Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. Amazon
  3. DOP-C02

Amazon AWS Certified DevOps Engineer - Professional DOP-C02 DOP-C02 Exam Questions in PDF

Free Amazon DOP-C02 Dumps Questions (page: 4)

DOP-C02 PDF — 447 Questions

A company has multiple AWS accounts. The company uses AWS IAM Identity Center (AWS Single Sign-On) that is integrated with AWS Toolkit for Microsoft Azure DevOps. The attributes for access control feature is

enabled in IAM Identity Center.

The attribute mapping list contains two entries. The department key is mapped to ${path:enterprise.department}. The costCenter key is mapped to ${path:enterprise.costCenter}.

All existing Amazon EC2 instances have a department tag that corresponds to three company departments (d1, d2, d3). A DevOps engineer must create policies based on the matching attributes. The policies must minimize administrative effort and must grant each Azure AD user access to only the EC2 instances that are tagged with the user's respective department name.

Which condition key should the DevOps engineer include in the custom permissions policies to meet these requirements?





Answer(s): C



A company hosts a security auditing application in an AWS account. The auditing application uses an IAM role to access other AWS accounts. All the accounts are in the same organization in AWS Organizations.

A recent security audit revealed that users in the audited AWS accounts could modify or delete the auditing application's IAM role. The company needs to prevent any modification to the auditing application's IAM role by any entity other than a trusted administrator IAM role.

Which solution will meet these requirements?

  1. Create an SCP that includes a Deny statement for changes to the auditing application's IAM role. Include a condition that allows the trusted administrator IAM role to make changes. Attach the SCP to the root of the organization.
  2. Create an SCP that includes an Allow statement for changes to the auditing application's IAM role by the trusted administrator IAM role. Include a Deny statement for changes by all other IAM principals. Attach the SCP to the IAM service in each AWS account where the auditing application has an IAM role.
  3. Create an IAM permissions boundary that includes a Deny statement for changes to the auditing application's IAM role. Include a condition that allows the trusted administrator IAM role to make changes.
    Attach the permissions boundary to the audited AWS accounts.
  4. Create an IAM permissions boundary that includes a Deny statement for changes to the auditing application's IAM role. Include a condition that allows the trusted administrator IAM role to make changes.
    Attach the permissions boundary to the auditing application's IAM role in the AWS accounts.

Answer(s): A



A company has an on-premises application that is written in Go. A DevOps engineer must move the application to AWS. The company's development team wants to enable blue/green deployments and perform A/B testing.

Which solution will meet these requirements?

  1. Deploy the application on an Amazon EC2 instance, and create an AMI of the instance. Use the AMI to create an automatic scaling launch configuration that is used in an Auto Scaling group. Use Elastic Load Balancing to distribute traffic. When changes are made to the application, a new AMI will be created, which will initiate an EC2 instance refresh.
  2. Use Amazon Lightsail to deploy the application. Store the application in a zipped format in an Amazon S3 bucket. Use this zipped version to deploy new versions of the application to Lightsail. Use Lightsail deployment options to manage the deployment.
  3. Use AWS CodeArtifact to store the application code. Use AWS CodeDeploy to deploy the application to a fleet of Amazon EC2 instances. Use Elastic Load Balancing to distribute the traffic to the EC2 instances.
    When making changes to the application, upload a new version to CodeArtifact and create a new CodeDeploy deployment.
  4. Use AWS Elastic Beanstalk to host the application. Store a zipped version of the application in Amazon S3.
    Use that location to deploy new versions of the application. Use Elastic Beanstalk to manage the deployment options.

Answer(s): D



A developer is maintaining a fleet of 50 Amazon EC2 Linux servers. The servers are part of an Amazon EC2

Auto Scaling group, and also use Elastic Load Balancing for load balancing.

Occasionally, some application servers are being terminated after failing ELB HTTP health checks. The developer would like to perform a root cause analysis on the issue, but before being able to access application logs, the server is terminated.

How can log collection be automated?

  1. Use Auto Scaling lifecycle hooks to put instances in a Pending:Wait state. Create an Amazon CloudWatch alarm for EC2 Instance Terminate Successful and trigger an AWS Lambda function that invokes an SSM Run Command script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.
  2. Use Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state. Create an AWS Config rule for EC2 Instance-terminate Lifecycle Action and trigger a step function that invokes a script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.
  3. Use Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state. Create an Amazon CloudWatch subscription filter for EC2 Instance Terminate Successful and trigger a CloudWatch agent that invokes a script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.
  4. Use Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state. Create an Amazon EventBridge rule for EC2 Instance-terminate Lifecycle Action and trigger an AWS Lambda function that invokes an SSM Run Command script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.

Answer(s): D



A company has an organization in AWS Organizations. The organization includes workload accounts that contain enterprise applications. The company centrally manages users from an operations account. No users can be created in the workload accounts. The company recently added an operations team and must provide the operations team members with administrator access to each workload account.

Which combination of actions will provide this access? (Choose three.)

  1. Create a SysAdmin role in the operations account. Attach the AdministratorAccess policy to the role. Modify the trust relationship to allow the sts:AssumeRole action from the workload accounts.
  2. Create a SysAdmin role in each workload account. Attach the AdministratorAccess policy to the role. Modify the trust relationship to allow the sts:AssumeRole action from the operations account.
  3. Create an Amazon Cognito identity pool in the operations account. Attach the SysAdmin role as an authenticated role.
  4. In the operations account, create an IAM user for each operations team member.
  5. In the operations account, create an IAM user group that is named SysAdmins. Add an IAM policy that allows the sts:AssumeRole action for the SysAdmin role in each workload account. Add all operations team members to the group.
  6. Create an Amazon Cognito user pool in the operations account. Create an Amazon Cognito user for each operations team member.

Answer(s): B,D,E



A company has multiple accounts in an organization in AWS Organizations. The company's SecOps team

needs to receive an Amazon Simple Notification Service (Amazon SNS) notification if any account in the organization turns off the Block Public Access feature on an Amazon S3 bucket. A DevOps engineer must implement this change without affecting the operation of any AWS accounts. The implementation must ensure that individual member accounts in the organization cannot turn off the notification.

Which solution will meet these requirements?

  1. Designate an account to be the delegated Amazon GuardDuty administrator account. Turn on GuardDuty for all accounts across the organization. In the GuardDuty administrator account, create an SNS topic.
    Subscribe the SecOps team's email address to the SNS topic. In the same account, create an Amazon EventBridge rule that uses an event pattern for GuardDuty findings and a target of the SNS topic.
  2. Create an AWS CloudFormation template that creates an SNS topic and subscribes the SecOps team's email address to the SNS topic. In the template, include an Amazon EventBridge rule that uses an event pattern of CloudTrail activity for s3:PutBucketPublicAccessBlock and a target of the SNS topic. Deploy the stack to every account in the organization by using CloudFormation StackSets.
  3. Turn on AWS Config across the organization. In the delegated administrator account, create an SNS topic.
    Subscribe the SecOps team's email address to the SNS topic. Deploy a conformance pack that uses the s3-bucket-level-public-access-prohibited AWS Config managed rule in each account and uses an AWS Systems Manager document to publish an event to the SNS topic to notify the SecOps team.
  4. Turn on Amazon Inspector across the organization. In the Amazon Inspector delegated administrator account, create an SNS topic. Subscribe the SecOps team's email address to the SNS topic. In the same account, create an Amazon EventBridge rule that uses an event pattern for public network exposure of the S3 bucket and publishes an event to the SNS topic to notify the SecOps team.

Answer(s): C



A company has migrated its container-based applications to Amazon EKS and want to establish automated email notifications. The notifications sent to each email address are for specific activities related to EKS components. The solution will include Amazon SNS topics and an AWS Lambda function to evaluate incoming log events and publish messages to the correct SNS topic.

Which logging solution will support these requirements?

  1. Enable Amazon CloudWatch Logs to log the EKS components. Create a CloudWatch subscription filter for each component with Lambda as the subscription feed destination.
  2. Enable Amazon CloudWatch Logs to log the EKS components. Create CloudWatch Logs Insights queries linked to Amazon EventBridge events that invoke Lambda.
  3. Enable Amazon S3 logging for the EKS components. Configure an Amazon CloudWatch subscription filter for each component with Lambda as the subscription feed destination.
  4. Enable Amazon S3 logging for the EKS components. Configure S3 PUT Object event notifications with AWS Lambda as the destination.

Answer(s): A



A company is implementing an Amazon Elastic Container Service (Amazon ECS) cluster to run its workload. The company architecture will run multiple ECS services on the cluster. The architecture includes an Application Load Balancer on the front end and uses multiple target groups to route traffic.

A DevOps engineer must collect application and access logs. The DevOps engineer then needs to send the logs to an Amazon S3 bucket for near-real-time analysis.

Which combination of steps must the DevOps engineer take to meet these requirements? (Choose three.)

  1. Download the Amazon CloudWatch Logs container instance from AWS. Configure this instance as a task.
    Update the application service definitions to include the logging task.
  2. Install the Amazon CloudWatch Logs agent on the ECS instances. Change the logging driver in the ECS task definition to awslogs.
  3. Use Amazon EventBridge to schedule an AWS Lambda function that will run every 60 seconds and will run the Amazon CloudWatch Logs create-export-task command. Then point the output to the logging S3 bucket.
  4. Activate access logging on the ALB. Then point the ALB directly to the logging S3 bucket.
  5. Activate access logging on the target groups that the ECS services use. Then send the logs directly to the logging S3 bucket.
  6. Create an Amazon Kinesis Data Firehose delivery stream that has a destination of the logging S3 bucket.
    Then create an Amazon CloudWatch Logs subscription filter for Kinesis Data Firehose.

Answer(s): B,D,F



Viewing page 4 of 57

Share your comments for Amazon DOP-C02 exam with other users:

D
Deb
8/15/2023 8:28:00 PM

love the site.

UNITED STATES
M
Michelle
6/23/2023 4:08:00 AM

can you please upload it back?

Anonymous
A
Ajay
10/3/2023 12:17:00 PM

could you please re-upload this exam? thanks a lot!

Anonymous
H
him
9/30/2023 2:38:00 AM

great about shared quiz

Anonymous
S
San
11/14/2023 12:46:00 AM

goood helping

Anonymous
W
Wang
6/9/2022 10:05:00 PM

pay attention to questions. they are very tricky. i waould say about 80 to 85% of the questions are in this exam dump.

UNITED STATES
M
Mary
5/16/2023 4:50:00 AM

wish you would allow more free questions

Anonymous
T
thomas
9/12/2023 4:28:00 AM

great simulation

Anonymous
S
Sandhya
12/9/2023 12:57:00 AM

very g inood

Anonymous
A
Agathenta
12/16/2023 1:36:00 PM

q35 should be a

Anonymous
M
MD. SAIFUL ISLAM
6/22/2023 5:21:00 AM

sap c_ts450_2021

Anonymous
S
Satya
7/24/2023 3:18:00 AM

nice questions

UNITED STATES
S
sk
5/13/2023 2:10:00 AM

ecellent materil for unserstanding

INDIA
G
Gerard
6/29/2023 11:14:00 AM

good so far

Anonymous
L
Limbo
10/9/2023 3:08:00 AM

this is way too informative

BOTSWANA
T
Tejasree
8/26/2023 1:46:00 AM

very helpfull

UNITED STATES
Y
Yolostar Again
10/12/2023 3:02:00 PM

q.189 - answers are incorrect.

Anonymous
S
Shikha Bakra
9/10/2023 5:16:00 PM

awesome job in getting these questions

AUSTRALIA
K
Kevin
10/20/2023 2:01:00 AM

i cant find aws certified practitioner clf-c01 exam in aws website but i found aws certified practitioner clf-c02 exam. can everyone please verify the difference between the two clf-c01 and clf-c02? thank you

UNITED STATES
D
D Mario
6/19/2023 10:38:00 PM

grazie mille. i got a satisfactory mark in my exam test today because of this exam dumps. sorry for my english.

ITALY
B
Bharat Kumar Saraf
10/31/2023 4:36:00 AM

some of the answers are incorrect. need to be reviewed.

HONG KONG
J
JP
7/13/2023 12:21:00 PM

so far so good

Anonymous
K
Kiky V
8/8/2023 6:32:00 PM

i am really liking it

Anonymous
T
trying
7/28/2023 12:37:00 PM

thanks good stuff

UNITED STATES
E
exampei
10/4/2023 2:40:00 PM

need dump c_tadm_23

Anonymous
E
Eman Sawalha
6/10/2023 6:18:00 AM

next time i will write a full review

GREECE
J
johnpaul
11/15/2023 7:55:00 AM

first time using this site

ROMANIA
O
omiornil@gmail.com
7/25/2023 9:36:00 AM

please sent me oracle 1z0-1105-22 pdf

BANGLADESH
J
John
8/29/2023 8:59:00 PM

very helpful

Anonymous
K
Kvana
9/28/2023 12:08:00 PM

good info about oml

UNITED STATES
C
Checo Lee
7/3/2023 5:45:00 PM

very useful to practice

UNITED STATES
D
dixitdnoh@gmail.com
8/27/2023 2:58:00 PM

this website is very helpful.

UNITED STATES
S
Sanjay
8/14/2023 8:07:00 AM

good content

INDIA
B
Blessious Phiri
8/12/2023 2:19:00 PM

so challenging

Anonymous
AI Tutor 👋 I’m here to help!