Amazon DOP-C02 dumps

Amazon DOP-C02 Exam Dumps

AWS Certified DevOps Engineer - Professional
757 Reviews

Exam Code DOP-C02
Exam Name AWS Certified DevOps Engineer - Professional
Questions 176 Questions Answers With Explanation
Update Date February 22,2024
Price Was : $81 Today : $45 Was : $99 Today : $55 Was : $117 Today : $65

Genuine Exam Dumps For DOP-C02:

Prepare Yourself Expertly for DOP-C02 Exam:

Our most skilled and experienced professionals are providing updated and accurate study material in PDF form to our customers. The material accumulators make sure that our students successfully secure at least more than 90% marks in the Amazon DOP-C02 exam. Our team of professionals is always working very keenly to keep the material updated. Hence, they communicate to the students quickly if there is change in the DOP-C02 dumps file. You and your money both are very valuable for us so we never take it lightly and have made the attempt to provide you the best work in your hands. In fact, there is not a 1% chance to ruin it.

24/7 Friendly Approach:

You can access our agents anytime for your guidance 24/7. Our agent will provide you information you need, you can ask them any questions you have. We are here to provide you with a complete study material file you need to pass your DOP-C02 exam with remarkable marks.

Recognized Dumps for Amazon DOP-C02 Exam:

Our experts are working hard to provide our customers with accurate material for their Amazon DOP-C02 exam. If you want to meet a sweeping success in your exam you must sign up for the complete preparation at Pass4surexams and we will provide you with such genuine material that will help you succeed with distinction. Our provided material is as real as you are studying the real exam questions and answers. Our experts are working hard for our customers. So that they can easily pass their exam in their first attempt without any trouble.

Our team updates the Amazon DOP-C02 questions answers frequently and if there is a change, we instantly contact our customers and provide them updated study material for the exam preparation.

Amazon DOP-C02 Real Exam Questions:

We offer our students real exam questions with 100% passing guarantee, so that they can easily pass their Amazon DOP-C02 exam in the first attempt. Our DOP-C02 dumps PDF have been carved by the experienced experts exactly on the model of real exam question answers in which you are going to appear to get your certification.


Amazon DOP-C02 Sample Questions

Question # 1

A company runs applications in AWS accounts that are in an organization in AWSOrganizations The applications use Amazon EC2 instances and Amazon S3.The company wants to detect potentially compromised EC2 instances suspicious networkactivity and unusual API activity in its existing AWS accounts and in any AWS accountsthat the company creates in the future When the company detects one to these events thecompany wants to use an existing Amazon Simple Notification Service (Amazon SNS)topic to send a notification to its operational support team for investigation and remediation.Which solution will meet these requirements in accordance with AWS best practices?

A. In the organization's management account configure an AWS account as the AmazonGuardDuty administrator account. In the GuardDuty administrator account add thecompany's existing AWS accounts to GuardDuty as members In the GuardDutyadministrator account create an Amazon EventBridge rule with an event pattern to matchGuardDuty events and to forward matching events to the SNS topic.
B. In the organization's management account configure Amazon GuardDuty to add newlycreated AWS accounts by invitation and to send invitations to the existing AWS accountsCreate an AWS Cloud Formation stack set that accepts the GuardDuty invitation andcreates an Amazon EventBridge rule Configure the rule with an event pattern to match.GuardDuty events and to forward matching events to the SNS topic. Configure the CloudFormation stack set to deploy into all AWS accounts in the organization.
C. In the organization's management account. create an AWS CloudTrail organization trailActivate the organization trail in all AWS accounts in the organization. Create an SCP thatenables VPC Flow Logs in each account in the organization. Configure AWS Security Hubfor the organization Create an Amazon EventBridge rule with an even pattern to matchSecurity Hub events and to forward matching events to the SNS topic.
D. In the organization's management account configure an AWS account as the AWSCloudTrail administrator account in the CloudTrail administrator account create aCloudTrail organization trail. Add the company's existing AWS accounts to the organizationtrail Create an SCP that enables VPC Flow Logs in each account in the organization.Configure AWS Security Hub for the organization. Create an Amazon EventBridge rule withan event pattern to match Security Hub events and to forward matching events to the SNStopic.



Question # 2

A company has a data ingestion application that runs across multiple AWS accounts. Theaccounts are in an organization in AWS Organizations. The company needs to monitor theapplication and consolidate access to the application. Currently the company is running theapplication on Amazon EC2 instances from several Auto Scaling groups. The EC2instances have no access to the internet because the data is sensitive Engineers havedeployed the necessary VPC endpoints. The EC2 instances run a custom AMI that is builtspecifically tor the application.To maintain and troubleshoot the application, system administrators need the ability to login to the EC2 instances. This access must be automated and controlled centrally. Thecompany's security team must receive a notification whenever the instances are accessed.Which solution will meet these requirements?

A. Create an Amazon EventBridge rule to send notifications to the security team whenevera user logs in to an EC2 instance Use EC2 Instance Connect to log in to the instances.Deploy Auto Scaling groups by using AWS Cloud Formation Use the cfn-init helper script todeploy appropriate VPC routes for external access Rebuild the custom AMI so that thecustom AMI includes AWS Systems Manager Agent.
B. Deploy a NAT gateway and a bastion host that has internet access Create a securitygroup that allows incoming traffic on all the EC2 instances from the bastion host InstallAWS Systems Manager Agent on all the EC2 instances Use Auto Scaling group lifecyclehooks for monitoring and auditing access Use Systems Manager Session Manager to log into the instances Send logs to a log group m Amazon CloudWatch Logs. Export data toAmazon S3 for auditing Send notifications to the security team by using S3 eventnotifications.
C. Use EC2 Image Builder to rebuild the custom AMI Include the most recent version ofAWS Systems Manager Agent in the Image Configure the Auto Scaling group to attach theAmazonSSMManagedinstanceCore role to all the EC2 instances Use Systems ManagerSession Manager to log in to the instances Enable logging of session details to Amazon S3Create an S3 event notification for new file uploads to send a message to the security teamthrough an Amazon Simple Notification Service (Amazon SNS) topic.
D. Use AWS Systems Manager Automation to build Systems Manager Agent into thecustom AMI Configure AWS Configure to attach an SCP to the root organization account toallow the EC2 instances to connect to Systems Manager Use Systems Manager SessionManager to log in to the instances Enable logging of session details to Amazon S3 Createan S3 event notification for new file uploads to send a message to the security teamthrough an Amazon Simple Notification Service (Amazon SNS) topic.



Question # 3

A DevOps engineer is designing an application that integrates with a legacy REST API.The application has an AWS Lambda function that reads records from an Amazon Kinesisdata stream. The Lambda function sends the records to the legacy REST API.Approximately 10% of the records that the Lambda function sends from the Kinesis datastream have data errors and must be processed manually. The Lambda function eventsource configuration has an Amazon Simple Queue Service (Amazon SQS) dead-letterqueue as an on-failure destination. The DevOps engineer has configured the Lambdafunction to process records in batches and has implemented retries in case of failure.During testing the DevOps engineer notices that the dead-letter queue contains manyrecords that have no data errors and that already have been processed by the legacyREST API. The DevOps engineer needs to configure the Lambda function's event sourceoptions to reduce the number of errorless records that are sent to the dead-letter queue.Which solution will meet these requirements?

A. Increase the retry attempts
B. Configure the setting to split the batch when an error occurs
C. Increase the concurrent batches per shard
D. Decrease the maximum age of record



Question # 4

A company manages an application that stores logs in Amazon CloudWatch Logs. Thecompany wants to archive the logs to an Amazon S3 bucket Logs are rarely accessed after90 days and must be retained tor 10 years.Which combination of steps should a DevOps engineer take to meet these requirements?(Select TWO.)

A. Configure a CloudWatch Logs subscription filter to use AWS Glue to transfer all logs toan S3 bucket.
B. Configure a CloudWatch Logs subscription filter to use Amazon Kinesis Data Firehoseto stream all logs to an S3 bucket.
C. Configure a CloudWatch Logs subscription fitter to stream all logs to an S3 bucket.
D. Configure the S3 bucket lifecycle policy to transition logs to S3 Glacier after 90 days andto expire logs after 3.650 days.
E. Configure the S3 bucket lifecycle policy to transition logs to Reduced Redundancy after 90 days and to expire logs after 3.650 days.



Question # 5

A company wants to ensure that their EC2 instances are secure. They want to be notified ifany new vulnerabilities are discovered on their instances and they also want an audit trailof all login activities on the instances.Which solution will meet these requirements'?

A. Use AWS Systems Manager to detect vulnerabilities on the EC2 instances Install theAmazon Kinesis Agent to capture system logs and deliver them to Amazon S3.
B. Use AWS Systems Manager to detect vulnerabilities on the EC2 instances Install theSystems Manager Agent to capture system logs and view login activity in the CloudTrailconsole.
C. Configure Amazon CloudWatch to detect vulnerabilities on the EC2 instances Install theAWS Config daemon to capture system logs and view them in the AWS Config console.
D. Configure Amazon Inspector to detect vulnerabilities on the EC2 instances Install theAmazon CloudWatch Agent to capture system logs and record them via AmazonCloudWatch Logs.



Question # 6

A company is storing 100 GB of log data in csv format in an Amazon S3 bucket SQLdevelopers want to query this data and generate graphs to visualize it. The SQLdevelopers also need an efficient automated way to store metadata from the csv file.Which combination of steps will meet these requirements with the LEAST amount of effort?(Select THREE.)

A. Fitter the data through AWS X-Ray to visualize the data.
B. Filter the data through Amazon QuickSight to visualize the data.
C. Query the data with Amazon Athena.
D. Query the data with Amazon Redshift.
E. Use the AWS Glue Data Catalog as the persistent metadata store.
F. Use Amazon DynamoDB as the persistent metadata store.



Question # 7

A company is developing a new application. The application uses AWS Lambda functionsfor its compute tier. The company must use a canary deployment for any changes to theLambda functions. Automated rollback must occur if any failures are reported.The company’s DevOps team needs to create the infrastructure as code (IaC) and theCI/CD pipeline for this solution.Which combination of steps will meet these requirements? (Choose three.)

A. Create an AWS CloudFormation template for the application. Define each Lambdafunction in the template by using the AWS::Lambda::Function resource type. In thetemplate, include a version for the Lambda function by using the AWS::Lambda::Versionresource type. Declare the CodeSha256 property. Configure an AWS::Lambda::Aliasresource that references the latest version of the Lambda function.
B. Create an AWS Serverless Application Model (AWS SAM) template for the application.Define each Lambda function in the template by using the AWS::Serverless::Functionresource type. For each function, include configurations for the AutoPublishAlias propertyand the DeploymentPreference property. Configure the deployment configuration type toLambdaCanary10Percent10Minutes.
C. Create an AWS CodeCommit repository. Create an AWS CodePipeline pipeline. Usethe CodeCommit repository in a new source stage that starts the pipeline. Create an AWSCodeBuild project to deploy the AWS Serverless Application Model (AWS SAM) template.Upload the template and source code to the CodeCommit repository. In the CodeCommitrepository, create a buildspec.yml file that includes the commands to build and deploy theSAM application.
D. Create an AWS CodeCommit repository. Create an AWS CodePipeline pipeline. Usethe CodeCommit repository in a new source stage that starts the pipeline. Create an AWSCodeDeploy deployment group that is configured for canary deployments with aDeploymentPreference type of Canary10Percent10Minutes. Upload the AWSCloudFormation template and source code to the CodeCommit repository. In theCodeCommit repository, create an appspec.yml file that includes the commands to deploythe CloudFormation template.
E. Create an Amazon CloudWatch composite alarm for all the Lambda functions. Configurean evaluation period and dimensions for Lambda. Configure the alarm to enter the ALARMstate if any errors are detected or if there is insufficient data.
F. Create an Amazon CloudWatch alarm for each Lambda function. Configure the alarmsto enter the ALARM state if any errors are detected. Configure an evaluation period,dimensions for each Lambda function and version, and the namespace as AWS/Lambdaon the Errors metric.



Question # 8

The security team depends on AWS CloudTrail to detect sensitive security issues in thecompany's AWS account. The DevOps engineer needs a solution to auto-remediateCloudTrail being turned off in an AWS account.What solution ensures the LEAST amount of downtime for the CloudTrail log deliveries?

A. Create an Amazon EventBridge rule for the CloudTrail StopLogging event. Create anAWS Lambda (unction that uses the AWS SDK to call StartLogging on the ARN of theresource in which StopLogging was called. Add the Lambda function ARN as a target tothe EventBridge rule.
B. Deploy the AWS-managed CloudTrail-enabled AWS Config rule set with a periodicinterval to 1 hour. Create an Amazon EventBridge rule tor AWS Config rules compliancechange. Create an AWS Lambda function that uses the AWS SDK to call StartLogging onthe ARN of the resource in which StopLoggmg was called. Add the Lambda function ARNas a target to the EventBridge rule.
C. Create an Amazon EventBridge rule for a scheduled event every 5 minutes. Create anAWS Lambda function that uses the AWS SDK to call StartLogging on a CloudTrail trail inthe AWS account. Add the Lambda function ARN as a target to the EventBridge rule.
D. Launch a t2 nano instance with a script running every 5 minutes that uses the AWS SDKto query CloudTrail in the current account. If the CloudTrail trail is disabled have the scriptre-enable the trail.



Question # 9

A company is using an organization in AWS Organizations to manage multiple AWSaccounts. The company's development team wants to use AWS Lambda functions to meetresiliency requirements and is rewriting all applications to work with Lambda functions thatare deployed in a VPC. The development team is using Amazon Elastic Pile System(Amazon EFS) as shared storage in Account A in the organization. The company wants to continue to use Amazon EPS with Lambda Company policyrequires all serverless projects to be deployed in Account B.A DevOps engineer needs to reconfigure an existing EFS file system to allow Lambdafunctions to access the data through an existing EPS access point.Which combination of steps should the DevOps engineer take to meet these requirements?(Select THREE.)

A. Update the EFS file system policy to provide Account B with access to mount and writeto the EFS file system in Account A.
B. Create SCPs to set permission guardrails with fine-grained control for Amazon EFS.
C. Create a new EFS file system in Account B Use AWS Database Migration Service (AWSDMS) to keep data from Account A and Account B synchronized.
D. Update the Lambda execution roles with permission to access the VPC and the EFS filesystem.
E. Create a VPC peering connection to connect Account A to Account B.
F. Configure the Lambda functions in Account B to assume an existing IAM role in Account A.



Question # 10

A company wants to use a grid system for a proprietary enterprise m-memory data store on top of AWS. This system can run in multiple server nodes in any Linux-based distribution.The system must be able to reconfigure the entire cluster every time a node is added orremoved. When adding or removing nodes an /etc./cluster/nodes config file must beupdated listing the IP addresses of the current node members of that cluster.The company wants to automate the task of adding new nodes to a cluster.What can a DevOps engineer do to meet these requirements?

A. Use AWS OpsWorks Stacks to layer the server nodes of that cluster. Create a Chefrecipe that populates the content of the 'etc./cluster/nodes config file and restarts theservice by using the current members of the layer. Assign that recipe to the Configurelifecycle event.
B. Put the file nodes config in version control. Create an AWS CodeDeploy deploymentconfiguration and deployment group based on an Amazon EC2 tag value for theclusternodes. When adding a new node to the cluster update the file with all tagged instances andmake a commit in version control. Deploy the new file and restart the services.
C. Create an Amazon S3 bucket and upload a version of the /etc./cluster/nodes config fileCreate a crontab script that will poll for that S3 file and download it frequently. Use aprocess manager such as Monit or system, to restart the cluster services when it detectsthat the new file was modified. When adding a node to the cluster edit the file's most recentmembers Upload the new file to the S3 bucket.
D. Create a user data script that lists all members of the current security group of thecluster and automatically updates the /etc/cluster/. nodes config. Tile whenever a newinstance is added to the cluster.



Question # 11

A company recently migrated its legacy application from on-premises to AWS. Theapplication is hosted on Amazon EC2 instances behind an Application Load Balancerwhich is behind Amazon API Gateway. The company wants to ensure users experienceminimal disruptions during any deployment of a new version of the application. Thecompany also wants to ensure it can quickly roll back updates if there is an issue.Which solution will meet these requirements with MINIMAL changes to the application?

A. Introduce changes as a separate environment parallel to the existing one Configure APIGateway to use a canary release deployment to send a small subset of user traffic to thenew environment.
B. Introduce changes as a separate environment parallel to the existing one Update theapplication's DNS alias records to point to the new environment.
C. Introduce changes as a separate target group behind the existing Application LoadBalancer Configure API Gateway to route user traffic to the new target group in steps.
D. Introduce changes as a separate target group behind the existing Application LoadBalancer Configure API Gateway to route all traffic to the Application Load Balancer which then sends the traffic to the new target group.



Question # 12

A development team manually builds an artifact locally and then places it in an Amazon S3bucket. The application has a local cache that must be cleared when a deployment occurs. The team runs a command to do this downloads the artifact from Amazon S3 and unzipsthe artifact to complete the deployment.A DevOps team wants to migrate to a CI/CD process and build in checks to stop and rollback the deployment when a failure occurs. This requires the team to track the progressionof the deployment.Which combination of actions will accomplish this? (Select THREE)

A. Allow developers to check the code into a code repository Using Amazon EventBridgeon every pull into the mam branch invoke an AWS Lambda function to build the artifact andstore it in Amazon S3.
B. Create a custom script to clear the cache Specify the script in the Beforelnstall lifecyclehook in the AppSpec file.
C. Create user data for each Amazon EC2 instance that contains the clear cache scriptOnce deployed test the application If it is not successful deploy it again.
D. Set up AWS CodePipeline to deploy the application Allow developers to check the codeinto a code repository as a source tor the pipeline.
E. Use AWS CodeBuild to build the artifact and place it in Amazon S3 Use AWSCodeDeploy to deploy the artifact to Amazon EC2 instances.
F. Use AWS Systems Manager to fetch the artifact from Amazon S3 and deploy it to all theinstances.



Question # 13

A company uses Amazon S3 to store proprietary information. The development teamcreates buckets for new projects on a daily basis. The security team wants to ensure thatall existing and future buckets have encryption logging and versioning enabled.Additionally, no buckets should ever be publicly read or write accessible.What should a DevOps engineer do to meet these requirements?

A. Enable AWS CloudTrail and configure automatic remediation using AWS Lambda.
B. Enable AWS Conflg rules and configure automatic remediation using AWS SystemsManager documents.
C. Enable AWS Trusted Advisor and configure automatic remediation using AmazonEventBridge.
D. Enable AWS Systems Manager and configure automatic remediation using SystemsManager documents.



Amazon DOP-C02 Exam Reviews

Leave Your Review