Free Amazon DOP-C02 Exam Questions

Question 1

A company has several AWS accounts. An Amazon Connect instance runs in each account. The company uses an Amazon EventBridge default event bus in each account for event handling. A DevOps team needs to receive all the Amazon Connect events in a single DevOps account. Which solution meets these requirements?

A : Update the resource-based policy of the default event bus in each account to allow the DevOps account to replay events. Configure an EventBridge rule in the DevOps account that matches Amazon Connect events and has a target of the default event bus in the other accounts.

B : Update the resource-based policy of the default event bus in each account to allow the DevOps account to receive events. Configure an EventBridge rule in the DevOps account that matches Amazon Connect events and has a target of the default event bus in the other accounts.

C : Update the resource-based policy of the default event bus in the DevOps account. Update the policy to allow events to be received from the accounts. Configure an EventBridge rule in each account that matches Amazon Connect events and has a target of the DevOps account's default event bus

D : Update the resource-based policy of the default event bus in the DevOps account. Update the policy to allow events to be replayed by the accounts. Configure an EventBridge rule in each account that matches Amazon Connect events and has a target of the DevOps account's default event bus.

Answer: C

Question 2

A leading IT consulting firm is building a GraphQL API service and a mobile application that lets people post photos and videos of the traffic situations and other issues in the city's public roads. Users can include a text report and constructive feedback to the authorities. The department of public works shall rectify the problems based on the data gathered by the system. In order for the mobile app to run on various mobile and tablet devices, the firm decided to develop it using the React Native mobile framework, which will consume and send data to the GraphQL API. The backend service will be responsible for storing the photos and videos in an Amazon S3 bucket. The API will also need access to the Amazon DynamoDB database to store the text reports. The firm has recently deployed the mobile app prototype, however, during testing, the GraphQL API showed a lot of issues. The team decided to remove the API to proceed with the project and refactor the mobile application instead so that it will directly connect to both DynamoDB and S3 as well as handle user authentication.

Which of the following options provides a cost-effective and scalable architecture for this project? (Select TWO.)

A : ing the STS AssumeRoleWithWebIdentity API, set up a web identity federation and register with various social identity providers like Facebook, Google, or any other OpenID Connect (OIDC)-compatible IdP. Set up an IAM role for that provider and grant permissions for the IAM role to allow access to Amazon S3 and DynamoDB. Configure the mobile application to use the AWS access and secret keys to store the photos and videos to an S3 bucket and persist the text-based report to a DynamoDB table.

B : ing the STS AssumeRoleWithSAML API, set up a web identity federation and register with various social identity providers like Facebook, Google, or any other OpenID Connect (OIDC)-compatible IdP. Set up an IAM role for that provider and grant permissions for the IAM role to allow access to Amazon S3 and DynamoDB. Configure the mobile app to use the AWS temporary security credentials to store the photos and videos to an S3 bucket and persist the text-based reports to the DynamoDB table.

C : eate an identity pool in AWS Identity and Access Management (IAM) that will be used to store the end-user identities organized for your mobile app. IAM will automatically create the required IAM roles for authenticated identities as well as for unauthenticated 'guest' identities that define permissions for the users. Download and integrate the AWS SDK for React Native with your app, and import the files required to use IAM. Configure your app to pass the credentials provider instance to the client object, which passes the temporary security credentials to the client.

D : eate an identity pool in Amazon Cognito that will be used to store the end-user identities organized for your mobile app. Amazon Cognito will automatically create the required IAM roles for authenticated identities as well as for unauthenticated 'guest' identities that define permissions for Amazon Cognito users. Download and integrate the AWS SDK for React Native with your app, and import the files required to use Amazon Cognito. Configure your app to pass the credentials provider instance to the client object, which passes the temporary security credentials to the client.

E : ing the STS AssumeRoleWithWebIdentity API, set up a web identity federation and register with social identity providers like Facebook, Google or any other OpenID Connect (OIDC)-compatible IdP. Create a new IAM Role and grant permissions to allow access to Amazon S3 and DynamoDB. Configure the mobile application to use the AWS temporary security credentials to store the photos and videos to an S3 bucket and persist the text-based reports to the DynamoDB table.

Answer: A,D

Question 3

An online retail company based in the United States plans to expand its operations to Europe and Asia in the next six months. Its product currently runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. All data is stored in an Amazon Aurora database instance.

When the product is deployed in multiple regions, the company wants a single product catalog across all regions, but for compliance purposes, its customer information and purchases must be kept in each region.

How should the company meet these requirements with the LEAST amount of application changes?

A : Amazon Redshift for the product catalog and Amazon DynamoDB tables for the customer information and purchases.

B : Amazon DynamoDB global tables for the product catalog and regional tables for the customer information and purchases.

C : Aurora with read replicas for the product catalog and additional local Aurora instances in each region for the customer information and purchases.

D : Aurora for the product catalog and Amazon DynamoDB global tables for the customer information and purchases

Answer: C

Question 4

A DevOps engineer needs a resilient CI/CD pipeline that builds container images, stores them in ECR, scans images for vulnerabilities, and is resilient to outages in upstream source image repositories. Which solution meets this?

A : Create a private ECR repo, scan images on push, replicate images from upstream repos with a replication rule.

B : Create a private ECR repo, scan images on push, replicate images from upstream repos with a replication rule

C : Create a public ECR repo, configure a pull-through cache rule, create a private repo to store images, enable basic scanning.

D : Create a private ECR repo, enable basic scanning, create a pull-through cache rule.

Answer: D

Question 5

A company has several AWS accounts. An Amazon Connect instance runs in each account. The company uses an Amazon EventBridge default event bus in each account for event handling. A DevOps team needs to receive all the Amazon Connect events in a single DevOps account. Which solution meets these requirements?

A : Update the resource-based policy of the default event bus in each account to allow the DevOps account to replay events. Configure an EventBridge rule in the DevOps account that matches Amazon Connect events and has a target of the default event bus in the other accounts.

B : Update the resource-based policy of the default event bus in each account to allow the DevOps account to receive events. Configure an EventBridge rule in the DevOps account that matches Amazon Connect events and has a target of the default event bus in the other accounts.

C : Update the resource-based policy of the default event bus in the DevOps account. Update the policy to allow events to be received from the accounts. Configure an EventBridge rule in each account that matches Amazon Connect events and has a target of the DevOps account's default event bus

D : Update the resource-based policy of the default event bus in the DevOps account. Update the policy to allow events to be replayed by the accounts. Configure an EventBridge rule in each account that matches Amazon Connect events and has a target of the DevOps account's default event bus.

Answer: C