Free Amazon DOP-C02 Exam Questions

Question 1

A DevOps engineer is creating a CI/CD pipeline to build container images. The engineer needs to store container images in Amazon Elastic Container Registry (Amazon ECR) and scan the images for common vulnerabilities. The CI/CD pipeline must be resilient to outages in upstream source container image repositories. Which solution will meet these requirements?

A : Create an ECR private repository in the private registry to store the container images and scan images when images are pushed to the repository. Configure a replication rule in the private registry to replicate images from upstream repositories.

B : Create an ECR public repository in the public registry to cache images from upstream source repositories. Create an ECR private repository to store images. Configure the private repository to scan images when images are pushed to the repository.

C : Create an ECR public repository in the public registry. Configure a pull through cache rule for the repository. Create an ECR private repository to store images. Configure the ECR private registry to perform basic scanning.

D : Create an ECR private repository in the private registry to store the container images. Enable basic scanning for the private registry, and create a pull through cache rule.

Answer: C

Question 2

A company must encrypt all AMIs that the company shares across accounts. A DevOps engineer has access to a source account where an unencrypted custom AMI has been built. The DevOps engineer also has access to a target account where an Amazon EC2 Auto Scaling group will launch EC2 instances from the AMI. The DevOps engineer must share the AMI with the target account.

The company has created an AWS Key Management Service (AWS KMS) key in the source account.

Which additional steps should the DevOps engineer perform to meet the requirements? (Choose three.)

A : the source account, copy the unencrypted AMI to an encrypted AMI. Specify the KMS key in the copy action.

B : the source account, copy the unencrypted AMI to an encrypted AMI. Specify the default Amazon Elastic Block Store (Amazon EBS) encryption key in the copy action.

C : the source account, create a KMS grant that delegates permissions to the Auto Scaling group service-linked role in the target account.

D : the source account, modify the key policy to give the target account permissions to create a grant. In the target account, create a KMS grant that delegates permissions to the Auto Scaling group service-linked role

E : the source account, share the unencrypted AMI with the target account.

F : the source account, share the encrypted AMI with the target account.

Answer: A,D

Question 3

A DevOps engineer is supporting early-stage development for a developer platform running on Amazon EKS. Recently, the platform has experienced an increased rate of container restart failures. The DevOps engineer wants diagnostic information to isolate and resolve issues. Which solution will meet this requirement?

A : Configure CloudWatch dashboards using default EKS service metrics.

B : Configure AWS CloudTrail for the EKS cluster.

C : Configure CloudTrail Insights for the EKS cluster.

D : Configure Amazon CloudWatch Container Insights for the EKS cluster by enabling the CloudWatch Observability add-on.

Answer: D

Question 4

A SaaS company uses ECS (Fargate) behind an ALB and CodePipeline + CodeDeploy for blue/green deployments. They need automatic, incremental traffic shifting over time with no downtime. Which solution will meet these requirements?

A : Use TimeBasedLinear in appspec.yaml with defined percentage and interval.

B : Use AllAtOnce deployment configuration.

C : Use TimeBasedCanary.

D : Configure weighted routing on ALB manually.

Answer: A

Question 5

An enterprise resource planning application is hosted in an Auto Scaling group of EC2 instances behind an Application Load Balancer which uses an Amazon DynamoDB table as its data store. For the application’s reporting module, there are five Lambda functions which are reading from the DynamoDB Streams of the table to count the number of products, monitor the inventory, generate reports, move new items to a Kinesis Data Firehose for analytics, and many more. The operations team discovered that in peak times, the Lambda functions are getting a stream throttling error and some of the requests fail which affects the performance of the reporting module.

Which of the following is the MOST scalable and cost-effective solution with the LEAST amount of operational overhead?

A : factor your architecture to use Amazon Kinesis Adapter for real-time processing of streaming data at a massive scale instead of directly consuming the stream using Lambda. Re-architect the reporting module to use Amazon Kinesis Data Analytics.

B : the Amazon CodeGuru service to optimize the codebase of the reporting module. Create a new global secondary index (GSI) in the DynamoDB table to improve the performance of the queries. Increase the allocated RCU of the table. Disable the Amazon DynamoDB streams and refactor the Lambda functions to directly query from the table. Refactor the reporting module to use Amazon Kinesis Data Analytics.

C : eate a new local secondary index (LSI) in the DynamoDB table to improve the performance of the queries. Double the allocated RCU of the table. Refactor the Lambda functions to directly query from the table and disable the DynamoDB streams. Increase the concurrency limits of each Lambda function to avoid throttling errors and set the ParallelizationFactor to 10. Re-architect the reporting module to use Amazon Kinesis Data Analytics.

D : lete all of the Lambda functions and move all of the processing on an Amazon ECS Cluster with Auto Scaling enabled using AWS App Runner. Set up AWS Glue to consume the DynamoDB stream which will be processed by ECS. Re-factor the reporting module to use Amazon Kinesis Data Analytics.

Answer: A