Free Amazon DOP-C02 Exam Questions

Question 1

A DevOps engineer is creating a CI/CD pipeline to build container images. The engineer needs to store container images in Amazon Elastic Container Registry (Amazon ECR) and scan the images for common vulnerabilities. The CI/CD pipeline must be resilient to outages in upstream source container image repositories. Which solution will meet these requirements?

A : Create an ECR private repository in the private registry to store the container images and scan images when images are pushed to the repository. Configure a replication rule in the private registry to replicate images from upstream repositories.

B : Create an ECR public repository in the public registry to cache images from upstream source repositories. Create an ECR private repository to store images. Configure the private repository to scan images when images are pushed to the repository.

C : Create an ECR public repository in the public registry. Configure a pull through cache rule for the repository. Create an ECR private repository to store images. Configure the ECR private registry to perform basic scanning.

D : Create an ECR private repository in the private registry to store the container images. Enable basic scanning for the private registry, and create a pull through cache rule.

Answer: C

Question 2

A company has many applications. Different teams in the company developed the applications by using multiple languages and frameworks. The applications run on premises and on different servers with different operating systems. Each team has its own release protocol and process. The company wants to reduce the complexity of the release and maintenance of these applications.

The company is migrating its technology stacks, including these applications, to AWS. The company wants centralized control of source code, a consistent and automatic delivery pipeline, and as few maintenance tasks as possible on the underlying infrastructure.

What should a DevOps engineer do to meet these requirements?

A : eate one AWS CodeCommit repository for all applications. Put each application's code in a different branch. Merge the branches, and use AWS CodeBuild to build the applications. Use AWS CodeDeploy to deploy the applications to one centralized application server.

B : eate one AWS CodeCommit repository for each of the applications. Use AWS CodeBuild to build the applications one at a time. Use AWS CodeDeploy to deploy the applications to one centralized application server.

C : eate one AWS CodeCommit repository for each of the applications. Use AWS CodeBuild to build the applications one at a time and to create one AMI for each server. Use AWS CloudFormation StackSets to automatically provision and decommission Amazon EC2 fleets by using these AMIs.

D : eate one AWS CodeCommit repository for each of the applications. Use AWS CodeBuild to build one Docker image for each application in Amazon Elastic Container Registry (Amazon ECR). Use AWS CodeDeploy to deploy the applications to Amazon Elastic Container Service (Amazon ECS) on infrastructure that AWS Fargate manages

Answer: D

Question 3

A multinational corporation has multiple AWS accounts that are consolidated using AWS Organizations. For security purposes, a new system should be configured that automatically detects suspicious activities in any of its accounts, such as SSH brute force attacks or compromised EC2 instances that serve malware. All of the gathered information must be centrally stored in its dedicated security account for audit purposes, and the events should be stored in an S3 bucket.

As a DevOps Engineer, which solution should you implement in order to meet this requirement?

A : tomatically detect SSH brute force or malware attacks by enabling Amazon GuardDuty in the security account only. Set up the security account as the GuardDuty Administrator for every member account. Create a new CloudWatch rule in the security account. Configure the rule to send all findings to Amazon Kinesis Data Streams. Launch a custom shell script in Lambda function to read data from the Kinesis Data Streams and push them to the S3 bucket.

B : tomatically detect SSH brute force or malware attacks by enabling Amazon Macie in every account. Set up the security account as the Macie Administrator for every member account of the organization. Create an Amazon CloudWatch Events rule in the security account. Configure the rule to send all findings to Amazon Kinesis Data Firehose, which should push the findings to an Amazon S3 bucket.

C : tomatically detect SSH brute force or malware attacks by enabling Amazon Macie in the security account only. Configure the security account as the Macie Administrator for every member account. Set up a new CloudWatch Events rule in the security account. Configure the rule to send all findings to Amazon Kinesis Data Streams. Launch a custom shell script in Lambda function to read data from the Kinesis Data Streams and push them to the S3 bucket.

D : tomatically detect SSH brute force or malware attacks by enabling Amazon GuardDuty in every account. Configure the security account as the GuardDuty Administrator for every member of the organization. Set up a new CloudWatch rule in the security account. Configure the rule to send all findings to Amazon Kinesis Data Firehose, which will push the findings to the S3 bucket.

Answer: D

Question 4

A DevOps engineer must implement a solution that immediately terminates Amazon EC2 instances in Auto Scaling groups when cryptocurrency mining activity is detected. Which solution will meet these requirements with the LEAST development effort?

A : Configure Amazon Route 53 query logs # CloudWatch # Lambda every 5 mins to detect mining-related domains and terminate EC2 instances.

B : Configure VPC Flow Logs # S3 # Lambda every 5 mins # Athena query # terminate EC2 instances.

C : Enable Amazon GuardDuty. Monitor EC2 findings. Create an EventBridge rule triggered by GuardDuty. Invoke a Lambda function that terminates the affected EC2 instances.

D : Enable AWS Security Hub. Monitor EC2 findings. Create an EventBridge rule triggered by SecurityHub. Invoke Lambda to terminate EC2 instances.

Answer: C

Question 5

A company has a web application that is hosted on Amazon EC2 instances. The company is deploying the application into multiple AWS Regions. The application consists of dynamic content such as WebSocket-based real-time product updates. The company uses Amazon Route 53 to manage all DNS records. Which solution will provide multi-Region access to the application with the LEAST latency?

A : Deploy an Application Load Balancer (ALB) in front of the EC2 instances in each Region. Create a Route 53 A record with a latency-based routing policy. Add IP addresses of the ALBs as the value of the record.

B : Deploy an Application Load Balancer (ALB) in front of the EC2 instances in each Region. Deploy an Amazon CloudFront distribution with an origin group that contains the ALBs as origins. Create a Route 53 alias record that points to the CloudFront distribution's DNS address.

C : Deploy a Network Load Balancer (NLB) in front of the EC2 instances in each Region. Create a Route 53 A record with a multivalue answer routing policy. Add IP addresses of the NLBs as the value of the record.

D : Deploy a Network Load Balancer (NLB) in front of the EC2 instances in each Region. Deploy an AWS Global Accelerator standard accelerator with an endpoint group for each NLB. Create a Route 53 alias record that points to the accelerator's DNS address.

Answer: A