Curious about Actual Amazon Professional (DOP-C02) Exam Questions?

Here are sample Amazon AWS Certified DevOps Engineer - Professional (DOP-C02) Exam questions from real exam. You can get more Amazon Professional (DOP-C02) Exam premium practice questions at TestInsights.

Page: 1 /
Total 250 questions
Question 1

A company deploys an application to Amazon EC2 instances. The application runs Amazon Linux 2 and uses AWS CodeDeploy. The application has the following file structure for its code repository:

DOP-C02 Exam Question 1 Exhibit 1

The appspec.yml file has the following contents in the files section:

DOP-C02 Exam Question 1 Exhibit 2

What will the result be for the deployment of the config.txt file?


Correct : C

Deployment of config.txt file based on the appspec.yml:

The appspec.yml file specifies that config/config.txt should be copied to /usr/local/src/config.txt.

The source: / directive in the appspec.yml indicates that the entire directory structure starting from the root of the application source should be copied to the specified destination, which is /var/www/html.

Result of the Deployment:

The config.txt file will be specifically deployed to /usr/local/src/config.txt as per the explicit file mapping.

The entire directory structure including application/web will be copied to /var/www/html, but this does not include config/config.txt since it has a specific destination defined.

Thus, the config.txt file will be deployed only to /usr/local/src/config.txt.

Therefore, the correct answer is:

C . The config.txt file will be deployed to only /usr/local/src/config.txt.


AWS CodeDeploy AppSpec File Reference

AWS CodeDeploy Deployment Process

Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 2

A company gives its employees limited rights to AWS DevOps engineers have the ability to assume an administrator role. For tracking purposes, the security team wants to receive a near-real-time notification when the administrator role is assumed.

How should this be accomplished?


Correct : D

* Create an Amazon EventBridge Rule Using an AWS CloudTrail Event Pattern:

AWS CloudTrail logs API calls made in your account, including actions performed by roles.

Create an EventBridge rule that matches CloudTrail events where the AssumeRole API call is made to assume the administrator role.

* Invoke an AWS Lambda Function:

Configure the EventBridge rule to trigger a Lambda function whenever the rule's conditions are met.

The Lambda function will handle the logic to send a notification.

* Publish a Message to an Amazon SNS Topic:

The Lambda function will publish a message to an SNS topic to notify the security team.

Subscribe the security team's email address to this SNS topic to receive real-time notifications.

Example EventBridge rule pattern:

{

'source': ['aws.cloudtrail'],

'detail-type': ['AWS API Call via CloudTrail'],

'detail': {

'eventSource': ['sts.amazonaws.com'],

'eventName': ['AssumeRole'],

'requestParameters': {

'roleArn': ['arn:aws:iam:::role/AdministratorRole']

}

}

}

Example Lambda function (Node.js) to publish to SNS:

const AWS = require('aws-sdk');

const sns = new AWS.SNS();

exports.handler = async (event) => {

const params = {

Message: `Administrator role assumed: ${JSON.stringify(event.detail)}`,

TopicArn: 'arn:aws:sns:<region>::<sns-topic>'

};

await sns.publish(params).promise();

};


Creating EventBridge Rules

Using AWS Lambda with Amazon SNS

Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 3

A DevOps engineer has created an AWS CloudFormation template that deploys an application on Amazon EC2 instances The EC2 instances run Amazon Linux The application is deployed to the EC2 instances by using shell scripts that contain user dat

a. The EC2 instances have an 1AM instance profile that has an 1AM role with the AmazonSSMManagedlnstanceCore managed policy attached

The DevOps engineer has modified the user data in the CloudFormation template to install a new version of the application. The engineer has also applied the stack update. However, the application was not updated on the running EC2 instances. The engineer needs to ensure that the changes to the application are installed on the running EC2 instances.

Which combination of steps will meet these requirements? (Select TWO.)


Correct : B, E

Refactor User Data to Use cfn-init and cfn-hup:

cfn-init helps to bootstrap the instance, installing packages and starting services.

cfn-hup is a daemon that can monitor metadata changes and re-apply configurations when necessary.

Example user data script with cfn-init:

#!/bin/bash

yum update -y

yum install -y aws-cfn-bootstrap

/opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource WebServer --region ${AWS::Region}

/opt/aws/bin/cfn-hup

Use Systems Manager State Manager:

State Manager can automatically apply an AWS Systems Manager document to instances at regular intervals, ensuring configurations are kept up-to-date.

Steps:

Create an SSM document that installs and configures your application.

Use State Manager to associate this document with your EC2 instances.

Example SSM document:

{

'schemaVersion': '2.2',

'description': 'Install My Application',

'mainSteps': [

{

'action': 'aws:runShellScript',

'name': 'installApplication',

'inputs': {

'runCommand': [

'yum install -y my-application'

]

}

}

]

}

Create State Manager association:

aws ssm create-association --name 'InstallMyApplication' --instance-id <instance-id> --document-version '\$LATEST'


Using cfn-init and cfn-hup

AWS Systems Manager State Manager

Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 4

A company has an application that stores data that includes personally Identifiable Information (Pll) In an Amazon S3 bucket All data Is encrypted with AWS Key Management Service (AWS KMS) customer managed keys. All AWS resources are deployed from an AWS Cloud Formation template.

A DevOps engineer needs to set up a development environment for the application in a different AWS account The data in the development environment's S3 bucket needs to be updated once a week from the production environment's S3 bucket.

The company must not move Pll from the production environment without anonymizmg the Pll first The data in each environment must be encrypted with different KMS customer managed keys.

Which combination of steps should the DevOps engineer take to meet these requirements? (Select TWO )


Correct : A, D

Activate Amazon Macie on the Production S3 Bucket:

Macie can identify and protect sensitive data such as PII.

Create a Step Functions state machine to automate data discovery and redaction before copying it to the development environment.

Example Step Functions state machine:

{

'Comment': 'Anonymize PII and copy data',

'StartAt': 'MacieDiscoveryJob',

'States': {

'MacieDiscoveryJob': {

'Type': 'Task',

'Resource': 'arn:aws:states:::macie:startClassificationJob',

'End': true

}

}

}

Create a Development Environment from CloudFormation Template:

Deploy the development environment in a new account using the existing CloudFormation template.

Schedule an EventBridge rule to start the Step Functions state machine on a weekly basis.

EventBridge rule example:

{

'ScheduleExpression': 'rate(7 days)',

'StateMachineArn': 'arn:aws:states:<region>::stateMachine:AnonymizeAndCopyData'

}

By using Macie for data anonymization and Step Functions for automation, you ensure PII is properly handled before data transfer between environments.


Amazon Macie

AWS Step Functions

AWS CloudFormation Templates

Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 5

A DevOps engineer needs to implement integration tests into an existing AWS CodePipelme CI/CD workflow for an Amazon Elastic Container Service (Amazon ECS) service. The CI/CD workflow retrieves new application code from an AWS CodeCommit repository and builds a container image. The CI/CD workflow then uploads the container image to Amazon Elastic Container Registry (Amazon ECR) with a new image tag version.

The integration tests must ensure that new versions of the service endpoint are reachable and that vanous API methods return successful response data The DevOps engineer has already created an ECS cluster to test the service

Which combination of steps will meet these requirements with the LEAST management overhead? (Select THREE.)


Correct : A, D, E

* Add a Deploy Stage to the Pipeline, Configure Amazon ECS as the Action Provider:

By adding a deploy stage to the pipeline and configuring Amazon ECS as the action provider, the pipeline can automatically deploy the new container image to the ECS cluster.

This ensures that the service is updated with the new image tag, making the new version of the service endpoint reachable.


* Update the Image Build Pipeline Stage to Output an imagedefinitions.json File that Reference the New Image Tag:

The imagedefinitions.json file provides the necessary information about the container images and their tags for the ECS task definitions.

Updating the pipeline to output this file ensures that the correct image version is deployed.

Example imagedefinitions.json

[

{

'name': 'container-name',

'imageUri': '123456789012.dkr.ecr.region.amazonaws.com/my-repo:my-tag'

}

]

* Reference: CodePipeline ECS Deployment

* Create an AWS Lambda Function that Runs Connectivity Checks and API Calls against the Service. Integrate the Lambda Function with CodePipeline by Using a Lambda Action Stage:

The Lambda function can perform the necessary integration tests by making connectivity checks and API calls to the deployed service endpoint.

Integrating this Lambda function into CodePipeline ensures that these tests are run automatically after deployment, providing near-real-time feedback on the new deployment's health.

Example Lambda function integration:

actions:

- name: TestService

actionTypeId:

category: Test

owner: AWS

provider: Lambda

runOrder: 2

configuration:

FunctionName: testServiceFunction

These steps ensure that the CI/CD workflow deploys the new container image to ECS, updates the image references, and performs integration tests, meeting the requirements with minimal management overhead.

Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Page:    1 / 50   
Total 250 questions