Free Amazon DOP-C02 Exam Questions

Question 1

A DevOps engineer is creating a CI/CD pipeline to build container images. The engineer needs to store container images in Amazon Elastic Container Registry (Amazon ECR) and scan the images for common vulnerabilities. The CI/CD pipeline must be resilient to outages in upstream source container image repositories. Which solution will meet these requirements?

A : Create an ECR private repository in the private registry to store the container images and scan images when images are pushed to the repository. Configure a replication rule in the private registry to replicate images from upstream repositories.

B : Create an ECR public repository in the public registry to cache images from upstream source repositories. Create an ECR private repository to store images. Configure the private repository to scan images when images are pushed to the repository.

C : Create an ECR public repository in the public registry. Configure a pull through cache rule for the repository. Create an ECR private repository to store images. Configure the ECR private registry to perform basic scanning.

D : Create an ECR private repository in the private registry to store the container images. Enable basic scanning for the private registry, and create a pull through cache rule.

Answer: C

Question 2

A multinational corporation has multiple AWS accounts that are consolidated using AWS Organizations. For security purposes, a new system should be configured that automatically detects suspicious activities in any of its accounts, such as SSH brute force attacks or compromised EC2 instances that serve malware. All of the gathered information must be centrally stored in its dedicated security account for audit purposes, and the events should be stored in an S3 bucket.

As a DevOps Engineer, which solution should you implement in order to meet this requirement?

A : tomatically detect SSH brute force or malware attacks by enabling Amazon GuardDuty in the security account only. Set up the security account as the GuardDuty Administrator for every member account. Create a new CloudWatch rule in the security account. Configure the rule to send all findings to Amazon Kinesis Data Streams. Launch a custom shell script in Lambda function to read data from the Kinesis Data Streams and push them to the S3 bucket.

B : tomatically detect SSH brute force or malware attacks by enabling Amazon Macie in every account. Set up the security account as the Macie Administrator for every member account of the organization. Create an Amazon CloudWatch Events rule in the security account. Configure the rule to send all findings to Amazon Kinesis Data Firehose, which should push the findings to an Amazon S3 bucket.

C : tomatically detect SSH brute force or malware attacks by enabling Amazon Macie in the security account only. Configure the security account as the Macie Administrator for every member account. Set up a new CloudWatch Events rule in the security account. Configure the rule to send all findings to Amazon Kinesis Data Streams. Launch a custom shell script in Lambda function to read data from the Kinesis Data Streams and push them to the S3 bucket.

D : tomatically detect SSH brute force or malware attacks by enabling Amazon GuardDuty in every account. Configure the security account as the GuardDuty Administrator for every member of the organization. Set up a new CloudWatch rule in the security account. Configure the rule to send all findings to Amazon Kinesis Data Firehose, which will push the findings to the S3 bucket.

Answer: D

Question 3

The company's DevOps engineer discovered that the errors were caused by RDS connection limits being reached. The DevOps engineer also discovered that more than 90% of the API requests are GET requests that read from the DB cluster. How should the DevOps engineer solve this problem with the LEAST development effort?

A : Migrate from Amazon RDS to Amazon DynamoDB. Add an Amazon CloudFront distribution in front of the API Gateway REST API.

B : Add a proxy from Amazon RDS Proxy in front of the RDS DB cluster. Enable API caching in API Gateway.

C : Add an Amazon RDS Proxy in front of the RDS database cluster. Provision an Amazon ElastiCache (Redis OSS) cluster.

D : Migrate from Amazon RDS to Amazon DynamoDB. Enable API caching in API Gateway.

Answer: B

Question 4

A DevOps engineer needs to configure an AWS CodePipeline pipeline that publishes container images to an Amazon ECR repository. The pipeline must wait for the previous run to finish and must run when new Git tags are pushed to a Git repository connected to AWS CodeConnections. An existing deployment pipeline must run in response to new container image publications. Which solution will meet these requirements?

A : Configure a CodePipeline V2 type pipeline that uses QUEUED mode. Add a trigger filter to the pipeline definition that includes all tags. Configure an EventBridge rule that matches container image pushes to start the existing deployment pipeline.

B : Configure a CodePipeline V2 type pipeline that uses SUPERSEDED mode. Add a trigger filter to the pipeline definition that includes all branches. Configure an EventBridge rule that matches container image pushes to start the existing deployment pipeline.

C : Configure a CodePipeline V1 type pipeline that uses SUPERSEDED mode. Add a trigger filter to the pipeline definition that includes all tags. Add a stage at the end of the pipeline to invoke the existing deployment pipeline.

D : Configure a CodePipeline V1 type pipeline that uses QUEUED mode. Add a trigger filter to the pipeline definition that includes all branches. Add a stage at the end of the pipeline to invoke the existing deployment pipeline.

Answer: A

Question 5

A company has many applications. Different teams in the company developed the applications by using multiple languages and frameworks. The applications run on premises and on different servers with different operating systems. Each team has its own release protocol and process. The company wants to reduce the complexity of the release and maintenance of these applications.

The company is migrating its technology stacks, including these applications, to AWS. The company wants centralized control of source code, a consistent and automatic delivery pipeline, and as few maintenance tasks as possible on the underlying infrastructure.

What should a DevOps engineer do to meet these requirements?

A : eate one AWS CodeCommit repository for all applications. Put each application's code in a different branch. Merge the branches, and use AWS CodeBuild to build the applications. Use AWS CodeDeploy to deploy the applications to one centralized application server.

B : eate one AWS CodeCommit repository for each of the applications. Use AWS CodeBuild to build the applications one at a time. Use AWS CodeDeploy to deploy the applications to one centralized application server.

C : eate one AWS CodeCommit repository for each of the applications. Use AWS CodeBuild to build the applications one at a time and to create one AMI for each server. Use AWS CloudFormation StackSets to automatically provision and decommission Amazon EC2 fleets by using these AMIs.

D : eate one AWS CodeCommit repository for each of the applications. Use AWS CodeBuild to build one Docker image for each application in Amazon Elastic Container Registry (Amazon ECR). Use AWS CodeDeploy to deploy the applications to Amazon Elastic Container Service (Amazon ECS) on infrastructure that AWS Fargate manages

Answer: D