Amazon DOP-C02 - AWS Certified DevOps Engineer- Professional Certification Exam
Question #6 (Topic: demo questions)
A company has containerized all of its in-house quality control applications. The company is running
Jenkins on Amazon EC2 instances, which require patching and upgrading. The compliance officer has
requested a DevOps engineer begin encrypting build artifacts since they contain company
intellectual property.
What should the DevOps engineer do to accomplish this in the MOST maintainable manner?
Correct Answer: D
Explanation:
The following are the steps involved in accomplishing this in the most maintainable manner:
The following are the steps involved in accomplishing this in the most maintainable manner:
Use AWS CodeBuild with artifact encryption to replace the Jenkins instance running on EC2
instances.
Configure CodeBuild to encrypt the build artifacts using AWS Secrets Manager.
Deploy the containerized quality control applications to CodeBuild.
This approach is the most maintainable because it eliminates the need to manage Jenkins on EC2
instances. CodeBuild is a managed service, so the DevOps engineer does not need to worry about
patching or upgrading the service https://docs.aws.amazon.com/codebuild/latest/userguide/security-encryption.html Build artifact
encryption - CodeBuild requires access to an AWS KMS CMK in order to encrypt its build output
artifacts. By default, CodeBuild uses an AWS Key Management Service CMK for Amazon S3 in your
AWS account. If you do not want to use this CMK, you must create and configure a customermanaged CMK. For more information Creating keys.
Question #7 (Topic: demo questions)
A company's DevOps engineer uses AWS Systems Manager to perform maintenance tasks
during maintenance windows. The company has a few Amazon EC2 instances that require
a restart after notifications from AWS Health. The DevOps engineer needs to implement an
automated solution to remediate these notifications. The DevOps engineer creates an
Amazon EventBridge rule. How should the DevOps engineer configure the EventBridge rule
to meet these requirements?
Correct Answer: C
Explanation:
AWS Health provides real-time events and information related to your AWS infrastructure. It can be
AWS Health provides real-time events and information related to your AWS infrastructure. It can be
integrated with Amazon EventBridge to act upon the health events automatically. If the maintenance
notification from AWS Health indicates that an EC2 instance requires a restart, you can set up an
EventBridge rule to respond to such events. In this case, the target of this rule would be a Lambda
function that would trigger a Systems Manager automation to restart the EC2 instance during a
maintenance window. Remember, AWS Health is the source of the events (not EC2 or Systems
Manager), and AWS Lambda can be used to execute complex remediation tasks, such as scheduling
maintenance tasks via Systems Manager.
The following are the steps involved in configuring the EventBridge rule to meet these requirements:
Configure an event source of AWS Health, a service of EC2, and an event type that indicates instance
maintenance.
Target a newly created AWS Lambda function that registers an automation task to restart the EC2
instance during a maintenance window.
The AWS Lambda function will be triggered by the event from AWS Health. The function will then
register an automation task to restart the EC2 instance during the next maintenance window.
Question #8 (Topic: demo questions)
A company uses AWS Organizations and AWS Control Tower to manage all the company's AWS
accounts. The company uses the Enterprise Support plan.
A DevOps engineer is using Account Factory for Terraform (AFT) to provision new accounts. When
new accounts are provisioned, the DevOps engineer notices that the support plan for the new
accounts is set to the Basic Support plan. The DevOps engineer needs to implement a solution to
provision the new accounts with the Enterprise Support plan.
Which solution will meet these requirements?
Correct Answer: D
Explanation:
AWS Organizations is a service that helps to manage multiple AWS accounts. AWS Control Tower is a
AWS Organizations is a service that helps to manage multiple AWS accounts. AWS Control Tower is a
service that makes it easy to set up and govern secure, compliant multi-account AWS environments.
Account Factory for Terraform (AFT) is an AWS Control Tower feature that provisions new accounts
using Terraform templates. To provision new accounts with the Enterprise Support plan, the DevOps
engineer can set the aft_feature_enterprise_support feature flag to True in the AFT deployment
input configuration. This flag enables the Enterprise Support plan for newly provisioned accounts.
Question #9 (Topic: demo questions)
A DevOps engineer is creating an AWS CloudFormation template to deploy a web service. The web
service will run on Amazon EC2 instances in a private subnet behind an Application Load Balancer
(ALB). The DevOps engineer must ensure that the service can accept requests from clients that have
IPv6 addresses. What should the DevOps engineer do with the CloudFormation template so that IPv6 clients can
access the web service?
Correct Answer: D
Explanation:
it involves adding an IPv6 CIDR block to the VPC and subnets for the ALB and specifying the dualstack
it involves adding an IPv6 CIDR block to the VPC and subnets for the ALB and specifying the dualstack
IP address type on the ALB listener. This allows the ALB to listen on both IPv4 and IPv6 addresses, and
forward requests to the EC2 instances that are added as targets to the target group associated with
the ALB.
Question #10 (Topic: demo questions)
To run an application, a DevOps engineer launches an Amazon EC2 instance with public IP addresses
in a public subnet. A user data script obtains the application artifacts and installs them on the
instances upon launch. A change to the security classification of the application now requires the
instances to run with no access to the internet. While the instances launch successfully and show as
healthy, the application does not seem to be installed.
Which of the following should successfully install the application while complying with the new rule?
Correct Answer: C
Explanation:
EC2 instances running in private subnets of a VPC can now have controlled access to S3 buckets,