application. Use the Amazon CloudWatch agent to forward the metrics to CloudWatch.

C : Create a custom AWS Lambda function that polls the application endpoints and database at regular intervals. Program the Lambda function to calculate the custom metrics and to send the metrics to Amazon CloudWatch by using PutMetricData API calls.

D : Implement custom logging in the application code to record the custom metrics. Use Amazon CloudWatch Logs Insights to extract and analyze the metrics.

Answer: A