Free Amazon DOP-C02 Exam Questions

Question 1

A company runs a workload on Amazon EC2 instances. The company needs a control that requires the use of Instance Metadata Service Version 2 (IMDSv2) on all EC2 instances in the AWS account. If an EC2 instance does not prevent the use of Instance Metadata Service Version 1 (IMDSv1), the EC2 instance must be terminated. Which solution will meet these requirements?

A : Set up AWS Config in the account. Use a managed rule to check EC2 instances. Configure the rule to remediate the findings by using AWS Systems Manager Automation to terminate the instance.

B : Create a permissions boundary that prevents the ec2:Runlnstance action if the ec2:MetadataHttpTokens condition key is not set to a value of required. Attach the permissions boundary to the IAM role that was used to launch the instance.

C : Set up Amazon Inspector in the account. Configure Amazon Inspector to activate deep inspection for EC2 instances. Create an Amazon EventBridge rule for an Inspector2 finding. Set an AWS Lambda function as the target to terminate the instance.

D : Create an Amazon EventBridge rule for the EC2 instance launch successful event. Send the event to an AWS Lambda function to inspect the EC2 metadata and to terminate the instance.

Answer: B

Question 2

A DevOps engineer must implement a solution that immediately terminates Amazon EC2 instances in Auto Scaling groups when cryptocurrency mining activity is detected. Which solution will meet these requirements with the LEAST development effort?

A : Configure Amazon Route 53 query logs # CloudWatch # Lambda every 5 mins to detect mining-related domains and terminate EC2 instances.

B : Configure VPC Flow Logs # S3 # Lambda every 5 mins # Athena query # terminate EC2 instances.

C : Enable Amazon GuardDuty. Monitor EC2 findings. Create an EventBridge rule triggered by GuardDuty. Invoke a Lambda function that terminates the affected EC2 instances.

D : Enable AWS Security Hub. Monitor EC2 findings. Create an EventBridge rule triggered by SecurityHub. Invoke Lambda to terminate EC2 instances.

Answer: C

Question 3

A company deploys an application to Amazon EC2 instances. The application runs Amazon Linux 2 and uses AWS CodeDeploy. The application has the following file structure for its code repository:

The appspec.yml file has the following contents in the files section:

What will the result be for the deployment of the config.txt file?

A : The config.txt file will be deployed to only /var/www/html/config/config.txt.

B : The config.txt file will be deployed to /usr/local/src/config.txt and to /var/www/html/config/config.txt.

C : The config.txt file will be deployed to only /usr/local/src/config.txt.

D : The config.txt file will be deployed to /usr/local/src/config.txt and to /var/www/html/application/web/config.txt.

Answer: C

Question 4

A SaaS company uses ECS (Fargate) behind an ALB and CodePipeline + CodeDeploy for blue/green deployments. They need automatic, incremental traffic shifting over time with no downtime. Which solution will meet these requirements?

A : Use TimeBasedLinear in appspec.yaml with defined percentage and interval.

B : Use AllAtOnce deployment configuration.

C : Use TimeBasedCanary.

D : Configure weighted routing on ALB manually.

Answer: A

Question 5

A company has an on-premises application that is written in Go. A DevOps engineer must move the application to AWS. The company's development team wants to enable blue/green deployments and perform A/B testing.

Which solution will meet these requirements?

A : ploy the application on an Amazon EC2 instance, and create an AMI of the instance. Use the AMI to create an automatic scaling launch configuration that is used in an Auto Scaling group. Use Elastic Load Balancing to distribute traffic. When changes are made to the application, a new AMI will be created, which will initiate an EC2 instance refresh.

B : Amazon Lightsail to deploy the application. Store the application in a zipped format in an Amazon S3 bucket. Use this zipped version to deploy new versions of the application to Lightsail. Use Lightsail deployment options to manage the deployment.

C : AWS CodeArtifact to store the application code. Use AWS CodeDeploy to deploy the application to a fleet of Amazon EC2 instances. Use Elastic Load Balancing to distribute the traffic to the EC2 instances. When making changes to the application, upload a new version to CodeArtifact and create a new CodeDeploy deployment.

D : AWS Elastic Beanstalk to host the application. Store a zipped version of the application in Amazon S3. Use that location to deploy new versions of the application. Use Elastic Beanstalk to manage the deployment options

Answer: D