Free Amazon DOP-C02 Exam Questions

Question 1

company has deployed a complex container-based workload on AWS. The workload uses Amazon Managed Service for Prometheus for monitoring. The workload runs in an Amazon

Elastic Kubernetes Service (Amazon EKS) cluster in an AWS account.

The company’s DevOps team wants to receive workload alerts by using the company’s Amazon Simple Notification Service (Amazon SNS) topic. The SNS topic is in the same AWS account as the EKS cluster.

Which combination of steps will meet these requirements? (Choose three.)

A : Use the Amazon Managed Service for Prometheus remote write URL to send alerts to the SNS topic

B : Create an alerting rule that checks the availability of each of the workload’s containers.

C : reate an alert manager configuration for the SNS topic.

D : Modify the access policy of the SNS topic. Grant the aps.amazonaws.com service principal the sns:Publish permission and the sns:GetTopicAttributes permission for the SNS topic.

E : Modify the IAM role that Amazon Managed Service for Prometheus uses. Grant the role the sns:Publish permission and the sns:GetTopicAttributes permission for the SNS topic.

F : Create an OpenID Connect (OIDC) provider for the EKS cluster. Create a cluster service account. Grant the account the sns:Publish permission and the sns:GetTopicAttributes permission by using an IAM role.

Answer: B,D,E

Question 2

An enterprise resource planning application is hosted in an Auto Scaling group of EC2 instances behind an Application Load Balancer which uses an Amazon DynamoDB table as its data store. For the application’s reporting module, there are five Lambda functions which are reading from the DynamoDB Streams of the table to count the number of products, monitor the inventory, generate reports, move new items to a Kinesis Data Firehose for analytics, and many more. The operations team discovered that in peak times, the Lambda functions are getting a stream throttling error and some of the requests fail which affects the performance of the reporting module.

Which of the following is the MOST scalable and cost-effective solution with the LEAST amount of operational overhead?

A : factor your architecture to use Amazon Kinesis Adapter for real-time processing of streaming data at a massive scale instead of directly consuming the stream using Lambda. Re-architect the reporting module to use Amazon Kinesis Data Analytics.

B : the Amazon CodeGuru service to optimize the codebase of the reporting module. Create a new global secondary index (GSI) in the DynamoDB table to improve the performance of the queries. Increase the allocated RCU of the table. Disable the Amazon DynamoDB streams and refactor the Lambda functions to directly query from the table. Refactor the reporting module to use Amazon Kinesis Data Analytics.

C : eate a new local secondary index (LSI) in the DynamoDB table to improve the performance of the queries. Double the allocated RCU of the table. Refactor the Lambda functions to directly query from the table and disable the DynamoDB streams. Increase the concurrency limits of each Lambda function to avoid throttling errors and set the ParallelizationFactor to 10. Re-architect the reporting module to use Amazon Kinesis Data Analytics.

D : lete all of the Lambda functions and move all of the processing on an Amazon ECS Cluster with Auto Scaling enabled using AWS App Runner. Set up AWS Glue to consume the DynamoDB stream which will be processed by ECS. Re-factor the reporting module to use Amazon Kinesis Data Analytics.

Answer: A

Question 3

A company manages multiple AWS accounts in AWS Organizations. The company's security policy states that AWS account root user credentials for member accounts must not be used. The company monitors access to the root user credentials. A recent alert shows that the root user in a member account launched an Amazon EC2 instance. A DevOps engineer must create an SCP at the organization's root level that will prevent the root user in member accounts from making any AWS service API calls. Which SCP will meet these requirements?

A : "Version": "2012-10-17","Statement": ["Effect": "Allow","Action": "N"Resource":"","Condition": {"StringNotLike": "aws: PrincipalArn": "arn: aws:iam::*:root"

B : "Version": "2012-10-17","Statement": [{"Effect": "Deny","Action": "*","Resource": "*""Principal": { "AWS": arn:aws: iam::*:root"}

C : 1"Version": "2012-10-17","Statement": [{"Effect": "Deny","Action":"","Resource": "*","Condition": {"StringLike": "aws: PrincipalArn": "arn:aws:iam::*:root" }

D : "Version": "2012-10-17","Statement": [f"Effect": "Allow","Action":"Resource":"Principal": "root"

Answer: D

Question 4

You have developed an app that lets users quickly upload and share image snippets across various platforms such as mobile app, desktop web browser, and third party instant messaging apps. Your app relies on a Lambda function that detects each request’s User-Agent and automatically sends a corresponding image resolution based on the device. You want to have a consistent and fast experience for all your users around the world.

Which of the following options will you implement?

A : load your function on S3 and set it as CloudFront origin to run it.

B : ploy your function on Amazon API Gateway and set up an Edge-optimized API endpoint.

C : eate your function on Lambda and deploy it with Lambda@Edge.

D : eate your function on AWS Lambda and set it as a CloudFront origin.

Answer: C

Question 5

A company’s EC2 fleet must maintain up-to-date security patches and compliance reporting. Which solution meets these requirements?

A : Use Systems Manager Patch Manager with AWS Config compliance rules and automation documents.

B : SSH into each instance manually.

C : Rebuild instances in Auto Scaling groups with latest AMIs.

D : Use CloudFormation redeployment for every patch.

Answer: A