Free Amazon DOP-C02 Exam Questions

Question 1

A DevOps engineer is working on a project that is hosted on Amazon Linux and has failed a security review. The DevOps manager has been asked to review the company buildspec.yaml file for an AWS CodeBuild project and provide recommendations. The buildspec.yaml file is configured as follows:

What changes should be recommended to comply with AWS security best practices? (Choose three.)

A : a post-build command to remove the temporary files from the container before termination to ensure they cannot be seen by other CodeBuild users.

B : date the CodeBuild project role with the necessary permissions and then remove the AWS credentials from the environment variable.

C : ore the DB_PASSWORD as a SecureString value in AWS Systems Manager Parameter Store and then remove the DB_PASSWORD from the environment variables.

D : ve the environment variables to the ‘db-deploy-bucket’ Amazon S3 bucket, add a prebuild stage to download, then export the variables.

E : AWS Systems Manager run command versus scp and ssh commands directly to the instance.

F : ramble the environment variables using XOR followed by Base64, add a section to install, and then run XOR and Base64 to the build phase.

Answer: A,B,D

Question 2

A company is developing a web application that runs on Amazon EC2 Linux instances. The application requires monitoring of custom performance metrics. The company must collect metrics for API response times and database query latency across multiple instances. Which solution will generate the custom metrics with the LEAST operational overhead?

A : Install the Amazon CloudWatch agent on the instances. Configure the agent to collect the custom metrics. Instrument the application to send the metrics to the agent.

B : Use Amazon Managed Service for Prometheus to scrape the custom metrics from the application. Use the Amazon CloudWatch agent to forward the metrics to CloudWatch.

C : Create a custom AWS Lambda function that polls the application endpoints and database at regular intervals. Program the Lambda function to calculate the custom metrics and to send the metrics to Amazon CloudWatch by using PutMetricData API calls.

D : Implement custom logging in the application code to record the custom metrics. Use Amazon CloudWatch Logs Insights to extract and analyze the metrics.

Answer: A

Question 3

A SaaS company uses ECS (Fargate) behind an ALB and CodePipeline + CodeDeploy for blue/green deployments. They need automatic, incremental traffic shifting over time with no downtime. Which solution will meet these requirements?

A : Use TimeBasedLinear in appspec.yaml with defined percentage and interval.

B : Use AllAtOnce deployment configuration.

C : Use TimeBasedCanary.

D : Configure weighted routing on ALB manually.

Answer: A

Question 4

A DevOps engineer must implement a solution that immediately terminates Amazon EC2 instances in Auto Scaling groups when cryptocurrency mining activity is detected. Which solution will meet these requirements with the LEAST development effort?

A : Configure Amazon Route 53 query logs # CloudWatch # Lambda every 5 mins to detect mining-related domains and terminate EC2 instances.

B : Configure VPC Flow Logs # S3 # Lambda every 5 mins # Athena query # terminate EC2 instances.

C : Enable Amazon GuardDuty. Monitor EC2 findings. Create an EventBridge rule triggered by GuardDuty. Invoke a Lambda function that terminates the affected EC2 instances.

D : Enable AWS Security Hub. Monitor EC2 findings. Create an EventBridge rule triggered by SecurityHub. Invoke Lambda to terminate EC2 instances.

Answer: C

Question 5

A company uses Amazon S3 to store proprietary information. The development team creates buckets for new projects on a daily basis. The security team wants to ensure that all existing and future buckets have encryption, logging, and versioning enabled. Additionally, no buckets should ever be publicly read or write accessible.

What should a DevOps engineer do to meet these requirements?

A : able AWS CloudTrail and configure automatic remediation using AWS Lambda.

B : able AWS Config rules and configure automatic remediation using AWS Systems Manager documents.

C : able AWS Trusted Advisor and configure automatic remediation using Amazon EventBridge.

D : able AWS Systems Manager and configure automatic remediation using Systems Manager documents.

Answer: B