DOP-C02 Exam Training Practice Tests (Amazon AWS Certified DevOps Engineer

Question 1

A company has a guideline that every Amazon EC2 instance must be launched from an AMI that the company ' s security team produces Every month the security team sends an email message with the latest approved AMIs to all the development teams.
The development teams use AWS CloudFormation to deploy their applications. When developers launch a new service they have to search their email for the latest AMIs that the security department sent. A DevOps engineer wants to automate the process that the security team uses to provide the AMI IDs to the development teams.
What is the MOST scalable solution that meets these requirements?

A. Direct the security team to use Amazon EC2 Image Builder to create new AMIs and to place the AMI ARNs as parameters in AWS Systems Manager Parameter Store Instruct the developers to specify a parameter of type SSM in their CloudFormation stack to obtain the most recent AMI ARNs from Parameter Store. B. Direct the security team to use a CloudFormation stack to create an AWS CodePipeline pipeline that builds new AMIs and places the latest AMI ARNs in an encrypted Amazon S3 object as part of the pipeline output Instruct the developers to use a cross-stack reference within their own CloudFormation template to obtain the S3 object location and the most recent AMI ARNs. C. Direct the security team to use Amazon EC2 Image Builder to create new AMIs and to create an Amazon Simple Notification Service (Amazon SNS) topic so that every development team can receive notifications. When the development teams receive a notification instruct them to write an AWS Lambda function that will update their CloudFormation stack with the most recent AMI ARNs. D. Direct the security team to use CloudFormation to create new versions of the AMIs and to list! the AMI ARNs in an encrypted Amazon S3 object as part of the stack ' s Outputs Section Instruct the developers to use a cross-stack reference to load the encrypted S3 object and obtain the most recent AMI ARNs.

Correct Answer: A

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 2

A company wants to use AWS CloudFormation for infrastructure deployment. The company has strict tagging and resource requirements and wants to limit the deployment to two Regions. Developers will need to deploy multiple versions of the same application.
Which solution ensures resources are deployed in accordance with company policy?

A. Create CloudFormation StackSets with approved CloudFormation templates. B. Create AWS Service Catalog products with approved CloudFormation templates. C. Create AWS Trusted Advisor checks to find and remediate unapproved CloudFormation StackSets. D. Create a Cloud Formation drift detection operation to find and remediate unapproved CloudFormation StackSets.

Correct Answer: B

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 3

A company is implementing a well-architected design for its globally accessible API stack. The design needs to ensure both high reliability and fast response times for users located in North America and Europe.
The API stack contains the following three tiers:
Amazon API Gateway
AWS Lambda
Amazon DynamoDB
Which solution will meet the requirements?

A. Configure Amazon Route 53 to point to API Gateway in North America, create a disaster recovery API in Europe, and configure both APIs to forward requests to the Lambda functions in that Region.
Retrieve the data from a DynamoDB global table. Deploy a Lambda function to check the North America API health every 5 minutes. In the event of a failure, update Route 53 to point to the disaster recovery API. B. Configure Amazon Route 53 to point to API Gateway APIs in North America and Europe using latency- based routing and health checks. Configure the APIs to forward requests to a Lambda function in that Region. Configure the Lambda functions to retrieve and update the data in a DynamoDB global table. C. Configure Amazon Route 53 to point to API Gateway API in North America using latency-based routing. Configure the API to forward requests to the Lambda function in the Region nearest to the user. Configure the Lambda function to retrieve and update the data in a DynamoDB table. D. Configure Amazon Route 53 to point to API Gateway APIs in North America and Europe using health checks. Configure the APIs to forward requests to a Lambda function in that Region. Configure the Lambda functions to retrieve and update the data in a DynamoDB table in the same Region as the Lambda function.

Correct Answer: B

Question 4

A DevOps engineer is building a solution that uses Amazon Simple Queue Service (Amazon SQS) standard queues. The solution also includes an AWS Lambda function and an Amazon DynamoDB table. The Lambda function pulls content from the SQS queue and writes the content to the DynamoDB table.
The solution must maximize the scalability of the Lambda function and must prevent successfully processed SQS messages from being processed multiple times.
Which solution will meet these requirements?

A. Set the batch window to 1 second in the Lambda function ' s event source mapping. B. Set the batch size to 1 in the Lambda function ' s event source mapping. C. Set a value of ReportBatchItemFailures in the FunctionResponseTypes list in the Lambda function ' s event source mapping. D. Set the reserved concurrency to 1 in the Lambda function ' s concurrency and recursion detection settings.

Correct Answer: C

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 5

A company uses AWS CodeArtifact to centrally store Python packages. The CodeArtifact repository is configured with the following repository policy.
" Version " : "2012-10-17",
" Statement": [
{
" Action " : [
" codeartifact:DescribePackageVersion " , " codeartifact:DescribeRepository " ,
" codeartifact:GetPackageVersionReadme " , " codeartifact:GetRepositoryEndpoint " , " codeartifact:
ListPackageVersionAssets " , ' 'codeartifact: ListPackageVersionDependencies " , " codeartifact:
ListPackageVersions " , ' 'codeartifact :ListPackages " ,
' 'codeartifact: ReadFromRepository "
],
" Effect " : " Allow " ,
" Resource " : " * " ,
" Principal " :
" Condition " : {
" StringEquals " : {
" aws:PrincipalOrglD " : [ " o-xxxxxxxxxxx "
]
}
}
}
]
A development team is building a new project in an account that is in an organization in AWS Organizations.
The development team wants to use a Python library that has already been stored in the CodeArtifact repository in the organization. The development team uses AWS CodePipeline and AWS CodeBuild to build the new application. The CodeBuild job that the development team uses to build the application is configured to run in a VPC Because of compliance requirements the VPC has no internet connectivity.
The development team creates the VPC endpoints for CodeArtifact and updates the CodeBuild buildspec yaml file. However, the development team cannot download the Python library from the repository.
Which combination of steps should a DevOps engineer take so that the development team can use Code Artifact? (Select TWO.)

A. Share the CodeArtifact repository with the organization by using AWS Resource Access Manager (AWS RAM). B. Update the repository policy ' s Principal statement to include the ARN of the role that the CodeBuild project uses. C. Create an Amazon S3 gateway endpoint Update the route tables for the subnets that are running the CodeBuild job. D. Specify the account that hosts the repository as the delegated administrator for CodeArtifact in the organization. E. Update the role that the CodeBuild project uses so that the role has sufficient permissions to use the CodeArtifact repository.

Correct Answer: C,E

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 6

A company wants to use a grid system for a proprietary enterprise m-memory data store on top of AWS. This system can run in multiple server nodes in any Linux-based distribution. The system must be able to reconfigure the entire cluster every time a node is added or removed. When adding or removing nodes an /etc.
/cluster/nodes config file must be updated listing the IP addresses of the current node members of that cluster.
The company wants to automate the task of adding new nodes to a cluster.
What can a DevOps engineer do to meet these requirements?

A. Create an Amazon S3 bucket and upload a version of the /etc./cluster/nodes config file Create a crontab script that will poll for that S3 file and download it frequently. Use a process manager such as Monit or system, to restart the cluster services when it detects that the new file was modified. When adding a node to the cluster edit the file ' s most recent members Upload the new file to the S3 bucket. B. Use AWS OpsWorks Stacks to layer the server nodes of that cluster. Create a Chef recipe that populates the content of the ' etc./cluster/nodes config file and restarts the service by using the current members of the layer. Assign that recipe to the Configure lifecycle event. C. Create a user data script that lists all members of the current security group of the cluster and automatically updates the /etc/cluster/. nodes config. Tile whenever a new instance is added to the cluster. D. Put the file nodes config in version control. Create an AWS CodeDeploy deployment configuration and deployment group based on an Amazon EC2 tag value for thecluster nodes. When adding a new node to the cluster update the file with all tagged instances and make a commit in version control. Deploy the new file and restart the services.

Correct Answer: B

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 7

A company runs a fleet of Amazon EC2 instances in a VPC. The company ' s employees remotely access the EC2 instances by using the Remote Desktop Protocol (RDP). The company wants to collect metrics about how many RDP sessions the employees initiate every day. Which combination of steps will meet this requirement? (Select THREE.)

A. Create a log group metric filter. B. Create a log group subscription filter. Use EventBridge as the destination. C. Create an Amazon CloudWatch Logs log group. Specify the log group as a destination for the flow log. D. Create an Amazon EventBridge rule that reacts to EC2 Instance State-change Notification events. E. Create a flow log in VPC Flow Logs. F. Create an Amazon CloudWatch Logs log group. Specify the log group as a target for the EventBridge rule.

Correct Answer: A,C,E

Question 8

A company uses AWS Organizations to manage its AWS accounts. The company has a root OU that has a child OU. The root OU has an SCP that allows all actions on all resources. The child OU has an SCP that allows all actions for Amazon DynamoDB and AWS Lambda, and denies all other actions.
The company has an AWS account that is named vendor-data in the child OU. A DevOps engineer has an
1AM user that is attached to the AdministratorAccess 1AM policy in the vendor-data account. The DevOps engineer attempts to launch an Amazon EC2 instance in the vendor-data account but receives an access denied error.
Which change should the DevOps engineer make to launch the EC2 instance in the vendor-data account?

A. Create a new SCP that allows all actions for Amazon EC2. Attach the SCP to the vendor-data account. B. Update the SCP in the child OU to allow all actions for Amazon EC2. C. Create a new SCP that allows all actions for Amazon EC2. Attach the SCP to the root OU. D. Attach the AmazonEC2FullAccess 1AM policy to the 1AM user.

Correct Answer: B

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 9

A company has 20 service learns Each service team is responsible for its own microservice. Each service team uses a separate AWS account for its microservice and a VPC with the 192 168 0 0/22 CIDR block. The company manages the AWS accounts with AWS Organizations.
Each service team hosts its microservice on multiple Amazon EC2 instances behind an Application Load Balancer. The microservices communicate with each other across the public internet. The company ' s security team has issued a new guideline that all communication between microservices must use HTTPS over private network connections and cannot traverse the public internet.
A DevOps engineer must implement a solution that fulfills these obligations and minimizes the number of changes for each service team.
Which solution will meet these requirements?

A. Create a Network Load Balancer (NLB) in each of the microservice VPCs Use AWS PrivateLink to create VPC endpoints in each AWS account for the NLBs Create subscriptions to each VPC endpoint in each of the other AWS accounts Use the VPC endpoint DNS names for communication between microservices. B. Create a new AWS account in AWS Organizations Create a VPC in this account and use AWS Resource Access Manager to share the private subnets of this VPC with the organization Instruct the service teams to launch a new. Network Load Balancer (NLB) and EC2 instances that use the shared private subnets Use the NLB DNS names for communication between microservices. C. Create a Network Load Balancer (NLB) in each of the microservice VPCs Create VPC peering connections between each of the microservice VPCs Update the route tables for each VPC to use the peering links Use the NLB DNS names for communication between microservices. D. Create a new AWS account in AWS Organizations Create a transit gateway in this account and use AWS Resource Access Manager to share the transit gateway with the organization. In each of the microservice VPCs. create a transit gateway attachment to the shared transit gateway Update the route tables of each VPC to use the transit gateway Create a Network Load Balancer (NLB) in each of the microservice VPCs Use the NLB DNS names for communication between microservices.

Correct Answer: A

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Amazon AWS Certified DevOps Engineer - Professional - DOP-C02 Exam Practice Test