Free Amazon DOP-C02 Exam Questions

Question 1

A company has an on-premises application that is written in Go. A DevOps engineer must move the application to AWS. The company's development team wants to enable blue/green deployments and perform A/B testing.

Which solution will meet these requirements?

A : ploy the application on an Amazon EC2 instance, and create an AMI of the instance. Use the AMI to create an automatic scaling launch configuration that is used in an Auto Scaling group. Use Elastic Load Balancing to distribute traffic. When changes are made to the application, a new AMI will be created, which will initiate an EC2 instance refresh.

B : Amazon Lightsail to deploy the application. Store the application in a zipped format in an Amazon S3 bucket. Use this zipped version to deploy new versions of the application to Lightsail. Use Lightsail deployment options to manage the deployment.

C : AWS CodeArtifact to store the application code. Use AWS CodeDeploy to deploy the application to a fleet of Amazon EC2 instances. Use Elastic Load Balancing to distribute the traffic to the EC2 instances. When making changes to the application, upload a new version to CodeArtifact and create a new CodeDeploy deployment.

D : AWS Elastic Beanstalk to host the application. Store a zipped version of the application in Amazon S3. Use that location to deploy new versions of the application. Use Elastic Beanstalk to manage the deployment options

Answer: D

Question 2

A company uses Amazon Redshift as its data warehouse solution. The company wants to create a dashboard to view changes to the Redshift users and the queries the users perform. Which combination of steps will meet this requirement? (Select TWO.)

A : Create an Amazon CloudWatch log group. Create an AWS CloudTrail trail that writes to the CloudWatch log group.

B : Create a new Amazon S3 bucket. Configure default audit logging on the Redshift cluster. Configure the S3 bucket as the target.

C : Configure the Redshift cluster database audit logging to include user activity logs. Configure Amazon CloudWatch as the target.

D : Create an Amazon CloudWatch dashboard that has a log widget. Configure the widget to display user details from the Redshift logs.

E : Create an AWS Lambda function that uses Amazon Athena to query the Redshift logs. Create an Amazon CloudWatch dashboard that has a custom widget type that uses the Lambda function.

Answer: B,D

Question 3

A leading media company has recently moved its .NET web application from its on-premises network to AWS Elastic Beanstalk for easier deployment and management. An Amazon S3 bucket stores static contents such as PDF files, images, videos, and the likes. An Amazon DynamoDB table stores all of the data of the application. The company has recently launched a series of global marketing campaigns that resulted in unpredictable spikes of incoming traffic. Upon checking, the Operations team discovered that over 80% of the traffic is just duplicate read requests.

As a DevOps Engineer, how can you improve the application's performance for its users around the world?

A : Lambda@Edge to cache the images stored in the S3 bucket. Use DynamoDB Accelerator (DAX) to cache repeated read requests on the web application.

B : che the images stored in the S3 bucket using the AWS Elemental MediaPackage. Set up a distributed cache layer using an ElastiCache for Memcached Cluster to serve the repeated read requests on the web application.

C : eate a CloudFront web distribution to cache images stored in the S3 bucket. Use DynamoDB Accelerator (DAX) to cache repeated read requests on the web application.

D : che the images stored in the S3 bucket using the AWS Elemental MediaStore. Set up a distributed cache layer using an ElastiCache for Redis Cluster to serve the repeated read requests on the web application.

Answer: C

Question 4

A company uses an Amazon Elastic Kubernetes Service (Amazon EKS) cluster to deploy its web applications on containers. The web applications contain confidential data that cannot be decrypted without specific credentials.

A DevOps engineer has stored the credentials in AWS Secrets Manager. The secrets are encrypted by an AWS Key Management Service (AWS KMS) customer managed key. A Kubernetes service account for a third-party tool makes the secrets available to the applications. The service account assumes an IAM role that the company created to access the secrets.

The service account receives an Access Denied (403 Forbidden) error while trying to retrieve the secrets from Secrets Manager.

What is the root cause of this issue?

A : The IAM role that is attached to the EKS cluster does not have access to retrieve the secrets from Secrets Manager.

B : The key policy for the customer managed key does not allow the Kubernetes service account IAM role to use the key.

C : The key policy for the customer managed key does not allow the EKS cluster IAM role to use the key.

D : The IAM role that is assumed by the Kubernetes service account does not have permission to access the EKS cluster.

Answer: B

Question 5

A DevOps engineer must implement a solution that immediately terminates Amazon EC2 instances in Auto Scaling groups when cryptocurrency mining activity is detected. Which solution will meet these requirements with the LEAST development effort?

A : Configure Amazon Route 53 query logs # CloudWatch # Lambda every 5 mins to detect mining-related domains and terminate EC2 instances.

B : Configure VPC Flow Logs # S3 # Lambda every 5 mins # Athena query # terminate EC2 instances.

C : Enable Amazon GuardDuty. Monitor EC2 findings. Create an EventBridge rule triggered by GuardDuty. Invoke a Lambda function that terminates the affected EC2 instances.

D : Enable AWS Security Hub. Monitor EC2 findings. Create an EventBridge rule triggered by SecurityHub. Invoke Lambda to terminate EC2 instances.

Answer: C