Free Amazon DOP-C02 Exam Questions

Question 1

A DevOps engineer needs a resilient CI/CD pipeline that builds container images, stores them in ECR, scans images for vulnerabilities, and is resilient to outages in upstream source image repositories. Which solution meets this?

A : Create a private ECR repo, scan images on push, replicate images from upstream repos with a replication rule.

B : Create a private ECR repo, scan images on push, replicate images from upstream repos with a replication rule

C : Create a public ECR repo, configure a pull-through cache rule, create a private repo to store images, enable basic scanning.

D : Create a private ECR repo, enable basic scanning, create a pull-through cache rule.

Answer: D

Question 2

A DevOps engineer is implementing governance controls for a company that requires its infrastructure to be

housed within the United States. The engineer must restrict which AWS Regions can be used, and ensure an

alert is sent as soon as possible if any activity outside the governance policy takes place. The controls should

be automatically enabled on any new Region outside the United States (US).

Which combination of actions will meet these requirements? (Select TWO.)

A : Create an AWS Organizations SCP that denies access to all non-global services in non-US Regions. Attach the policy to the root of the organization.

B : Configure AWS CloudTrail to send logs to Amazon CloudWatch Logs and enable it for all Regions. Use a CloudWatch Logs metric filter to send an alert on any service activity in non-US Regions.

C : Use an AWS Lambda function that checks for AWS service activity and deploy it to all Regions. Write an Amazon EventBridge rule that runs the Lambda function every hour, sending an alert if activity is found in a non-US Region.

D : Use an AWS Lambda function to query Amazon Inspector to look for service activity in non-US Regions and send alerts if any activity is found.

E : Write an SCP using the aws: RequestedRegion condition key limiting access to US Regions. Apply the policy to all users, groups, and roles

Answer: A,B

Question 3

A company is developing a serverless application that uses AWS Lambda, AWS SAM, and Amazon API Gateway. There is a requirement to fully automate the backend Lambda deployment in such a way that the deployment will automatically run whenever a new commit is pushed to an AWS CodeCommit repository. There should also be a separate environment pipeline for TEST and PROD environments. In addition, the TEST environment should be the only one that allows automatic deployment.

As a DevOps Engineer, who can you satisfy these requirements?

A : t up two pipelines using AWS CodePipeline for TEST and PROD environments. On both pipelines, set up a manual approval step for application deployment. Set up separate CodeCommit repositories for each environment and configure each pipeline to retrieve the source code from CodeCommit. Deploy the Lambda functions with AWS CloudFormation by setting up a deployment step in the pipeline.

B : t up two pipelines using AWS CodePipeline for TEST and PROD environments. Configure the PROD pipeline to have a manual approval step. Create a CodeCommit repository with a branch for each environment and configure the pipeline to retrieve the source code from CodeCommit according to its branch. Deploy the Lambda functions with AWS CloudFormation by setting up a deployment step in the pipeline.

C : t up two pipelines using AWS CodePipeline for TEST and PROD environments. In the PROD pipeline, set up a manual approval step for application deployment. Set up separate CodeCommit repositories for each environment and configure each pipeline to retrieve the source code from CodeCommit. Deploy the Lambda functions with AWS CloudFormation by setting up a deployment step in the pipeline.

D : eate a new pipeline using AWS CodePipeline and a new CodeCommit repository for each environment. Configure CodePipeline to retrieve the application source code from the appropriate repository. Deploy the Lambda functions with AWS CloudFormation by creating a deployment step in the pipeline.

Answer: B

Question 4

A DevOps engineer needs to configure an AWS CodePipeline pipeline that publishes container images to an Amazon ECR repository. The pipeline must wait for the previous run to finish and must run when new Git tags are pushed to a Git repository connected to AWS CodeConnections. An existing deployment pipeline must run in response to new container image publications. Which solution will meet these requirements?

A : Configure a CodePipeline V2 type pipeline that uses QUEUED mode. Add a trigger filter to the pipeline definition that includes all tags. Configure an EventBridge rule that matches container image pushes to start the existing deployment pipeline.

B : Configure a CodePipeline V2 type pipeline that uses SUPERSEDED mode. Add a trigger filter to the pipeline definition that includes all branches. Configure an EventBridge rule that matches container image pushes to start the existing deployment pipeline.

C : Configure a CodePipeline V1 type pipeline that uses SUPERSEDED mode. Add a trigger filter to the pipeline definition that includes all tags. Add a stage at the end of the pipeline to invoke the existing deployment pipeline.

D : Configure a CodePipeline V1 type pipeline that uses QUEUED mode. Add a trigger filter to the pipeline definition that includes all branches. Add a stage at the end of the pipeline to invoke the existing deployment pipeline.

Answer: A

Question 5

A development team manually builds a local artifact. The development team moves the artifact to an Amazon S3 bucket to support an application. The application has a local cache that must be cleared when the development team deploys the application to Amazon EC2 instances. For each deployment, the development team runs a command to clear the cache, download the artifact from the S3 bucket, and unzip the artifact to complete the deployment. The development team wants to migrate the deployment process to a CI/CD process and to track the progress of each deployment. Which combination of actions will meet these requirements with the MOST operational efficiency? (Select THREE.)

A : Set up an AWS CodeConnections compatible Git repository. Allow developers to merge code into the repository. Use AWS CodeBuild to build an artifact and copy the object into the S3 bucket. Configure CodeBuild to run for every merge into the main branch.

B : Create a custom script to clear the cache. Specify the script in the BeforeInstall lifecycle hook in the AppSpec file.

C : Create user data for each EC2 instance that contains the cache clearing script. Test the application after deployment. If the deployment is not successful, then redeploy.

D : Use AWS CodePipeline to deploy the application. Set up an AWS CodeConnections compatible Git repository. Allow developers to merge code into the repository as a source for the pipeline.

E : Use AWS CodeBuild to build the artifact and place the artifact in the S3 bucket. Use AWS CodeDeploy to deploy the artifact to EC2 instances.

F : Use AWS Systems Manager to fetch the artifact from the S3 bucket and to deploy the artifact to all the EC2 instances.

Answer: B,D,E