Free Amazon DOP-C02 Exam Questions

Question 1

A company runs an Amazon EKS cluster and must implement comprehensive logging for the control plane and nodes. The company must analyze API requests and monitor container performance. Which solution will meet these requirements with the LEAST operational overhead?

A : Enable AWS CloudTrail for control plane logging and deploy Logstash on nodes.

B : Enable control plane logging to CloudWatch and use CloudWatch Container Insights for node and pod metrics.

C : Enable API server logging to S3 and deploy Kubernetes Event Exporter to nodes.

D : Use AWS Distro for OpenTelemetry and stream logs to Amazon Redshift.

Answer: B

Question 2

A company is developing a web application that runs on Amazon EC2 Linux instances. The application requires monitoring of custom performance metrics. The company must collect metrics for API response times and database query latency across multiple instances. Which solution will generate the custom metrics with the LEAST operational overhead?

A : Install the Amazon CloudWatch agent on the instances. Configure the agent to collect the custom metrics. Instrument the application to send the metrics to the agent.

B : Use Amazon Managed Service for Prometheus to scrape the custom metrics from the application. Use the Amazon CloudWatch agent to forward the metrics to CloudWatch.

C : Create a custom AWS Lambda function that polls the application endpoints and database at regular intervals. Program the Lambda function to calculate the custom metrics and to send the metrics to Amazon CloudWatch by using PutMetricData API calls.

D : Implement custom logging in the application code to record the custom metrics. Use Amazon CloudWatch Logs Insights to extract and analyze the metrics.

Answer: A

Question 3

A multinational insurance firm has recently consolidated its multiple AWS accounts using AWS Organizations with several Organizational units (OUs) that group each department of the firm. Their IT division consists of two teams: the DevOps team and the Release & Deployment team. The first one is responsible for protecting its cloud infrastructure and ensuring that all of its AWS resources are compliant, while the latter is responsible for deploying new applications to AWS Cloud. The DevOps team has been instructed to set up a system that regularly checks if all of the running EC2 instances are using an approved AMI. However, the solution should not stop the Release & Deployment team from deploying an EC2 instance running on a non-approved AMI for their release process. The DevOps team must build a notification system that sends the compliance state of the AWS resources to improve and maintain the security of their cloud resources.

Which of the following is the MOST suitable solution that the DevOps team should implement?

A : t up an AWS Config Managed Rule and specify a list of approved AMI IDs. Modify the rule to check whether the running Amazon EC2 instances are using specified AMIs. Configure AWS Config to stream configuration changes and notifications to an Amazon SNS topic which will send a notification to both teams for non-compliant instances.

B : rify whether the running EC2 instances in your VPCs are using approved AMIs using Trusted Advisor checks. Set up a CloudWatch alarm and integrate it with the Trusted Advisor metrics that will check all of the AMIs being used by your Amazon EC2 instances and that will send a notification to both teams if there is a running instance which uses an unapproved AMI.

C : tomatically check all of the AMIs that are being used by your EC2 instances using the Amazon Inspector service. Use an SNS topic that will send a notification to both the DevOps and Release & Deployment teams if there is a non-compliant EC2 instance running in their VPCs.

D : ign a Service Control Policy and an IAM policy that restricts the AWS accounts and the development team from launching an EC2 instance using an unapproved AMI. Set up a CloudWatch alarm that will automatically notify the DevOps team if there are non-compliant EC2 instances running in their VPCs.

Answer: A

Question 4

A DevOps engineer needs to configure an AWS CodePipeline pipeline that publishes container images to an Amazon ECR repository. The pipeline must wait for the previous run to finish and must run when new Git tags are pushed to a Git repository connected to AWS CodeConnections. An existing deployment pipeline must run in response to new container image publications. Which solution will meet these requirements?

A : Configure a CodePipeline V2 type pipeline that uses QUEUED mode. Add a trigger filter to the pipeline definition that includes all tags. Configure an EventBridge rule that matches container image pushes to start the existing deployment pipeline.

B : Configure a CodePipeline V2 type pipeline that uses SUPERSEDED mode. Add a trigger filter to the pipeline definition that includes all branches. Configure an EventBridge rule that matches container image pushes to start the existing deployment pipeline.

C : Configure a CodePipeline V1 type pipeline that uses SUPERSEDED mode. Add a trigger filter to the pipeline definition that includes all tags. Add a stage at the end of the pipeline to invoke the existing deployment pipeline.

D : Configure a CodePipeline V1 type pipeline that uses QUEUED mode. Add a trigger filter to the pipeline definition that includes all branches. Add a stage at the end of the pipeline to invoke the existing deployment pipeline.

Answer: A

Question 5

A SaaS company uses ECS (Fargate) behind an ALB and CodePipeline + CodeDeploy for blue/green deployments. They need automatic, incremental traffic shifting over time with no downtime. Which solution will meet these requirements?

A : Use TimeBasedLinear in appspec.yaml with defined percentage and interval.

B : Use AllAtOnce deployment configuration.

C : Use TimeBasedCanary.

D : Configure weighted routing on ALB manually.

Answer: A