| PDF + Test Engine |
|
||
| Test Engine |
|
||
|
|
Here are Amazon DOP-C02 PDF available features:
| 449 questions with answers | Updation Date : 16 Jul, 2026 |
| 1 day study required to pass exam | 100% Passing Assurance |
| 100% Money Back Guarantee | Free 3 Months Updates |
A company manages AWS accounts for application teams in AWS Control Tower. Individual application teams are responsible for securing their respective AWS accounts. A DevOps engineer needs to enable Amazon GuardDuty for all AWS accounts in which the application teams have not already enabled GuardDuty. The DevOps engineer is using AWS CloudFormation StackSets from the AWS Control Tower management account. How should the DevOps engineer configure the CloudFormation template to prevent failure during the StackSets deployment?
A. Create a CloudFormation custom resource that invokes an AWS Lambda function.Configure the Lambda function to conditionally enable GuardDuty if GuardDuty is notalready enabled in the accounts.
B. Use the Conditions section of the CloudFormation template to enable GuardDuty inaccounts where GuardDuty is not already enabled.
C. Use the CloudFormation Fn. GetAtt intrinsic function to check whether GuardDuty isalready enabled If GuardDuty is not already enabled use the Resources section of theCloudFormation template to enable GuardDuty
D. Manually discover the list of AWS account IDs where GuardDuty is not enabled Use theCloudFormation Fn: ImportValue intrinsic function to import the list of account IDs into theCloudFormation template to skip deployment for the listed AWS accounts.
A DevOps engineer is building a solution that uses Amazon Simple Queue Service (Amazon SQS) standard queues. The solution also includes an AWS Lambda function and an Amazon DynamoDB table. The Lambda function pulls content from the SQS queue and writes the content to the DynamoDB table. The solution must maximize the scalability of the Lambda function and must prevent successfully processed SQS messages from being processed multiple times. Which solution will meet these requirements?
A. Set the batch window to 1 second in the Lambda function's event source mapping.
B. Set the batch size to 1 in the Lambda function's event source mapping.
C. Set a value of ReportBatchItemFailures in the FunctionResponseTypes list in theLambda function's event source mapping.
D. Set the reserved concurrency to 1 in the Lambda function's concurrency and recursiondetection settings.
A company is implementing a CI/CD pipeline for an application by using AWS CodePipeline and AWS CodeBuild. The company needs a solution to run unit tests and automatically generate code coverage reports before any code is deployed to production. The CI/CD pipeline execution must fail if the code coverage is less than 80%. Which solution will meet these requirements?
A. Create an AWS Lambda function to run unit tests and generate code coverage reports.Add a Lambda invoke action to a stage in the CodePipeline pipeline. Create an AmazonEventBridge scheduled rule to run hourly to monitor the Lambda function's output.Configure the rule to fail the pipeline if coverage is less than 80%
B. Create an AWS Step Functions workflow to run unit tests and generate code coveragereports. Add a Step Functions test action to a stage in the CodePipeline pipeline to invokethe workflow. Configure the workflow to fail if the code coverage is less than 80%.
C. Create a CodeBuild project with a buildspec.yml file that includes commands to run unittests and generate code coverage reports. Add a CodeBuild test action to a stage in theCodePipeline pipeline. Configure the CodeBuild test action to use the source artifacts fromthe source action as input. Modify the buildspec.yml file to fail the build if coverage is lessthan 80%.
D. Create a CodeBuild project with Jenkins installed. Configure Jenkins to run unit testsand generate code coverage reports. Add a Jenkins test action to a stage in theCodePipeline pipeline. Configure the Jenkins test action to output the coverage report asan output artifact. Configure an approval action to fail the pipeline if code coverage is lessthan 80%.
A company is performing vulnerability scanning for all Amazon EC2 instances across many accounts. The accounts are in an organization in AWS Organizations. Each account's VPCs are attached to a shared transit gateway. The VPCs send traffic to the internet through a central egress VPC. The company has enabled Amazon Inspector in a delegated administrator account and has enabled scanning for all member accounts. A DevOps engineer discovers that some EC2 instances are listed in the "not scanning" tab in Amazon Inspector. Which combination of actions should the DevOps engineer take to resolve this issue? (Choose three.)
A. Verify that AWS Systems Manager Agent is installed and is running on the EC2instances that Amazon Inspector is not scanning.
B. Associate the target EC2 instances with security groups that allow outbound
communication on port 443 to the AWS Systems Manager service endpoint.
C. Grant inspector: StartAssessmentRun permissions to the IAM role that the DevOps
engineer is using.
D. Configure EC2 Instance Connect for the EC2 instances that Amazon Inspector is not
scanning.
E. Associate the target EC2 instances with instance profiles that grant permissions to
communicate with AWS Systems Manager.
F. Create a managed-instance activation. Use the Activation Code and the Activation ID to
register the EC2 instances.
A company is storing 100 GB of log data in .csv format in an Amazon S3 bucket. SQL developers want to query this data and generate graphs to visualize it. The SQL developers also need an efficient, automated way to store metadata from the .csv file. Which combination of steps will meet these requirements with the LEAST amount of effort? (Select THREE.)
A. Filter the data through AWS X-Ray to visualize the data.
B. Filter the data through Amazon QuickSight to visualize the data.
C. Query the data with Amazon Athena.
D. Use the AWS Glue Data Catalog as the persistent metadata store.
E. Use Amazon DynamoDB as the persistent metadata store.
F. Query the data with Amazon Redshift.
A DevOps team uses AWS CodePipeline, AWS CodeBuild, and AWS CodeDeploy to deploy an application. The application is a REST API that uses AWS Lambda functions and Amazon API Gateway Recent deployments have introduced errors that have affected many customers. The DevOps team needs a solution that reverts to the most recent stable version of the application when an error is detected. The solution must affect the fewest customers possible. Which solution Will meet these requirements With the MOST operational efficiency?
A. Set the deployment configuration in CodeDepIoy to LambdaAlIAtOnce Configureautomatic rollbacks on the deployment group Create an Amazon CloudWatch alarm thatdetects HTTP Bad Gateway errors on API Gateway Configure the deployment group to rollback when the number of alarms meets the alarm threshold
B. Set the deployment configuration in CodeDeploy to LambdaCanary10Percent10Minutes.Configure automatic rollbacks on the deployment group Create an Amazon CloudWatchalarm that detects HTTP Bad Gateway errors on API Gateway Configure the deploymentgroup to roll back when the number of alarms meets the alarm threshold
C. Set the deployment configuration in CodeDeploy to LambdaAllAtOnce Configure manualrollbacks on the deployment group. Create an Amazon Simple Notification Service(Amazon SNS) topc to send notifications every time a deployrnent fads. Configure the SNStopc to Invoke a new Lambda function that stops the current deployment and starts themost recent successful deployment
D. Set the deployment configuration in CodeDeploy to LambdaCanaryIOPercentIOMinutesConfigure manual rollbacks on the deployment group Create a metric filter on an AmazonCloudWatch log group for API Gateway to monitor HTTP Bad Gateway errors. Configurethe metric filter to Invoke a new Lambda function that stops the current eployment andstarts the most recent successful deployment
A company uses Amazon Elastic Container Registry (Amazon ECR) for all images of the company's containerized infrastructure. The company uses the pull through cache functionality with the /external prefix to avoid throttling when the company retrieves images from external image registries. The company uses AWS Organizations for its accounts. Every image in the registry must be encrypted with a specific, pre-provisioned AWS Key Management Service (AWS KMS) key. The company's internally created images already comply with this policy. However, cached external images use server-side encryption with Amazon S3 managed keys (SSE-S3).
The company must remove the noncompliant cache repositories. The company must also implement a secure solution to ensure that all new pull through cache repositories are automatically encrypted with the required KMS key. Which solution will meet these requirements?
A. Configure AWS Config. Add a custom rule that uses Guard syntax. Write the rule toenable KMS encryption for new repositories.
B. Configure an ECR repository creation template for the prefix. Specify the KMS key. Waitfor the repositories to repopulate.
C. Configure an SCP for all AWS accounts that requires all ECR repositories to be KMSencrypted.
D. Create a new Amazon EventBridge rule that triggers on all "ECR Pull Through CacheAction" events. Set AWS KMS as the rule target.
A company has a guideline that every Amazon EC2 instance must be launched from an AMI that the company's security team produces Every month the security team sends an email message with the latest approved AMIs to all the development teams. The development teams use AWS CloudFormation to deploy their applications. When developers launch a new service they have to search their email for the latest AMIs that the security department sent. A DevOps engineer wants to automate the process that the security team uses to provide the AMI IDs to the development teams. What is the MOST scalable solution that meets these requirements?
A. Direct the security team to use CloudFormation to create new versions of the AMIs andto list! the AMI ARNs in an encrypted Amazon S3 object as part of the stack's OutputsSection Instruct the developers to use a cross-stack reference to load the encrypted S3object and obtain the most recent AMI ARNs.
B. Direct the security team to use a CloudFormation stack to create an AWS CodePipelinepipeline that builds new AMIs and places the latest AMI ARNs in an encrypted Amazon S3object as part of the pipeline output Instruct the developers to use a cross-stack referencewithin their own CloudFormation template to obtain the S3 object location and the mostrecent AMI ARNs.
C. Direct the security team to use Amazon EC2 Image Builder to create new AMIs and toplace the AMI ARNs as parameters in AWS Systems Manager Parameter Store Instructthe developers to specify a parameter of type SSM in their CloudFormation stack to obtainthe most recent AMI ARNs from Parameter Store.
D. Direct the security team to use Amazon EC2 Image Builder to create new AMIs and tocreate an Amazon Simple Notification Service (Amazon SNS) topic so that everydevelopment team can receive notifications. When the development teams receive anotification instruct them to write an AWS Lambda function that will update theirCloudFormation stack with the most recent AMI ARNs.
A company has deployed a new platform that runs on Amazon Elastic Kubernetes Service (Amazon EKS). The new platform hosts web applications that users frequently update. The application developers build the Docker images for the applications and deploy the Docker images manually to the platform. The platform usage has increased to more than 500 users every day. Frequent updates, building the updated Docker images for the applications, and deploying the Docker images on the platform manually have all become difficult to manage. The company needs to receive an Amazon Simple Notification Service (Amazon SNS) notification if Docker image scanning returns any HIGH or CRITICAL findings for operating system or programming language package vulnerabilities. Which combination of steps will meet these requirements? (Select TWO.)
A. Create an AWS CodeCommit repository to store the Dockerfile and Kubernetesdeployment files. Create a pipeline in AWS CodePipeline. Use an Amazon S3 event toinvoke the pipeline when a newer version of the Dockerfile is committed. Add a stop to thepipeline to initiate the AWS CodeBuild project.
B. Create an AWS CodeCommit repository to store the Dockerfile and Kubernetesdeployment files. Create a pipeline in AWS CodePipeline. Use an Amazon EvenlBridgeevent to invoke the pipeline when a newer version of the Dockerfile is committed. Add astep to the pipeline to initiate the AWS CodeBuild project.
C. Create an AWS CodeBuild project that builds the Docker images and stores the Dockerimages in an Amazon Elastic Container Registry (Amazon ECR) repository. Turn on basicscanning for the ECR repository. Create an Amazon EventBridge rule that monitorsAmazon GuardDuty events. Configure the EventBridge rule to send an event to an SNStopic when the finding-severity-counts parameter is more than 0 at a CRITICAL or HIGHlevel.
D. Create an AWS CodeBuild project that builds the Docker images and stores the Dockerimages in an Amazon Elastic Container Registry (Amazon ECR) repository. Turn onenhanced scanning for the ECR repository. Create an Amazon EventBridge rule thatmonitors ECR image scan events. Configure the EventBridge rule to send an event to anSNS topic when the finding-severity-counts parameter is more than 0 at a CRITICAL orHIGH level.
E. Create an AWS CodeBuild project that scans the Dockerfile. Configure the project tobuild the Docker images and store the Docker images in an Amazon Elastic ContainerRegistry (Amazon ECR) repository if the scan is successful. Configure an SNS topic toprovide notification if the scan returns any vulnerabilities.
A company deploys a web application on Amazon EC2 instances that are behind an Application Load Balancer (ALB). The company stores the application code in an AWS CodeConnections compatible Git repository. When the company merges code to the main branch, an AWS CodeBuild project is initiated. The CodeBuild project compiles the code, stores the packaged code in AWS CodeArtifact, and invokes AWS Systems Manager Run Command to deploy the packaged code to the EC2 instances. Previous deployments have resulted in defects, EC2 instances that were not running the latest version of the packaged code, and inconsistencies between instances. A DevOps engineer needs to improve the reliability of the deployment solution. Which combination of actions will meet this requirement? (Select TWO.)
A. Create a pipeline in AWS CodePipeline that uses the Git repository as the sourceprovider. Configure the pipeline to have parallel build and test stages. In the pipeline, passthe CodeBuild project output artifact to an AWS CodeDeploy action.
B. Create a pipeline in AWS CodePipeline that uses the Git repository as the sourceprovider. Configure the pipeline to have a build stage followed by a test stage. In thepipeline, pass the CodeBuild project output artifact to an AWS CodeDeploy action.
C. Create an AWS CodeDeploy application and a deployment group to deploy thepackaged code to the EC2 instances. Configure the ALB for the deployment group.
D. Create individual AWS Lambda functions that use AWS CodeDeploy instead of SystemsManager to run build, test, and deploy actions.
E. Create an Amazon S3 bucket. Modify the CodeBuild project to store the packages in theS3 bucket instead of in CodeArtifact. Use deploy actions in CodeDeploy to deploy.