Free Amazon DOP-C02 Exam Questions

Question 1

A company uses Amazon Redshift as its data warehouse solution. The company wants to create a dashboard to view changes to the Redshift users and the queries the users perform. Which combination of steps will meet this requirement? (Select TWO.)

A : Create an Amazon CloudWatch log group. Create an AWS CloudTrail trail that writes to the CloudWatch log group.

B : Create a new Amazon S3 bucket. Configure default audit logging on the Redshift cluster. Configure the S3 bucket as the target.

C : Configure the Redshift cluster database audit logging to include user activity logs. Configure Amazon CloudWatch as the target.

D : Create an Amazon CloudWatch dashboard that has a log widget. Configure the widget to display user details from the Redshift logs.

E : Create an AWS Lambda function that uses Amazon Athena to query the Redshift logs. Create an Amazon CloudWatch dashboard that has a custom widget type that uses the Lambda function.

Answer: B,D

Question 2

A company’s DevOps engineer is working in a multi-account environment. The company uses AWS Transit Gateway to route all outbound traffic through a network operations account. In the network operations account, all account traffic passes through a firewall appliance for inspection before the traffic goes to an internet gateway.

The firewall appliance sends logs to Amazon CloudWatch Logs and includes event severities of CRITICAL, HIGH, MEDIUM, LOW, and INFO. The security team wants to receive an alert if any CRITICAL events occur.

What should the DevOps engineer do to meet these requirements?

A : eate an Amazon CloudWatch Synthetics canary to monitor the firewall state. If the firewall reaches a CRITICAL state or logs a CRITICAL event, use a CloudWatch alarm to publish a notification to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the security team’s email address to the topic.

B : eate an Amazon CloudWatch metric filter by using a search for CRITICAL events. Publish a custom metric for the finding. Use a CloudWatch alarm based on the custom metric to publish a notification to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the security team’s email address to the topic.

C : able Amazon GuardDuty in the network operations account. Configure GuardDuty to monitor flow logs. Create an Amazon EventBridge event rule that is invoked by GuardDuty events that are CRITICAL. Define an Amazon Simple Notification Service (Amazon SNS) topic as a target. Subscribe the security team’s email address to the topic.

D : AWS Firewall Manager to apply consistent policies across all accounts. Create an Amazon EventBridge event rule that is invoked by Firewall Manager events that are CRITICAL. Define an Amazon Simple Notification Service (Amazon SNS) topic as a target. Subscribe the security team’s email address to the topic.

Answer: B

Question 3

A DevOps engineer is creating a CI/CD pipeline to build container images. The engineer needs to store container images in Amazon Elastic Container Registry (Amazon ECR) and scan the images for common vulnerabilities. The CI/CD pipeline must be resilient to outages in upstream source container image repositories. Which solution will meet these requirements?

A : Create an ECR private repository in the private registry to store the container images and scan images when images are pushed to the repository. Configure a replication rule in the private registry to replicate images from upstream repositories.

B : Create an ECR public repository in the public registry to cache images from upstream source repositories. Create an ECR private repository to store images. Configure the private repository to scan images when images are pushed to the repository.

C : Create an ECR public repository in the public registry. Configure a pull through cache rule for the repository. Create an ECR private repository to store images. Configure the ECR private registry to perform basic scanning.

D : Create an ECR private repository in the private registry to store the container images. Enable basic scanning for the private registry, and create a pull through cache rule.

Answer: C

Question 4

A popular e-commerce website which has customers across the globe is hosted in the us-east-1 AWS region with a backup site in the us-west-1 region. Due to an unexpected regional outage in the us-east-1 region, the company initiated their disaster recovery plan and turned on the backup site. However, they discovered that the actual failover still entails several hours of manual effort to prepare and switch over the database. They also noticed that the database is missing up to three hours of data transactions when the regional outage happened. Which of the following solutions should the DevOps engineer implement which will improve the RTO and RPO of the website for the cross-region failover?

A : eate a snapshot every hour using Amazon RDS scheduled instance lifecycle events which will also allow you to monitor specific RDS events. Perform a cross-region snapshot copy into the us-west-1 backup region once the SnapshotCreateComplete event occurred. Create an Amazon CloudWatch Alert which will trigger an action to restore the Amazon RDS database snapshot in the backup region when the CPU Utilization metric of the RDS instance in CloudWatch falls to 0% for more than 15 minutes.

B : Step Functions with 2 Lambda functions that call the RDS API to create a snapshot of the database, create a cross-region snapshot copy, and restore the database instance from a snapshot in the backup region. Use CloudWatch Events to trigger the function to take a database snapshot every hour. Set up an SNS topic that will receive published messages from AWS Health API, RDS availability and other events that will trigger the Lambda function to create a cross-region snapshot copy. During failover, Configure the Lambda function to restore the database from a snapshot in the backup region.

C : Use an ECS cluster to host a custom python script that calls the RDS API to create a snapshot of the database, create a cross-region snapshot copy, and restore the database instance from a snapshot in the backup region. Create a scheduled job using CloudWatch Events that triggers the Lambda function to snapshot a database instance every hour. Set up an SNS topic that will receive published messages about AWS-initiated RDS events from Trusted Advisor that will trigger the function to create a cross-region snapshot copy. During failover, restore the database from a snapshot in the backup region.

D : nfigure an Amazon RDS Multi-AZ Deployment configuration and place the standby instance in the us-west-1 region. Set up the RDS option group to enable multi-region availability for native automation of cross-region recovery as well as for continuous data replication. Set up a notification system using Amazon SNS which is integrated with AWS Health API to monitor RDS-related systems events and notify the Operations team. In the actual failover where the primary database instance is down, RDS will automatically make the standby instance in the backup region as the primary instance.

Answer: B

Question 5

You have developed an app that lets users quickly upload and share image snippets across various platforms such as mobile app, desktop web browser, and third party instant messaging apps. Your app relies on a Lambda function that detects each request’s User-Agent and automatically sends a corresponding image resolution based on the device. You want to have a consistent and fast experience for all your users around the world.

Which of the following options will you implement?

A : load your function on S3 and set it as CloudFront origin to run it.

B : ploy your function on Amazon API Gateway and set up an Edge-optimized API endpoint.

C : eate your function on Lambda and deploy it with Lambda@Edge.

D : eate your function on AWS Lambda and set it as a CloudFront origin.

Answer: C