Home
Amazon
DOP-C02 Exam Info
DOP-C02 Exam Questions

Home ❯
Amazon ❯
DOP-C02 Exam Info ❯
DOP-C02 Exam Questions

Master Amazon AWS Certified DevOps Engineer - Professional Exam DOP-C02 Your Way

Ready to elevate your cloud career? Our cutting-edge Amazon AWS Certified DevOps Engineer - Professional Exam DOP-C02 practice questions are your secret weapon. Designed by industry experts, these materials go beyond mere memorization, immersing you in real-world scenarios that mirror the exam's complexity. Choose from PDF, web-based, or desktop formats to suit your learning style and busy schedule. With our adaptive learning technology, you'll pinpoint weaknesses and transform them into strengths. Join thousands of successful candidates who've aced the exam and unlocked lucrative opportunities in cloud architecture, CI/CD pipelines, and infrastructure automation. Time is ticking – the demand for certified professionals is skyrocketing. Don't let this chance slip away. Invest in your future today and become the DevOps leader companies are desperately seeking.

Page: 1 /
Total 250 questions

Want more questions? Get Premium Access.
()

Get Free Questions & Answers PDF

Question 1

A company has set up AWS CodeArtifact repositories with public upstream repositories The company's development team consumes open source dependencies from the repositories in the company's internal network.

The company's security team recently discovered a critical vulnerability in the most recent version of a package that the development team consumes. The security team has produced a patched version to fix the vulnerability. The company needs to prevent the vulnerable version from being downloaded. The company also needs to allow the security team to publish the patched version.

Which combination of steps will meet these requirements? {Select TWO.)

AUpdate the status of the affected CodeArtifact package version to unlisted

BUpdate the status of the affected CodeArtifact package version to deleted

CUpdate the status of the affected CodeArtifact package version to archived.

DUpdate the CodeArtifact package origin control settings to allow direct publishing and to block upstream operations

EUpdate the CodeArtifact package origin control settings to block direct publishing and to allow upstream operations.

Correct : B, D

Update the status of the affected CodeArtifact package version to deleted:

Deleting the vulnerable package version prevents it from being available for download by any users or systems, ensuring that the compromised version is not consumed.

Update the CodeArtifact package origin control settings to allow direct publishing and to block upstream operations:

By allowing direct publishing, the security team can publish the patched version of the package directly to the CodeArtifact repository.

Blocking upstream operations prevents the repository from automatically fetching and serving the vulnerable package version from upstream public repositories.

By deleting the vulnerable version and configuring the origin control settings to allow direct publishing and block upstream operations, the company ensures that only the patched version is available and the vulnerable version cannot be downloaded.

Managing Package Versions in CodeArtifact

Package Origin Controls in CodeArtifact

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AUpdate the status of the affected CodeArtifact package version to unlisted

BUpdate the status of the affected CodeArtifact package version to deleted

CUpdate the status of the affected CodeArtifact package version to archived.

DUpdate the CodeArtifact package origin control settings to allow direct publishing and to block upstream operations

EUpdate the CodeArtifact package origin control settings to block direct publishing and to allow upstream operations.

0 / 1500

Question 2

A company wants to use AWS Systems Manager documents to bootstrap physical laptops for developers The bootstrap code Is stored in GitHub A DevOps engineer has already created a Systems Manager activation, installed the Systems Manager agent with the registration code, and installed an activation ID on all the laptops.

Which set of steps should be taken next?

AConfigure the Systems Manager document to use the AWS-RunShellScnpt command to copy the files from GitHub to Amazon S3, then use the aws-downloadContent plugin with a sourceType of S3

BConfigure the Systems Manager document to use the aws-configurePackage plugin with an install action and point to the Git repository

CConfigure the Systems Manager document to use the aws-downloadContent plugin with a sourceType of GitHub and sourcelnfo with the repository details.

DConfigure the Systems Manager document to use the aws:softwarelnventory plugin and run the script from the Git repository

Correct : C

Configure the Systems Manager Document to Use the aws-downloadContent Plugin with a sourceType of GitHub and sourcelnfo with the Repository Details:

The aws-downloadContent plugin can download content from various sources, including GitHub, which is necessary for bootstrapping the laptops with the code stored in the GitHub repository.

schemaVersion: '2.2'

description: 'Download and run bootstrap script from GitHub'

mainSteps:

- action: aws:downloadContent

name: downloadBootstrapScript

inputs:

sourceType: GitHub

sourceInfo: '{'owner':'my-org','repository':'my-repo','path':'scripts/bootstrap.sh','getOptions':'branch:main'}'

destinationPath: /tmp/bootstrap.sh

- action: aws:runShellScript

name: runBootstrapScript

inputs:

runCommand:

- chmod +x /tmp/bootstrap.sh

- /tmp/bootstrap.sh

This setup ensures that the bootstrap code is downloaded from GitHub and executed on the laptops using Systems Manager.

AWS Systems Manager aws-downloadContent Plugin

Running Commands Using Systems Manager

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AConfigure the Systems Manager document to use the AWS-RunShellScnpt command to copy the files from GitHub to Amazon S3, then use the aws-downloadContent plugin with a sourceType of S3

BConfigure the Systems Manager document to use the aws-configurePackage plugin with an install action and point to the Git repository

CConfigure the Systems Manager document to use the aws-downloadContent plugin with a sourceType of GitHub and sourcelnfo with the repository details.

DConfigure the Systems Manager document to use the aws:softwarelnventory plugin and run the script from the Git repository

0 / 1500

Question 3

A company hired a penetration tester to simulate an internal security breach The tester performed port scans on the company's Amazon EC2 instances. The company's security measures did not detect the port scans.

The company needs a solution that automatically provides notification when port scans are performed on EC2 instances. The company creates and subscribes to an Amazon Simple Notification Service (Amazon SNS) topic.

What should the company do next to meet the requirement?

AEnsure that Amazon GuardDuty is enabled Create an Amazon CloudWatch alarm for detected EC2 and port scan findings. Connect the alarm to the SNS topic.

BEnsure that Amazon Inspector is enabled Create an Amazon EventBridge event for detected network reachability findings that indicate port scans Connect the event to the SNS topic.

CEnsure that Amazon Inspector is enabled. Create an Amazon EventBridge event for detected CVEs that cause open port vulnerabilities. Connect the event to the SNS topic

DEnsure that AWS CloudTrail is enabled Create an AWS Lambda function to analyze the CloudTrail logs for unusual amounts of traffic from an IP address range Connect the Lambda function to the SNS topic.

Correct : A

* Ensure that Amazon GuardDuty is Enabled:

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior.

It can detect port scans and generate findings for these events.

* Create an Amazon CloudWatch Alarm for Detected EC2 and Port Scan Findings:

Configure GuardDuty to monitor for port scans and other threats.

Create a CloudWatch alarm that triggers when GuardDuty detects port scan activities.

* Connect the Alarm to the SNS Topic:

The CloudWatch alarm should be configured to send notifications to the SNS topic subscribed by the security team.

This setup ensures that the security team receives near-real-time notifications when a port scan is detected on the EC2 instances.

Example configuration steps:

Enable GuardDuty and ensure it is monitoring the relevant AWS accounts.

Create a CloudWatch alarm:

{

'AlarmName': 'GuardDutyPortScanAlarm',

'MetricName': 'ThreatIntelIndicator',

'Namespace': 'AWS/GuardDuty',

'Statistic': 'Sum',

'Dimensions': [

{

'Name': 'FindingType',

'Value': 'Recon:EC2/Portscan'

}

'Period': 300,

'EvaluationPeriods': 1,

'Threshold': 1,

'ComparisonOperator': 'GreaterThanOrEqualToThreshold',

'AlarmActions': ['arn:aws:sns:region:account-id:SecurityAlerts']

}

Amazon GuardDuty

Creating CloudWatch Alarms for GuardDuty Findings

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AEnsure that Amazon GuardDuty is enabled Create an Amazon CloudWatch alarm for detected EC2 and port scan findings. Connect the alarm to the SNS topic.

BEnsure that Amazon Inspector is enabled Create an Amazon EventBridge event for detected network reachability findings that indicate port scans Connect the event to the SNS topic.

CEnsure that Amazon Inspector is enabled. Create an Amazon EventBridge event for detected CVEs that cause open port vulnerabilities. Connect the event to the SNS topic

0 / 1500

Question 4

A company uses containers for its applications The company learns that some container Images are missing required security configurations

A DevOps engineer needs to implement a solution to create a standard base image The solution must publish the base image weekly to the us-west-2 Region, us-east-2 Region, and eu-central-1 Region.

Which solution will meet these requirements?

ACreate an EC2 Image Builder pipeline that uses a container recipe to build the image. Configure the pipeline to distribute the image to an Amazon Elastic Container Registry (Amazon ECR) repository in us-west-2. Configure ECR replication from us-west-2 to us-east-2 and from us-east-2 to eu-central-1 Configure the pipeline to run weekly

BCreate an AWS CodePipeline pipeline that uses an AWS CodeBuild project to build the image Use AWS CodeOeploy to publish the image to an Amazon Elastic Container Registry (Amazon ECR) repository in us-west-2 Configure ECR replication from us-west-2 to us-east-2 and from us-east-2 to eu-central-1 Configure the pipeline to run weekly

CCreate an EC2 Image Builder pipeline that uses a container recipe to build the Image Configure the pipeline to distribute the image to Amazon Elastic Container Registry (Amazon ECR) repositories in all three Regions. Configure the pipeline to run weekly.

DCreate an AWS CodePipeline pipeline that uses an AWS CodeBuild project to build the image Use AWS CodeDeploy to publish the image to Amazon Elastic Container Registry (Amazon ECR) repositories in all three Regions. Configure the pipeline to run weekly.

Correct : C

Create an EC2 Image Builder Pipeline that Uses a Container Recipe to Build the Image:

EC2 Image Builder simplifies the creation, maintenance, validation, and sharing of container images.

By using a container recipe, you can define the base image, components, and validation tests for your container image.

Configure the Pipeline to Distribute the Image to Amazon Elastic Container Registry (Amazon ECR) Repositories in All Three Regions:

Amazon ECR provides a secure, scalable, and reliable container registry.

Configuring the pipeline to distribute the image to ECR repositories in us-west-2, us-east-2, and eu-central-1 ensures that the image is available in all required regions.

Configure the Pipeline to Run Weekly:

Setting the pipeline to run on a weekly schedule ensures that the base image is regularly updated and published, incorporating any new security configurations or updates.

By using EC2 Image Builder to automate the creation and distribution of the container image, the solution ensures that the base image is consistently maintained and available across multiple regions with minimal management overhead.

EC2 Image Builder

Amazon ECR

Setting Up EC2 Image Builder Pipelines

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

0 / 1500

Question 5

A company has configured Amazon RDS storage autoscaling for its RDS DB instances. A DevOps team needs to visualize the autoscaling events on an Amazon CloudWatch dashboard. Which solution will meet this requirement?

ACreate an Amazon EventBridge rule that reacts to RDS storage autoscaling events from RDS events. Create an AWS Lambda function that publishes a CloudWatch custom metric. Configure the EventBridge rule to invoke the Lambda function. Visualize the custom metric by using the CloudWatch dashboard.

BCreate a trail by using AWS CloudTrail with management events configured. Configure the trail to send the management events to Amazon CloudWatch Logs. Create a metric filter in CloudWatch Logs to match the RDS storage autoscaling events. Visualize the metric filter by using the CloudWatch dashboard.

CCreate an Amazon EventBridge rule that reacts to RDS storage autoscaling events (rom the RDS events. Create a CloudWatch alarm. Configure the EventBridge rule to change the status of the CloudWatch alarm. Visualize the alarm status by using the CloudWatch dashboard.

DCreate a trail by using AWS CloudTrail with data events configured. Configure the trail to send the data events to Amazon CloudWatch Logs. Create a metric filter in CloudWatch Logs to match the RDS storage autoscaling events. Visualize the metric filter by using the CloudWatch dashboard.
Step 1: Reacting to RDS Storage Autoscaling Events Using Amazon EventBridge
Amazon RDS emits events when storage autoscaling occurs. To visualize these events in a CloudWatch dashboard, you can create an EventBridge rule that listens for these specific autoscaling events.
Action: Create an EventBridge rule that reacts to RDS storage autoscaling events from the RDS event stream.
Why: EventBridge allows you to listen to RDS events and route them to specific AWS services for processing.
Step 2: Creating a Custom CloudWatch Metric via Lambda
Once the EventBridge rule detects a storage autoscaling event, you can use a Lambda function to publish a custom metric to CloudWatch. This metric can then be visualized in a CloudWatch dashboard.
Action: Use a Lambda function to publish custom metrics to CloudWatch based on the RDS storage autoscaling events.
Why: Custom metrics allow you to track specific events like autoscaling and visualize them easily on a CloudWatch dashboard.

Correct : A

This corresponds to Option A: Create an Amazon EventBridge rule that reacts to RDS storage autoscaling events from RDS events. Create an AWS Lambda function that publishes a CloudWatch custom metric. Configure the EventBridge rule to invoke the Lambda function. Visualize the custom metric by using the CloudWatch dashboard.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

0 / 1500

Page: 1 / 50
Total 250 questions

Unlock Full
DOP-C02 Exam Features

In Just $49 You can Access

All Official Question Types
Interactive Web-Based Practice Test Software
No Installation or 3rd Party Software Required
Customize your practice sessions (Free Demo)
24/7 Customer Support

Get Full Access Now

Marked Questions
DOP-C02 Exam

DOP-C02 Exam Question 1
DOP-C02 Exam Question 2
DOP-C02 Exam Question 3
DOP-C02 Exam Question 4
DOP-C02 Exam Question 5

Download PDF File Demo

Try Web-Based Exam Practice Software Demo

Commenting

In order to participate in the comments you need to be logged-in.
You can sign-up or login