Amazon DOP-C02 Practice Exam Questions

Amazon DOP-C02 Sample Question Answers

Question # 1

A company has deployed an Amazon Elastic Kubernetes Service (Amazon EKS) cluster with Amazon EC2 node groups. The company's DevOps team uses the Kubernetes Horizontal Pod Autoscaler and recently installed a supported EKS cluster Autoscaler. The DevOps team needs to implement a solution to collect metrics and logs of the EKS cluster to establish a baseline for performance. The DevOps team will create an initial set of thresholds for specific metrics and will update the thresholds over time as the cluster is used. The DevOps team must receive an Amazon Simple Notification Service (Amazon SNS) email notification if the initial set of thresholds is exceeded or if the EKS cluster Autoscaler is not functioning properly. The solution must collect cluster, node, and pod metrics. The solution also must capture logs in Amazon CloudWatch. Which combination of steps should the DevOps team take to meet these requirements? (Select THREE.) 

A. Deploy the CloudWatch agent and Fluent Bit to the cluster. Ensure that the EKS cluster has appropriate permissions to send metrics and logs to CloudWatch. 
B. Deploy AWS Distro for OpenTelemetry to the cluster. Ensure that the EKS cluster has appropriate permissions to send metrics and logs to CloudWatch. 
C. Create CloudWatch alarms to monitor the CPU, memory, and node failure metrics of the cluster. Configure the alarms to send an SNS email notification to the DevOps team if thresholds are exceeded. 
D. Create a CloudWatch composite alarm to monitor a metric log filter of the CPU, memory, and node metrics of the cluster. Configure the alarm to send an SNS email notification to the DevOps team when anomalies are detected. 
E. Create a CloudWatch alarm to monitor the logs of the Autoscaler deployments for errors. Configure the alarm to send an SNS email notification to the DevOps team if thresholds are exceeded. 
F. Create a CloudWatch alarm to monitor a metric log filter of the Autoscaler deployments for errors. Configure the alarm to send an SNS email notification to the DevOps team if thresholds are exceeded. 

Show Answer

Question # 2

A video-sharing company stores its videos in an Amazon S3 bucket. The company needs to analyze user access patterns such as the number of users who access a specific video each month. Which solution will meet these requirements with the LEAST development effort?

A. Enable Amazon S3 server access logging. Load the access logs into an Amazon Aurora database. Run SQL queries on the Aurora database to analyze the user access patterns. 
B. Enable Amazon S3 server access logging. Use Amazon Athena to create an external table that contains the access logs. Run SQL queries on the Athena table to analyze the user access patterns. 
C. Invoke an AWS Lambda function for every S3 object access event. Configure the Lambda function to write the file access information, including user ID, S3 bucket ID, and file key, to an Amazon Aurora database. Run SQL queries on the Aurora database to analyze the user access patterns. 
D. Record a log message in Amazon CloudWatch Logs for every S3 object access event. Configure a log stream in CloudWatch Logs to write the file access information, including user ID, S3 bucket ID, and file key, to an Amazon Managed Service for Apache Flink application. Perform a sliding window analysis on the user access patterns. 

Show Answer

Question # 3

A company has a stateless web application that is deployed on Amazon EC2 instances. The EC2 instances are in a target group behind an Application Load Balancer (ALB). Amazon Route 53 manages the application domain. The company updates the application UI and develops a beta version of the application. The company wants to test the beta version on 10% of its traffic. Which solution will meet these requirements with the LEAST number of configuration changes? 

A. Deploy the beta version to new EC2 instances in a new target group. Associate the new target group with a new ALB. Update the existing Route 53 record to use a weighted routing policy. Add a new Route 53 record that points to the new ALB with the same routing policy. Assign a weight of 90 to the existing record. Assign a weight of 10 to the new record. 
B. Deploy the beta version to new EC2 instances in a new target group. Associate the new target group with the same ALB listener rule. Assign a weight of 90 to the existing target group. Assign a weight of 10 to the new target group. 
C. Refactor the application to implement a feature flag for the beta version by using AWS AppConfig. Use the feature flag to enable the beta version for 10% of the EC2 instances. 
D. Containerize and deploy the application on Amazon Elastic Container Service (Amazon ECS). Use AWS CodeDeploy to deploy the beta version by using the CodeDeployDefault.ECSCanary10Percent15Minutes deployment configuration. 

Show Answer

Question # 4

A company has an application that runs on Amazon EC2 instances in an Auto Scaling group. The application processes a high volume of messages from an Amazon Simple Queue Service (Amazon SQS) queue. A DevOps engineer noticed that the application took several hours to process a group of messages from the SQS queue. The average CPU utilization of the Auto Scaling group did not cross the threshold of a target tracking scaling policy when processing the messages. The application that processes the SQS queue publishes logs to Amazon CloudWatch Logs. The DevOps engineer needs to ensure that the queue is processed quickly. Which solution meets these requirements with the LEAST operational overhead?

A. Create an AWS Lambda function. Configure the Lambda function to publish a custom metric by using the ApproximateNumberOfMessagesVisible SQS queue attribute and the GroupIn-ServiceInstances Auto Scaling group attribute to publish the queue messages for each instance. Schedule an Amazon EventBridge rule to run the Lambda function every hour. Create a target tracking scaling policy for the Auto Scaling group that uses the custom metric to scale in and out. 
B. Create an AWS Lambda function. Configure the Lambda function to publish a custom metric by using the ApproximateNumberOfMessagesVisible SQS queue attribute and the GroupIn-ServiceInstances Auto Scaling group attribute to publish the queue messages for each instance. Create a CloudWatch subscription filter for the application logs with the Lambda function as the target. Create a target tracking scaling policy for the Auto Scaling group that uses the custom metric to scale in and out. 
C. Create a target tracking scaling policy for the Auto Scaling group. In the target tracking policy, use the ApproximateNumberOfMessagesVisible SQS queue attribute and the GroupIn-ServiceInstances Auto Scaling group attribute to calculate how many messages are in the queue for each number of instances by using metric math. Use the calculated attribute to scale in and out. 
D. Create an AWS Lambda function that logs the ApproximateNumberOfMessagesVisible attribute of the SQS queue to a CloudWatch Logs log group. Schedule an Amazon EventBridge rule to run the Lambda function every 5 minutes. Create a metric filter to count the number of log events from a CloudWatch logs group. Create a target tracking scaling policy for the Auto Scaling group that uses the custom metric to scale in and out. 

Show Answer

Question # 5

A company is developing a mobile app that requires extensive automated testing across multiple device types. The company is using AWS CodePipeline for its CI/CD pipeline. The company must implement a scalable testing solution that can handle increased test loads as the app grows. Which solution will meet these requirements with the LEAST management overhead?

A. Integrate AWS Device Farm with the pipeline to run the tests and scale as needed. 
B. Deploy a fleet of Amazon EC2 instances with various mobile device emulators and auto scaling to run the tests. Create a custom AWS Lambda function to invoke EC2 test runs. 
C. Implement a containerized testing solution that uses Amazon Elastic Container Service (Amazon ECS) with auto scaling. Configure the pipeline to invoke an AWS Lambda function to start the test runs on the ECS cluster. 
D. Use AWS Lambda functions with custom runtime emulators to run the tests. Integrate the Lambda functions with the pipeline. 

Show Answer

Question # 6

A company deployed an Amazon CloudFront distribution that accepts requests and routes to an Amazon API Gateway HTTP API. During a recent security audit, the company discovered that requests from the internet could reach the HTTP API without using the CloudFront distribution. A DevOps engineer must ensure that connections to the HTTP API use the CloudFront distribution. Which solution will meet these requirements?

A. Enable VPC Flow Logs to identify requests that reach the HTTP API.
 B. Deploy AWS WAF in front of the CloudFront distribution. 
C. Implement an identity-based policy on the CloudFront distribution that requires authentication to make requests to the HTTP API. 
D. Implement a custom header in the CloudFront distribution. Implement an AWS Lambda authorizer associated with the HTTP API that verifies the custom header. 

Show Answer

Question # 7

A DevOps engineer is planning to use the AWS Cloud Development Kit (AWS CDK) to manage infrastructure as code (IaC) for a microservices-based application. The DevOps engineer must create reusable components for common infrastructure patterns and must apply the same cost allocation tags across different microservices. Which solution will meet these requirements?

A. Create a custom CDK construct library that includes common infrastructure patterns. Create a CDK app. Use the TagManager class to add cost allocation tags to the whole app. Use the custom CDK construct library to write a higher-level construct that contains all the microservices. Deploy the microservices as a single CDK stack with environment-specific configurations. 
B. Create a custom CDK construct library that includes common infrastructure patterns. Create a CDK app. Use the Tags class to add cost allocation tags to the whole app. Use the custom CDK construct library to write higher-level constructs for each microservice. Deploy the microservices as separate CDK stacks with environment-specific configurations. 
C. Create AWS Service Catalog products that contain common infrastructure components. Create a CDK app. Use the TagManager class to add cost allocation tags to the whole app. Use the Service Catalog products to write a higher-level construct that contains all the microservices. Deploy the microservices as a single CDK stack with environment-specific configurations. 
D. Create AWS Service Catalog products that contain common infrastructure components. Create a CDK app. Use the Tags class to add cost allocation tags to the whole app. Use the Service Catalog products to write higher-level constructs for each microservice. Deploy the microservices as separate CDK stacks with environment-specific configurations. 

Show Answer

Question # 8

A company wants to decrease the time it takes to develop new features. The company uses AWS CodeBuild and AWS CodeDeploy to build and deploy its applications. The company uses AWS CodePipeline to deploy each microservice with its own CI/CD pipeline. The company needs more visibility into the average time between the release of new features and the average time to recover after a failed deployment. Which solution will provide this visibility with the LEAST configuration effort?

A. Program an AWS Lambda function that creates Amazon CloudWatch custom metrics with information about successful runs and failed runs for each pipeline. Create an Amazon EventBridge rule to invoke the Lambda function every 5 minutes. Use the metrics to build a CloudWatch dashboard. 
B. Program an AWS Lambda function that creates Amazon CloudWatch custom metrics with information about successful runs and failed runs for each pipeline. Create an Amazon EventBridge rule to invoke the Lambda function after every successful run and after every failed run. Use the metrics to build a CloudWatch dashboard. 
C. Program an AWS Lambda function that writes information about successful runs and failed runs to Amazon DynamoDB. Create an Amazon EventBridge rule to invoke the Lambda function after every successful run and after every failed run. Build an Amazon QuickSight dashboard to show the information from DynamoDB. 
D. Program an AWS Lambda function that writes information about successful runs and failed runs to Amazon DynamoDB. Create an Amazon EventBridge rule to invoke the Lambda function every 5 minutes. Build an Amazon QuickSight dashboard to show the information from DynamoDB. 

Show Answer

Question # 9

A company is refactoring applications to use AWS. The company identifies an internal web application that needs to make Amazon S3 API calls in a specific AWS account. The company wants to use its existing identity provider (IdP) auth.company.com for authentication. The IdP supports only OpenID Connect (OIDC). A DevOps engineer needs to secure the web application's access to the AWS account. Which combination of steps will meet these requirements? (Select THREE.)

A. Configure AWS 1AM Identity Center. Configure an IdP. Upload the IdP metadata from the existing IdP. 
B. Create an 1AM IdP by using the provider URL, audience, and signature from the existing IdP. 
C. Create an 1AM role that has a policy that allows the necessary S3 actions. Configure the role's trust policy to allow the OIDC IdP to assume the role if the sts.amazon.conraud context key is appid from idp. 
D. Create an 1AM role that has a policy that allows the necessary S3 actions. Configure the role's trust policy to allow the OIDC IdP to assume the role if the auth.company.com:aud context key is appid_from_idp. 
E. Configure the web application lo use the AssumeRoleWith Web Identity API operation to retrieve temporary credentials. Use the temporary credentials to make the S3 API calls. 
F. Configure the web application to use the GetFederationToken API operation to retrieve temporary credentials Use the temporary credentials to make the S3 API calls. 

Show Answer

Question # 10

A company in a highly regulated industry is building an artifact by using AWS CodeBuild and AWS CodePipeline. The company must connect to an external authenticated API during the building process. The company's DevOps engineer needs to encrypt the build outputs by using an AWS Key Management Service (AWS KMS) key. The external API credentials must be reset each month. The DevOps engineer has created a new key in AWS KMS. Which solution will meet these requirements?

A. Store the API credentials in AWS Systems Manager Parameter Store. Update the key policy for the CodeBuild IAM service role to have access to the KMS key. Set CODEBUILD_KMS_KEY_ID as the new key ID. 
B. Store the API credentials in AWS Systems Manager Parameter Store. Update the key policy for the CodePipeline IAM service role to have access to the KMS key. Add the key to the pipeline. 
C. Store the API credentials in AWS Secrets Manager. Update the key policy for the CodeBuild IAM service role to have access to the KMS key. Set CODEBUILD_KMS_KEY_ID as the new key ID. 
D. Store the API credentials in AWS Secrets Manager. Update the key policy for the CodePipeline IAM service role to have access to the KMS key. Add the key to the pipeline. 

Show Answer