Free Amazon DOP-C02 Exam Questions

Question 1

A company runs an Amazon EKS cluster and must implement comprehensive logging for the control plane and nodes. The company must analyze API requests and monitor container performance. Which solution will meet these requirements with the LEAST operational overhead?

A : Enable AWS CloudTrail for control plane logging and deploy Logstash on nodes.

B : Enable control plane logging to CloudWatch and use CloudWatch Container Insights for node and pod metrics.

C : Enable API server logging to S3 and deploy Kubernetes Event Exporter to nodes.

D : Use AWS Distro for OpenTelemetry and stream logs to Amazon Redshift.

Answer: B

Question 2

A DevOps engineer is working on a project that is hosted on Amazon Linux and has failed a security review. The DevOps manager has been asked to review the company buildspec.yaml file for an AWS CodeBuild project and provide recommendations. The buildspec.yaml file is configured as follows:

What changes should be recommended to comply with AWS security best practices? (Choose three.)

A : a post-build command to remove the temporary files from the container before termination to ensure they cannot be seen by other CodeBuild users.

B : date the CodeBuild project role with the necessary permissions and then remove the AWS credentials from the environment variable.

C : ore the DB_PASSWORD as a SecureString value in AWS Systems Manager Parameter Store and then remove the DB_PASSWORD from the environment variables.

D : ve the environment variables to the ‘db-deploy-bucket’ Amazon S3 bucket, add a prebuild stage to download, then export the variables.

E : AWS Systems Manager run command versus scp and ssh commands directly to the instance.

F : ramble the environment variables using XOR followed by Base64, add a section to install, and then run XOR and Base64 to the build phase.

Answer: A,B,D

Question 3

A company uses AWS Control Tower and Organizations for a multi-account environment. It needs to create new accounts and ensure they receive a consistent baseline configuration. Which solution meets the requirement with the least overhead?

A : Use Account Factory Customization (AFC) blueprints for baseline setup.

B : Use Account Factory + StackSets post-setup.

C : Use Organizations with Lambda applying baseline via access role.

D : Use Organizations + StackSets manually.

Answer: A

Question 4