Free Amazon DOP-C02 Exam Questions

Question 1

An online retail company based in the United States plans to expand its operations to Europe and Asia in the next six months. Its product currently runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. All data is stored in an Amazon Aurora database instance.

When the product is deployed in multiple regions, the company wants a single product catalog across all regions, but for compliance purposes, its customer information and purchases must be kept in each region.

How should the company meet these requirements with the LEAST amount of application changes?

A : Amazon Redshift for the product catalog and Amazon DynamoDB tables for the customer information and purchases.

B : Amazon DynamoDB global tables for the product catalog and regional tables for the customer information and purchases.

C : Aurora with read replicas for the product catalog and additional local Aurora instances in each region for the customer information and purchases.

D : Aurora for the product catalog and Amazon DynamoDB global tables for the customer information and purchases

Answer: C

Question 2

A DevOps engineer is building the infrastructure for an application. The application needs to run on an Amazon Elastic Kubernetes Service (Amazon EKS) cluster that includes Amazon EC2 instances. The EC2 instances need to use an Amazon Elastic File System (Amazon EFS) file system as a storage backend. The Amazon EFS Container Storage Interface (CSI) driver is installed on the EKS cluster.

When the DevOps engineer starts the application, the EC2 instances do not mount the EFS file system.

Which solutions will fix the problem? (Choose three.)

A : Switch the EKS nodes from Amazon EC2 to AWS Fargate.

B : Add an inbound rule to the EFS file system’s security group to allow NFS traffic from the EKS cluster.

C : Create an IAM role that allows the Amazon EFS CSI driver to interact with the file system

D : Set up AWS DataSync to configure file transfer between the EFS file system and the EKS nodes.

E : Create a mount target for the EFS file system in the subnet of the EKS nodes.

F : Disable encryption or the EFS file system.

Answer: B,C,F

Question 3

A JavaScript-based online salary calculator hosted on-premises is slated to be migrated to AWS. The application has no server-side code and is just composed of a UI powered by Vue.js and Bootstrap. Since the online calculator may contain sensitive financial data, adding HTTP response headers such as X-Content-Type-Options, X-Frame-Options and X-XSS-Protection should be implemented to comply with the Open Web Application Security Project (OWASP) standards.

Which of the following is the MOST suitable solution that you should implement?

A : t the application on an S3 bucket configured for website hosting then set up server access logging on the Amazon S3 bucket to track user activity. Enable Amazon S3 client-side encryption and configure it to return the required security headers.

B : t the application on an S3 bucket configured for website hosting then set up server access logging on the S3 bucket to track user activity. Configure the bucket policy of the S3 bucket to return the required security headers.

C : t the application on an S3 bucket configured for website hosting. Set up a CloudFront web distribution and set the S3 bucket as the origin. Set a custom Request and Response Behavior in CloudFront that automatically adds the required security headers in the HTTP response.

D : t the application on an S3 bucket configured for website hosting. Set up a CloudFront web distribution and set the S3 bucket as the origin with the origin response event set to trigger a Lambda@Edge function. Add the required security headers in the HTTP response using the Lambda function.

Answer: D

Question 4

A company has an application that runs on Amazon EC2 instances that are in an Auto Scaling group. When the application starts up. the application needs to process data from an Amazon S3 bucket before the application can start to serve requests.

The size of the data that is stored in the S3 bucket is growing. When the Auto Scaling group adds new instances, the application now takes several minutes to download and process the data before the application can serve requests. The company must reduce the time that elapses before new EC2 instances are ready to serve requests.

Which solution is the MOST cost-effective way to reduce the application startup time?

A : nfigure a warm pool for the Auto Scaling group with warmed EC2 instances in the Stopped state. Configure an autoscaling:EC2_INSTANCE_LAUNCHING lifecycle hook on the Auto Scaling group. Modify the application to complete the lifecycle hook when the application is ready to serve requests.

B : crease the maximum instance count of the Auto Scaling group. Configure an autoscaling:EC2_INSTANCE_LAUNCHING lifecycle hook on the Auto Scaling group. Modify the application to complete the lifecycle hook when the application is ready to serve requests.

C : nfigure a warm pool for the Auto Scaling group with warmed EC2 instances in the Running state. Configure an autoscaling:EC2_INSTANCE_LAUNCHING lifecycle hook on the Auto Scaling group. Modify the application to complete the lifecycle hook when the application is ready to serve requests.

D : crease the maximum instance count of the Auto Scaling group. Configure an autoscaling:EC2_INSTANCE_LAUNCHING lifecycle hook on the Auto Scaling group. Modify the application to complete the lifecycle hook and to place the new instance in the Standby state when the application is ready to serve requests.

Answer: C

Question 5

A company is using AWS to run digital workloads. Each application team in the company has its own AWS account for application hosting. The accounts are consolidated in an organization in AWS Organizations. The company wants to enforce security standards across the entire organization. To avoid noncompliance because of security misconfiguration, the company has enforced the use of AWS CloudFormation. A production support team can modify resources in the production environment by using the AWS Management Console to troubleshoot and resolve application-related issues. A DevOps engineer must implement a solution to identify in near real time any AWS service misconfiguration that results in noncompliance. The solution must automatically remediate the issue within 15 minutes of identification. The solution also must track noncompliant resources and events in a centralized dashboard with accurate timestamps. Which solution will meet these requirements with the LEAST development overhead?

A : Use CloudFormation drift detection to identify noncompliant resources. Use drift detection events from CloudFormation to invoke an AWS Lambda function for remediation. Configure the Lambda function to publish logs to an Amazon CloudWatch Logs log group. Configure an Amazon CloudWatch dashboard to use the log group for tracking.

B : Turn on AWS CloudTrail in the AWS accounts. Analyze CloudTrail logs by using Amazon Athena to identify noncompliant resources. Use AWS Step Functions to track query results on Athena for drift detection and to invoke an AWS Lambda function for remediation. For tracking, set up an Amazon QuickSight dashboard that uses Athena as the data source.

C : Turn on the configuration recorder in AWS Config in all the AWS accounts to identify noncompliant resources. Enable AWS Security Hub with the ~no-enable-default-standards option in all the AWS accounts. Set up AWS Config managed rules and custom rules. Set up automatic remediation by using AWS Config conformance packs. For tracking, set up a dashboard on Security Hub in a designated Security Hub administrator account.

D : Turn on AWS CloudTrail in the AWS accounts. Analyze CloudTrail logs by using Amazon CloudWatch Logs to identify noncompliant resources. Use CloudWatch Logs filters for drift detection. Use Amazon EventBridge to invoke the Lambda function for remediation. Stream filtered CloudWatch logs to Amazon OpenSearch Service. Set up a dashboard on OpenSearch Service for tracking.

Answer: C