Free Amazon DOP-C02 Exam Questions

Question 1

A company wants to use AWS Systems Manager documents to bootstrap physical laptops for developers. The bootstrap code is stored in GitHub. A DevOps engineer has already created a Systems Manager activation, installed the Systems Manager agent with the registration code, and installed an activation ID on all the laptops.

Which set of steps should be taken next?

A : Configure the Systems Manager document to use the AWS-RunShellScript command to copy the files from GitHub to Amazon S3, then use the aws-downloadContent plugin with a sourceType of S3.

B : Configure the Systems Manager document to use the aws-configurePackage plugin with an install action and point to the Git repository.

C : Configure the Systems Manager document to use the aws-downloadContent plugin with a sourceType of GitHub and sourceInfo with the repository details.

D : Configure the Systems Manager document to use the aws:softwareInventory plugin and run the script from the Git repository.

Answer: C

Question 2

A company has developed a serverless web application that is hosted on AWS. The application consists of Amazon S3. Amazon API Gateway, several AWS Lambda functions, and an Amazon RDS for MySQL database. The company is using AWS CodeCommit to store the source code. The source code is a combination of AWS Serverless Application Model (AWS SAM) templates and Python code.

A security audit and penetration test reveal that user names and passwords for authentication to the database are hardcoded within CodeCommit repositories. A DevOps engineer must implement a solution to automatically detect and prevent hardcoded secrets.

What is the MOST secure solution that meets these requirements?

A : able Amazon CodeGuru Profiler. Decorate the handler function with @with_lambda_profiler(). Manually review the recommendation report. Write the secret to AWS Systems Manager Parameter Store as a secure string. Update the SAM templates and the Python code to pull the secret from Parameter Store.

B : ociate the CodeCommit repository with Amazon CodeGuru Reviewer. Manually check the code review for any recommendations. Choose the option to protect the secret. Update the SAM templates and the Python code to pull the secret from AWS Secrets Manager.

C : able Amazon CodeGuru Profiler. Decorate the handler function with @with_lambda_profiler(). Manually review the recommendation report. Choose the option to protect the secret. Update the SAM templates and the Python code to pull the secret from AWS Secrets Manager.

D : ociate the CodeCommit repository with Amazon CodeGuru Reviewer. Manually check the code review for any recommendations. Write the secret to AWS Systems Manager Parameter Store as a string. Update the SAM templates and the Python code to pull the secret from Parameter Store.

Answer: B

Question 3

You have developed a custom web dashboard for your company that shows all instances running on AWS including the instance details. The web app relies on a DynamoDB table that will be updated whenever a new instance is created or terminated. You have several auto scaling groups of EC2 instances and you want to have an effective way of updating the DynamoDB table whenever a new instance is created or terminated.

Which of the following steps will you implement?

A : eate a custom script that runs on the instances that will run on scale-in and scale-out events to update the DynamoDB table with the necessary details.

B : nfigure a CloudWatch Events target to your auto scaling group that will trigger a Lambda function when a lifecycle action occurs. Configure the function to update the DynamoDB table with the necessary instance details.

C : nfigure a CloudWatch alarm that will monitor the number of instances on your auto scaling group and trigger a Lambda function to update the DynamoDB table with the necessary details.

D : fine a Lambda function as a notification target for the lifecycle hook for the auto scaling group. In the event of a scale-out or scale-in, the lifecycle hook will trigger the Lambda function to update the DynamoDB table with the necessary details.

Answer: B

Question 4

A company has multiple development teams in different business units that work in a shared single AWS account All Amazon EC2 resources that are created in the account must include tags that specify who created the resources. The tagging must occur within the first hour of resource creation. A DevOps engineer needs to add tags to the created resources that Include the user ID that created the resource and the cost center ID The DevOps engineer configures an AWS Lambda function With the cost center mappings to tag the resources. The DevOps engineer also sets up AWS CloudTrail in the AWS account. An Amazon S3 bucket stores the CloudTrail event logs Which solution will meet the tagging requirements?

A : Create an S3 event notification on the S3 bucket to invoke the Lambda function for s3.ObJectTagging:Put events. Enable bucket versioning on the S3 bucket.

B : Enable server access logging on the S3 bucket. Create an S3 event notification on the S3 bucket for s3. ObjectTaggIng.• events

C : Create a recurring hourly Amazon EventBridge scheduled rule that invokes the Larnbda function. Modify the Lambda function to read the logs from the S3 bucket

D : Create an Amazon EventBridge rule that uses Amazon EC2 as the event source. Configure the rule to match events delivered by CloudTraiI. Configure the rule to target the Lambda function

Answer: D

Question 5

You are working on a web application that allows designers to create mobile themes for their android phones. The app is hosted on a cluster of Auto Scaling ECS instances and its deployments are handled by AWS CodeDeploy. ALB health checks are not sufficient to tell that new version deployments are successful, rather you have custom validation scripts that verify all APIs of the application. You want to make sure that there are no 5XX error replies on the new version before continuing production deployment and that you are notified via email if results failed. You also want to configure automatic rollback to the older version when the validation fails.

Which combination of options should you implement to meet this requirement? (Select THREE.)

A : ociate CloudWatch Alarms to your deployment group to have it trigger a rollback when the 5xx error alarm is active.

B : eate your validation scripts on AWS Lambda and invoke them after deployment to validate your new app version.

C : ve AWS CloudWatch Alarms trigger an AWS SNS notification when the threshold for 5xx is reached on CloudWatch.

D : ve Lambda send results to AWS CloudWatch Alarms directly and trigger a rollback when 5xx reply errors are received during deployment.

E : ve AWS Lambda trigger an AWS SNS notification after performing the validation of the new app revision.

F : eate your validation scripts on AWS Lambda and define the functions on the AppSpec lifecycle hook to validate the app using test traffic.

Answer: A,C