Free Amazon DOP-C02 Exam Questions

Question 1

A DevOps engineer has been tasked to implement a reliable solution to maintain all of their Windows and Linux servers both in AWS and in on-premises data center. There should be a system that allows them to easily update the operating systems of their servers and apply the core application patches with minimum management overhead. The patches must be consistent across all levels in order to meet the company’s security compliance.

Which of the following is the MOST suitable solution that you should implement?

A : Store the login credentials of each Linux and Windows servers on the AWS Systems Manager Parameter Store. Use Systems Manager Resource Groups to set up one group for your Linux servers and another one for your Windows servers. Remotely login, run, and deploy the patch updates to all of your servers using the credentials stored in the Systems Manager Parameter Store and through the use of the Systems Manager Run Command.

B : velop a custom python script to install the latest OS patches on the Linux servers. Set up a scheduled job to automatically run this script using the cron scheduler on Linux servers. Enable Windows Update in order to automatically patch Windows servers or set up a scheduled task using Windows Task Scheduler to periodically run the python script.

C : Configure and install the AWS OpsWorks agent on all of your EC2 instances in your VPC and your on-premises servers. Set up an OpsWorks stack with separate layers for each OS then fetch a recipe from the Chef supermarket site (supermarket.chef.io) to automate the execution of the patch commands for each layer during maintenance windows.

D : nfigure and install AWS Systems Manager agent on all of the EC2 instances in your VPC as well as your physical servers on-premises. Use the Systems Manager Patch Manager service and specify the required Systems Manager Resource Groups for your hybrid architecture. Utilize a preconfigured patch baseline and then run scheduled patch updates during maintenance windows.

Answer: D

Question 2

A leading game development company is planning to host its latest video game on AWS. It is expected that there will be millions of users around the globe that will play the game. The architecture should allow players to send or receive data on the backend in real-time for a better gaming experience. The application libraries and user data of the game must also comply with the data residency requirement wherein all files must remain in the same region. CodeCommit, CodeBuild, CodeDeploy, and CodePipeline should be utilized to build the CI/CD process.

As a DevOps Engineer, which of the following is the MOST suitable and efficient solution that you should implement to satisfy this requirement?

A : eate a new pipeline using AWS CodePipeline and a CodeCommit repository as the source on multiple AWS regions. Configure the repository of the pipeline for each region to trigger the build and deployment actions whenever there is a new code update. The pipeline will automatically store output files on a default artifact bucket on each region.

B : eate a new pipeline using AWS CodePipeline and a CodeCommit repository as the source in your primary AWS region. Set a CodeBuild test action to run the automated unit and integration tests. Configure the repository to trigger the build and deployment actions whenever there is a new code update. Using the AWS Management Console, set up the pipeline to use cross-region actions that will run the build and deployment actions to other regions. Manually configure the pipeline to automatically store output files on a single S3 bucket.

C : eate a new pipeline using AWS CodePipeline and a CodeCommit repository as the source in your primary AWS region. Configure the repository to trigger the build and deployment actions whenever there is a new code update. Using the AWS Management Console, set up the pipeline to use cross-region actions that will run the build and deployment actions to other regions. The pipeline will automatically store output files on a default artifact bucket on each region.

D : eate a new pipeline using AWS CodePipeline and a CodeCommit repository as the source in your primary AWS region. Configure the repository to trigger the build and deployment actions whenever there is a new code update. Using the AWS Management Console, set up the pipeline to use cross-AZ actions that will run the build and deployment actions to other Availability Zones. The pipeline will automatically store output files on a default artifact bucket on each AZ.

Answer: C

Question 3

A JavaScript-based online salary calculator hosted on-premises is slated to be migrated to AWS. The application has no server-side code and is just composed of a UI powered by Vue.js and Bootstrap. Since the online calculator may contain sensitive financial data, adding HTTP response headers such as X-Content-Type-Options, X-Frame-Options and X-XSS-Protection should be implemented to comply with the Open Web Application Security Project (OWASP) standards.

Which of the following is the MOST suitable solution that you should implement?

A : t the application on an S3 bucket configured for website hosting then set up server access logging on the Amazon S3 bucket to track user activity. Enable Amazon S3 client-side encryption and configure it to return the required security headers.

B : t the application on an S3 bucket configured for website hosting then set up server access logging on the S3 bucket to track user activity. Configure the bucket policy of the S3 bucket to return the required security headers.

C : t the application on an S3 bucket configured for website hosting. Set up a CloudFront web distribution and set the S3 bucket as the origin. Set a custom Request and Response Behavior in CloudFront that automatically adds the required security headers in the HTTP response.

D : t the application on an S3 bucket configured for website hosting. Set up a CloudFront web distribution and set the S3 bucket as the origin with the origin response event set to trigger a Lambda@Edge function. Add the required security headers in the HTTP response using the Lambda function.

Answer: D

Question 4

A company’s DevOps engineer is working in a multi-account environment. The company uses AWS Transit Gateway to route all outbound traffic through a network operations account. In the network operations account, all account traffic passes through a firewall appliance for inspection before the traffic goes to an internet gateway.

The firewall appliance sends logs to Amazon CloudWatch Logs and includes event severities of CRITICAL, HIGH, MEDIUM, LOW, and INFO. The security team wants to receive an alert if any CRITICAL events occur.

What should the DevOps engineer do to meet these requirements?

A : eate an Amazon CloudWatch Synthetics canary to monitor the firewall state. If the firewall reaches a CRITICAL state or logs a CRITICAL event, use a CloudWatch alarm to publish a notification to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the security team’s email address to the topic.

B : eate an Amazon CloudWatch metric filter by using a search for CRITICAL events. Publish a custom metric for the finding. Use a CloudWatch alarm based on the custom metric to publish a notification to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the security team’s email address to the topic.

C : able Amazon GuardDuty in the network operations account. Configure GuardDuty to monitor flow logs. Create an Amazon EventBridge event rule that is invoked by GuardDuty events that are CRITICAL. Define an Amazon Simple Notification Service (Amazon SNS) topic as a target. Subscribe the security team’s email address to the topic.

D : AWS Firewall Manager to apply consistent policies across all accounts. Create an Amazon EventBridge event rule that is invoked by Firewall Manager events that are CRITICAL. Define an Amazon Simple Notification Service (Amazon SNS) topic as a target. Subscribe the security team’s email address to the topic.

Answer: B

Question 5

A government agency is planning to launch a distributed system in AWS that processes thousands of transactions every day. The agency purchased a proprietary software with 100 licenses, which can be used by a maximum of 100 application servers. A DevOps Engineer needs to set up an automated solution that dynamically allocates the software licenses to the application servers. The Engineer also needs to provide a way to see the list of available licenses that are not in use.

Which of the following options below is the MOST suitable way to accomplish this task?

A : epare a CloudFormation template that uses an Auto Scaling group to launch the EC2 instances with an associated lifecycle hook for Instance Terminate. Store the 100 license codes to AWS Certificate Manager (ACM). Pull an available license from ACM using the User Data script of the instance upon launch. Use the lifecycle hook to update the license mapping after the instance is terminated.

B : epare a CloudFormation template that uses an Auto Scaling group to launch the EC2 instances with an associated lifecycle hook for Instance Terminate. Store the 100 license codes to a public S3 bucket. Pull an available license from the bucket using the User Data script of the instance upon launch. Use the lifecycle hook to update the license mapping after the instance is terminated.

C : epare a CloudFormation template that uses an Auto Scaling group to launch the EC2 instances with an associated lifecycle hook for Instance Terminate. Store the 100 license codes to a DynamoDB table. Pull an available license from the DynamoDB table using the User Data script of the instance upon launch. Use the lifecycle hook to update the license mapping after the instance is terminated.

D : epare a CloudFormation template that uses an Auto Scaling group to launch the EC2 instances. Store the 100 license codes to AWS Systems Manager Parameter Store. Pull an available license from the Systems manager using the instance metadata script of the instance upon launch. Configure the metadata script to update the license mapping after the instance is terminated.

Answer: C