| Exam Code | DOP-C02 |
| Exam Name | AWS Certified DevOps Engineer - Professional |
| Questions | 435 Questions Answers With Explanation |
| Update Date | May 28,2026 |
| Price |
Was : |
Prepare Yourself Expertly for DOP-C02 Exam:
Our team of highly skilled and experienced professionals is dedicated to delivering up-to-date and precise study materials in PDF format to our customers. We deeply value both your time and financial investment, and we have spared no effort to provide you with the highest quality work. We ensure that our students consistently achieve a score of more than 95% in the Amazon DOP-C02 exam. You provide only authentic and reliable study material. Our team of professionals is always working very keenly to keep the material updated. Hence, they communicate to the students quickly if there is any change in the DOP-C02 dumps file. The Amazon DOP-C02 exam question answers and DOP-C02 dumps we offer are as genuine as studying the actual exam content.
You can reach out to our agents at any time for guidance; we are available 24/7. Our agent will provide you information you need; you can ask them any questions you have. We are here to provide you with a complete study material file you need to pass your DOP-C02 exam with extraordinary marks.
Pass4surexams provide trusted study material. If you want to meet a sweeping success in your exam you must sign up for the complete preparation at Pass4surexams and we will provide you with such genuine material that will help you succeed with distinction. Our experts work tirelessly for our customers, ensuring a seamless journey to passing the Amazon DOP-C02 exam on the first attempt. We have already helped a lot of students to ace IT certification exams with our genuine DOP-C02 Exam Question Answers. Don't wait and join us today to collect your favorite certification exam study material and get your dream job quickly.
Enroll with confidence at Pass4surexams, and not only will you access our comprehensive Amazon DOP-C02 exam question answers and dumps, but you will also benefit from a remarkable offer – 90 days of free updates. In the dynamic landscape of certification exams, our commitment to your success doesn't waver. If there are any changes or updates to the Amazon DOP-C02 exam content during the 90-day period, rest assured that our team will promptly notify you and provide the latest study materials, ensuring you are thoroughly prepared for success in your exam."
Quality is the heart of our service that's why we offer our students real exam questions with 100% passing assurance in the first attempt. Our DOP-C02 dumps PDF have been carved by the experienced experts exactly on the model of real exam question answers in which you are going to appear to get your certification.
A company has deployed an Amazon Elastic Kubernetes Service (Amazon EKS) cluster with Amazon EC2 node groups. The company's DevOps team uses the Kubernetes Horizontal Pod Autoscaler and recently installed a supported EKS cluster Autoscaler. The DevOps team needs to implement a solution to collect metrics and logs of the EKS cluster to establish a baseline for performance. The DevOps team will create an initial set of thresholds for specific metrics and will update the thresholds over time as the cluster is used. The DevOps team must receive an Amazon Simple Notification Service (Amazon SNS) email notification if the initial set of thresholds is exceeded or if the EKS cluster Autoscaler is not functioning properly. The solution must collect cluster, node, and pod metrics. The solution also must capture logs in Amazon CloudWatch. Which combination of steps should the DevOps team take to meet these requirements? (Select THREE.)
A. Deploy the CloudWatch agent and Fluent Bit to the cluster. Ensure that the EKS cluster
has appropriate permissions to send metrics and logs to CloudWatch.
B. Deploy AWS Distro for OpenTelemetry to the cluster. Ensure that the EKS cluster has appropriate permissions to send metrics and logs to CloudWatch.
C. Create CloudWatch alarms to monitor the CPU, memory, and node failure metrics of the cluster. Configure the alarms to send an SNS email notification to the DevOps team if thresholds are exceeded.
D. Create a CloudWatch composite alarm to monitor a metric log filter of the CPU, memory, and node metrics of the cluster. Configure the alarm to send an SNS email notification to the DevOps team when anomalies are detected.
E. Create a CloudWatch alarm to monitor the logs of the Autoscaler deployments for errors. Configure the alarm to send an SNS email notification to the DevOps team if thresholds are exceeded.
F. Create a CloudWatch alarm to monitor a metric log filter of the Autoscaler deployments for errors. Configure the alarm to send an SNS email notification to the DevOps team if thresholds are exceeded.
A video-sharing company stores its videos in an Amazon S3 bucket. The company needs to analyze user access patterns such as the number of users who access a specific video each month. Which solution will meet these requirements with the LEAST development effort?
A. Enable Amazon S3 server access logging. Load the access logs into an Amazon Aurora
database. Run SQL queries on the Aurora database to analyze the user access patterns.
B. Enable Amazon S3 server access logging. Use Amazon Athena to create an external table that contains the access logs. Run SQL queries on the Athena table to analyze the user access patterns.
C. Invoke an AWS Lambda function for every S3 object access event. Configure the Lambda function to write the file access information, including user ID, S3 bucket ID, and file key, to an Amazon Aurora database. Run SQL queries on the Aurora database to analyze the user access patterns.
D. Record a log message in Amazon CloudWatch Logs for every S3 object access event. Configure a log stream in CloudWatch Logs to write the file access information, including user ID, S3 bucket ID, and file key, to an Amazon Managed Service for Apache Flink application. Perform a sliding window analysis on the user access patterns.
A company has a stateless web application that is deployed on Amazon EC2 instances. The EC2 instances are in a target group behind an Application Load Balancer (ALB). Amazon Route 53 manages the application domain. The company updates the application UI and develops a beta version of the application. The company wants to test the beta version on 10% of its traffic. Which solution will meet these requirements with the LEAST number of configuration changes?
A. Deploy the beta version to new EC2 instances in a new target group. Associate the new
target group with a new ALB. Update the existing Route 53 record to use a weighted
routing policy. Add a new Route 53 record that points to the new ALB with the same routing
policy. Assign a weight of 90 to the existing record. Assign a weight of 10 to the new
record.
B. Deploy the beta version to new EC2 instances in a new target group. Associate the new target group with the same ALB listener rule. Assign a weight of 90 to the existing target group. Assign a weight of 10 to the new target group.
C. Refactor the application to implement a feature flag for the beta version by using AWS AppConfig. Use the feature flag to enable the beta version for 10% of the EC2 instances.
D. Containerize and deploy the application on Amazon Elastic Container Service (Amazon ECS). Use AWS CodeDeploy to deploy the beta version by using the CodeDeployDefault.ECSCanary10Percent15Minutes deployment configuration.
A company has an application that runs on Amazon EC2 instances in an Auto Scaling group. The application processes a high volume of messages from an Amazon Simple Queue Service (Amazon SQS) queue. A DevOps engineer noticed that the application took several hours to process a group of messages from the SQS queue. The average CPU utilization of the Auto Scaling group did not cross the threshold of a target tracking scaling policy when processing the messages. The application that processes the SQS queue publishes logs to Amazon CloudWatch Logs. The DevOps engineer needs to ensure that the queue is processed quickly. Which solution meets these requirements with the LEAST operational overhead?
A. Create an AWS Lambda function. Configure the Lambda function to publish a custom
metric by using the ApproximateNumberOfMessagesVisible SQS queue attribute and the
GroupIn-ServiceInstances Auto Scaling group attribute to publish the queue messages for
each instance. Schedule an Amazon EventBridge rule to run the Lambda function every
hour. Create a target tracking scaling policy for the Auto Scaling group that uses the
custom metric to scale in and out.
B. Create an AWS Lambda function. Configure the Lambda function to publish a custom metric by using the ApproximateNumberOfMessagesVisible SQS queue attribute and the GroupIn-ServiceInstances Auto Scaling group attribute to publish the queue messages for each instance. Create a CloudWatch subscription filter for the application logs with the Lambda function as the target. Create a target tracking scaling policy for the Auto Scaling group that uses the custom metric to scale in and out.
C. Create a target tracking scaling policy for the Auto Scaling group. In the target tracking policy, use the ApproximateNumberOfMessagesVisible SQS queue attribute and the GroupIn-ServiceInstances Auto Scaling group attribute to calculate how many messages are in the queue for each number of instances by using metric math. Use the calculated attribute to scale in and out.
D. Create an AWS Lambda function that logs the ApproximateNumberOfMessagesVisible attribute of the SQS queue to a CloudWatch Logs log group. Schedule an Amazon EventBridge rule to run the Lambda function every 5 minutes. Create a metric filter to count the number of log events from a CloudWatch logs group. Create a target tracking scaling policy for the Auto Scaling group that uses the custom metric to scale in and out.
A company is developing a mobile app that requires extensive automated testing across multiple device types. The company is using AWS CodePipeline for its CI/CD pipeline. The company must implement a scalable testing solution that can handle increased test loads as the app grows. Which solution will meet these requirements with the LEAST management overhead?
A. Integrate AWS Device Farm with the pipeline to run the tests and scale as needed.
B. Deploy a fleet of Amazon EC2 instances with various mobile device emulators and auto scaling to run the tests. Create a custom AWS Lambda function to invoke EC2 test runs.
C. Implement a containerized testing solution that uses Amazon Elastic Container Service (Amazon ECS) with auto scaling. Configure the pipeline to invoke an AWS Lambda function to start the test runs on the ECS cluster.
D. Use AWS Lambda functions with custom runtime emulators to run the tests. Integrate the Lambda functions with the pipeline.
A company deployed an Amazon CloudFront distribution that accepts requests and routes to an Amazon API Gateway HTTP API. During a recent security audit, the company discovered that requests from the internet could reach the HTTP API without using the CloudFront distribution. A DevOps engineer must ensure that connections to the HTTP API use the CloudFront distribution. Which solution will meet these requirements?
A. Enable VPC Flow Logs to identify requests that reach the HTTP API.
B. Deploy AWS WAF in front of the CloudFront distribution.
C. Implement an identity-based policy on the CloudFront distribution that requires authentication to make requests to the HTTP API.
D. Implement a custom header in the CloudFront distribution. Implement an AWS Lambda authorizer associated with the HTTP API that verifies the custom header.
A DevOps engineer is planning to use the AWS Cloud Development Kit (AWS CDK) to manage infrastructure as code (IaC) for a microservices-based application. The DevOps engineer must create reusable components for common infrastructure patterns and must apply the same cost allocation tags across different microservices. Which solution will meet these requirements?
A. Create a custom CDK construct library that includes common infrastructure patterns.
Create a CDK app. Use the TagManager class to add cost allocation tags to the whole app. Use the custom CDK construct library to write a higher-level construct that contains all the
microservices. Deploy the microservices as a single CDK stack with environment-specific
configurations.
B. Create a custom CDK construct library that includes common infrastructure patterns. Create a CDK app. Use the Tags class to add cost allocation tags to the whole app. Use the custom CDK construct library to write higher-level constructs for each microservice. Deploy the microservices as separate CDK stacks with environment-specific configurations.
C. Create AWS Service Catalog products that contain common infrastructure components. Create a CDK app. Use the TagManager class to add cost allocation tags to the whole app. Use the Service Catalog products to write a higher-level construct that contains all the microservices. Deploy the microservices as a single CDK stack with environment-specific configurations.
D. Create AWS Service Catalog products that contain common infrastructure components. Create a CDK app. Use the Tags class to add cost allocation tags to the whole app. Use the Service Catalog products to write higher-level constructs for each microservice. Deploy the microservices as separate CDK stacks with environment-specific configurations.
A company wants to decrease the time it takes to develop new features. The company uses AWS CodeBuild and AWS CodeDeploy to build and deploy its applications. The company uses AWS CodePipeline to deploy each microservice with its own CI/CD pipeline. The company needs more visibility into the average time between the release of new features and the average time to recover after a failed deployment. Which solution will provide this visibility with the LEAST configuration effort?
A. Program an AWS Lambda function that creates Amazon CloudWatch custom metrics
with information about successful runs and failed runs for each pipeline. Create an Amazon
EventBridge rule to invoke the Lambda function every 5 minutes. Use the metrics to build a
CloudWatch dashboard.
B. Program an AWS Lambda function that creates Amazon CloudWatch custom metrics with information about successful runs and failed runs for each pipeline. Create an Amazon EventBridge rule to invoke the Lambda function after every successful run and after every failed run. Use the metrics to build a CloudWatch dashboard.
C. Program an AWS Lambda function that writes information about successful runs and failed runs to Amazon DynamoDB. Create an Amazon EventBridge rule to invoke the Lambda function after every successful run and after every failed run. Build an Amazon QuickSight dashboard to show the information from DynamoDB.
D. Program an AWS Lambda function that writes information about successful runs and failed runs to Amazon DynamoDB. Create an Amazon EventBridge rule to invoke the Lambda function every 5 minutes. Build an Amazon QuickSight dashboard to show the information from DynamoDB.
A company is refactoring applications to use AWS. The company identifies an internal web application that needs to make Amazon S3 API calls in a specific AWS account. The company wants to use its existing identity provider (IdP) auth.company.com for authentication. The IdP supports only OpenID Connect (OIDC). A DevOps engineer needs to secure the web application's access to the AWS account. Which combination of steps will meet these requirements? (Select THREE.)
A. Configure AWS 1AM Identity Center. Configure an IdP. Upload the IdP metadata from
the existing IdP.
B. Create an 1AM IdP by using the provider URL, audience, and signature from the existing IdP.
C. Create an 1AM role that has a policy that allows the necessary S3 actions. Configure the role's trust policy to allow the OIDC IdP to assume the role if the sts.amazon.conraud context key is appid from idp.
D. Create an 1AM role that has a policy that allows the necessary S3 actions. Configure the role's trust policy to allow the OIDC IdP to assume the role if the auth.company.com:aud context key is appid_from_idp.
E. Configure the web application lo use the AssumeRoleWith Web Identity API operation to retrieve temporary credentials. Use the temporary credentials to make the S3 API calls.
F. Configure the web application to use the GetFederationToken API operation to retrieve temporary credentials Use the temporary credentials to make the S3 API calls.
A company in a highly regulated industry is building an artifact by using AWS CodeBuild and AWS CodePipeline. The company must connect to an external authenticated API during the building process. The company's DevOps engineer needs to encrypt the build outputs by using an AWS Key Management Service (AWS KMS) key. The external API credentials must be reset each month. The DevOps engineer has created a new key in AWS KMS. Which solution will meet these requirements?
A. Store the API credentials in AWS Systems Manager Parameter Store. Update the key policy for the CodeBuild IAM service role to have access to the KMS key. Set
CODEBUILD_KMS_KEY_ID as the new key ID.
B. Store the API credentials in AWS Systems Manager Parameter Store. Update the key policy for the CodePipeline IAM service role to have access to the KMS key. Add the key to the pipeline.
C. Store the API credentials in AWS Secrets Manager. Update the key policy for the CodeBuild IAM service role to have access to the KMS key. Set CODEBUILD_KMS_KEY_ID as the new key ID.
D. Store the API credentials in AWS Secrets Manager. Update the key policy for the CodePipeline IAM service role to have access to the KMS key. Add the key to the pipeline.
A company built its serverless infrastructure on AWS. The infrastructure consists of an Amazon API Gateway REST API, multiple AWS Lambda functions, and Amazon EventBridge. The company wants to be aware of any new supply chain attacks that the company's CI/CD pipelines do not catch. The company needs a solution to detect malicious activity in the deployed application. Which solution meets these requirements?
A. Enable AWS WAF for the API Gateway REST API. Configure an AWS WAF ACL. Add
the known bad inputs managed rule group.
B. Enable Amazon GuardDuty. Enable Lambda Protection. Use EventBridge for event notifications.
C. Deploy AWS CloudFormation Guard in the CI/CD pipelines. Write rules to catch the supply chain attacks.
D. Create a firewall in AWS Network Firewall. Configure a policy. Add the managed rule for the Emerging Threats rule group.
A DevOps engineer needs to design a cloud-based solution to standardize deployment artifacts for AWS Cloud deployments and on-premises deployments. There is currently no routing traffic between the on-premises data center and the AWS environment. The solution must be able to consume downstream packages from public repositories and must be highly available. Data must be encrypted in transit and at rest. The solution must store the deployment artifacts in object storage and deploy the deployment artifacts into Amazon Elastic Container Service (Amazon ECS). The deployment artifacts must be encrypted in transit if the deployment artifacts travel across the public internet. The DevOps engineer needs to deploy this solution in less than two weeks. Which solution will meet these requirements?
A. Use a third-party software VPN appliance to connect the on-premises data center and
AWS. Use AWS CodeArtifact to store the deployment artifacts.
B. Use an AWS Direct Connect connection and a VPN connection to connect the onpremises data center to AWS. Deploy third-party artifact management software on Amazon EC2 instances.
C. Use two AWS VPN connections to connect the on-premises data center to AWS. Use AWS CodeArtifact to store the deployment artifacts.
D. Use parallel AWS Direct Connect connections to connect the on-premises data center to AWS. Deploy third-party artifact management software on Amazon EC2 instances.
A DevOps engineer is building the infrastructure for an application. The application needs to run on an Amazon Elastic Kubernetes Service (Amazon EKS) cluster that includes Amazon EC2 instances. The EC2 instances need to use an Amazon Elastic File System (Amazon EFS) file system as a storage backend. The Amazon EFS Container Storage Interface (CSI) driver is installed on the EKS cluster. When the DevOps engineer starts the application, the EC2 instances do not mount the EFS file system. Which solutions will fix the problem? (Select THREE.)
A. Switch the EKS nodes from Amazon EC2 to AWS Fargate.
B. Add an inbound rule to the EFS file system's security group to allow NFS traffic from the EKS cluster.
C. Create an IAM role that allows the Amazon EFS CSI driver to interact with the file system.
D. Set up AWS DataSync to configure file transfer between the EFS file system and the EKS nodes.
E. Create a mount target for the EFS file system in the subnet of the EKS nodes.
F. Disable encryption on the EFS file system.
A company has a fleet of Amazon EC2 instances that run Linux in a single AWS account. The company is using an AWS Systems Manager Automation task across the EC2 instances. During the most recent patch cycle, several EC2 instances went into an error state because of insufficient available disk space. A DevOps engineer needs to ensure that the EC2 instances have sufficient available disk space during the patching process in the future. Which combination of steps will meet these requirements? {Select TWO.)
A. Ensure that the Amazon CloudWatch agent is installed on all EC2 instances
B. Create a cron job that is installed on each EC2 instance to periodically delete temporary files.
C. Create an Amazon CloudWatch log group for the EC2 instances. Configure a cron job that is installed on each EC2 instance to write the available disk space to a CloudWatch log stream for the relevant EC2 instance.
D. Create an Amazon CloudWatch alarm to monitor available disk space on all EC2 instances Add the alarm as a safety control to the Systems Manager Automation task.
E. Create an AWS Lambda function to periodically check for sufficient available disk space on all EC2 instances by evaluating each EC2 instance's respective Amazon CloudWatch log stream.
A company uses Amazon Elastic Kubernetes Services (Amazon EKS) to host containerized applications that are available in Amazon Elastic Container Registry (Amazon ECR). The company currently launches EKS clusters in the company's development environment by using the AWS CLI aws eks create-cluster command. The company uses the aws eks create-addon command to install required add-ons. All installed add-ons are currently version compatible with the version of Kubernetes that the company uses. All clusters exclusively use managed node groups for compute capacity. Some of the EKS clusters require a version upgrade. A DevOps engineer must ensure that upgrades continuously occur within the AWS standard support schedule. Which solution will meet this requirement with the LEAST operational overhead?
A. Run the aws eks update-cluster-version command, providing appropriate arguments
such as cluster name and version number.
B. Enable EKS Auto Mode on all EKS clusters. Remove all existing managed node groups.
C. Run the eksctl command to upgrade the EKS clusters. Provide appropriate arguments such as cluster name and version number.
D. Refactor the environment to create EKS clusters by using infrastructure as code (IaC).
Upgrade the clusters by using code changes.
A company is using the AWS Cloud Development Kit (AWS CDK) to develop a microservices-based application. The company needs to create reusable infrastructure components for three environments: development, staging, and production. The components must include networking resources, database resources, and serverless compute resources. The company must implement a solution that provides consistent infrastructure across environments while offering the option for environment-specific customizations. The solution also must minimize code duplication. Which solution will meet these requirements with the LEAST development overhead?
A. Create custom Level 1 (L1) constructs out of Level 2 (L2) constructs where repeatable
patterns exist. Create a single set of deployment stacks that takes the environment name
as an argument upon instantiation. Deploy CDK applications for each environment.
B. Create custom Level 1 (L1) constructs out of Level 2 (L2) constructs where repeatable patterns exist. Create separate deployment stacks for each environment. Use the CDK context command to determine which stacks to run when deploying to each environment.
C. Create custom Level 3 (L3) constructs out of Level 2 (L2) constructs where repeatable patterns exist. Create a single set of deployment stacks that takes the environment name as an argument upon instantiation. Deploy CDK applications for each environment.
D. Create custom Level 3 (L3) constructs out of Level 2 (L2) constructs where repeatable
patterns exist. Create separate deployment stacks for each environment. Use the CDK
context command to determine which stacks to run when deploying to each environment.
A company's application has an API that retrieves workload metrics. The company needs to audit, analyze, and visualize these metrics from the application to detect issues at scale. Which combination of steps will meet these requirements? (Select THREE).
A. Configure an Amazon EventBridge schedule to invoke an AWS Lambda function that
calls the API to retrieve workload metrics. Store the workload metric data in an Amazon S3
bucket.
B. Configure an Amazon EventBridge schedule to invoke an AWS Lambda function that calls the API to retrieve workload metrics. Store the workload metric data in an Amazon DynamoDB table that has a DynamoDB stream enabled.
C. Create an AWS Glue crawler to catalog the workload metric data in the Amazon S3 bucket. Create views in Amazon Athena for the cataloged data.
D. Connect an AWS Glue crawler to the Amazon DynamoDB stream to catalog the workload metric data. Create views in Amazon Athena for the cataloged data.
E. Create Amazon QuickSight datasets from the Amazon Athena views. Create a QuickSight analysis to visualize the workload metric data as a dashboard.
F. Create an Amazon CloudWatch dashboard that has custom widgets that invoke AWS Lambda functions. Configure the Lambda functions to query the workload metrics data from the Amazon Athena views.
A company uses AWS Organizations to manage its AWS accounts. A DevOps engineer must ensure that all users who access the AWS Management Console are authenticated through the company's corporate identity provider (IdP). Which combination of steps will meet these requirements? (Select TWO.)
A. Use Amazon GuardDuty with a delegated administrator account. Use GuardDuty to
enforce denial of 1AM user logins
B. Use AWS 1AM Identity Center to configure identity federation with SAML 2.0.
C. Create a permissions boundary in AWS 1AM Identity Center to deny password logins for 1AM users.
D. Create 1AM groups in the Organizations management account to apply consistent permissions for all 1AM users.
E. Create an SCP in Organizations to deny password creation for 1AM users.
A company has an organization in AWS Organizations for its multi-account environment. A DevOps engineer is developing an AWS CodeArtifact based strategy for application package management across the organization. Each application team at the company has its own account in the organization. Each application team also has limited access to a centralized shared services account. Each application team needs full access to download, publish, and grant access to its own packages. Some common library packages that the application teams use must also be shared with the entire organization. Which combination of steps will meet these requirements with the LEAST administrative overhead? (Select THREE.)
A. Create a domain in each application team's account. Grant each application team's
account lull read access and write access to the application team's domain
B. Create a domain in the shared services account Grant the organization read access and CreateRepository access.
C. Create a repository in each application team's account. Grant each application team's account lull read access and write access to its own repository.
D. Create a repository in the shared services account. Grant the organization read access to the repository in the shared services account. Set the repository as the upstream repository in each application team's repository.
E. For teams that require shared packages, create resource-based policies that allow read access to the repository from other application teams' accounts.
F. Set the other application teams' repositories as upstream repositories.
A company uses AWS CodePipeline and AWS CodeDeploy to deploy application code to Amazon EC2 instances. The EC2 instances send application logs and CodeDeploy logs to Amazon CloudWatch. Recently, the company manually rolled back a deployment because of application errors. The company wants to automate the rollback process when application errors occur. Which solution will meet these requirements?
A. Create a CloudWatch metric based on the application logs. Create a CloudWatch alarm
based on the metric that will activate when application errors occur. Change the
deployment group settings to use the CloudWatch alarm configuration. Configure the
deployment group to use an auto rollback configuration.
B. Configure a CloudWatch alarm that uses a custom metric for application errors that are recorded in the CodeDeploy agent logs. Configure the current deployment to use the CloudWatch alarm for its alarm configuration. Configure the deployment to use an auto rollback configuration.
C. Create an AWS Lambda function that will create a new deployment by using the last successful application deployment. Create an Amazon EventBridge rule that matches events from CodeDeploy that have a deployment status of FAILURE. Configure the EventBridge rule to target the Lambda function.
D. Create an AWS Lambda function that will create a new deployment group for the application deployment. Create a CloudWatch alarm based on metrics from the application logs. Configure the alarm to activate when an application error occurs on an EC2 instance. Configure the CloudWatch alarm to invoke the Lambda function.
A company uses Amazon RDS for all databases in Its AWS accounts The company uses AWS Control Tower to build a landing zone that has an audit and logging account All databases must be encrypted at rest for compliance reasons. The company's security engineer needs to receive notification about any noncompliant databases that are in the company's accounts Which solution will meet these requirements with the MOST operational efficiency?
A. Use AWS Control Tower to activate the optional detective control (guardrail) to
determine whether the RDS storage is encrypted Create an Amazon Simple Notification
Service (Amazon SNS) topic in the company's audit account. Create an Amazon
EventBridge rule to filter noncompliant events from the AWS Control Tower control (guardrail) to notify the SNS topic. Subscribe the security engineer's email address to the
SNS topic
B. Use AWS Cloud Formation StackSets to deploy AWS Lambda functions to every
account. Write the Lambda function code to determine whether the RDS storage is
encrypted in the account the function is deployed to Send the findings as an Amazon
CloudWatch metric to the management account Create an Amazon Simple Notification
Service (Amazon SNS) topic. Create a CloudWatch alarm that notifies the SNS topic when
metric thresholds are met. Subscribe the security engineer's email address to the SNS
topic.
C. Create a custom AWS Config rule in every account to determine whether the RDS storage is encrypted Create an Amazon Simple Notification Service (Amazon SNS) topic in the audit account Create an Amazon EventBridge rule to filter noncompliant events from the AWS Control Tower control (guardrail) to notify the SNS topic. Subscribe the security engineer's email address to the SNS topic
D. Launch an Amazon EC2 instance. Run an hourly cron job by using the AWS CLI to determine whether the RDS storage is encrypted in each AWS account Store the results in an RDS database. Notify the security engineer by sending email messages from the EC2 instance when noncompliance is detected
A development team manually builds a local artifact. The development team moves the artifact to an Amazon S3 bucket to support an application. The application has a local cache that must be cleared when the development team deploys the application to Amazon EC2 instances. For each deployment, the development team runs a command to clear the cache, download the artifact from the S3 bucket, and unzip the artifact to complete the deployment. The development team wants to migrate the deployment process to a CI/CD process and to track the progress of each deployment. Which combination of actions will meet these requirements with the MOST operational efficiency? (Select THREE.)
A. Set up an AWS CodeConnections compatible Git repository. Allow developers to merge
code into the repository. Use AWS CodeBuild to build an artifact and copy the object into
the S3 bucket. Configure CodeBuild to run for every merge into the main branch.
B. Create a custom script to clear the cache. Specify the script in the BeforeInstall lifecycle hook in the AppSpec file.
C. Create user data for each EC2 instance that contains the cache clearing script. Test the application after deployment. If the deployment is not successful, then redeploy.
D. Use AWS CodePipeline to deploy the application. Set up an AWS CodeConnections compatible Git repository. Allow developers to merge code into the repository as a source for the pipeline.
E. Use AWS CodeBuild to build the artifact and place the artifact in the S3 bucket. Use AWS CodeDeploy to deploy the artifact to EC2 instances.
F. Use AWS Systems Manager to fetch the artifact from the S3 bucket and to deploy the artifact to all the EC2 instances.
A company uses an Amazon Aurora PostgreSQL global database that has two secondary AWS Regions. A DevOps engineer has configured the database parameter group to guarantee an RPO of 60 seconds. Write operations on the primary cluster are occasionally blocked because of the RPO setting. The DevOps engineer needs to reduce the frequency of blocked write operations. Which solution will meet these requirements?
A. Add an additional secondary cluster to the global database.
B. Enable write forwarding for the global database.
C. Remove one of the secondary clusters from the global database.
D. Configure synchronous replication for the global database.
A security team wants to use AWS CloudTrail to monitor all actions and API calls in multiple accounts that are in the same organization in AWS Organizations. The security team needs to ensure that account users cannot turn off CloudTrail in the accounts. Which solution will meet this requirement?
A. Apply an SCP to all OUs to deny the cloudtrail:StopLogging action and the
cloudtrail:DeleteTrail action.
B. Create IAM policies in each account to deny the cloudtrail:StopLogging action and the cloudtrail:DeleteTrail action.
C. Set up Amazon CloudWatch alarms to notify the security team when a user disables CloudTrail in an account.
D. Use AWS Config to automatically re-enable CloudTrail if a user disables CloudTrail in an account.
A company has microservices running in AWS Lambda that read data from Amazon DynamoDB. The Lambda code is manually deployed by developers after successful testing The company now needs the tests and deployments be automated and run in the cloud Additionally, traffic to the new versions of each microservice should be incrementally shifted over time after deployment. What solution meets all the requirements, ensuring the MOST developer velocity?
A. Create an AWS CodePipelme configuration and set up a post-commit hook to trigger the pipeline after tests have passed Use AWS CodeDeploy and create a Canary deployment
configuration that specifies the percentage of traffic and interval
B. Create an AWS CodeBuild configuration that triggers when the test code is pushed Use AWS CloudFormation to trigger an AWS CodePipelme configuration that deploys the new Lambda versions and specifies the traffic shift percentage and interval
C. Create an AWS CodePipelme configuration and set up the source code step to trigger when code is pushed. Set up the build step to use AWS CodeBuild to run the tests Set up an AWS CodeDeploy configuration to deploy, then select the CodeDeployDefault.LambdaLinearlDPercentEvery3Minut.es Option.
D. Use the AWS CLI to set up a post-commit hook that uploads the code to an Amazon S3 bucket after tests have passed. Set up an S3 event trigger that runs a Lambda function that deploys the new version. Use an interval in the Lambda function to deploy the code over time at the required percentage
Be part of the conversation — share your thoughts, reply to others, and contribute your experience.
