CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS Certified DevOps Engineer - Professional DOP-C02

Free AWS Certified DevOps Engineer - Professional DOP-C02 Exam Braindumps (page: 26)

Page 26 of 72
PDF with 281 Questions

A company recently created a new AWS Control Tower landing zone in a new organization in AWS Organizations. The landing zone must be able to demonstrate compliance with the Center for Internet Security (CIS) Benchmarks for AWS Foundations.

The company’s security team wants to use AWS Security Hub to view compliance across all accounts. Only the security team can be allowed to view aggregated Security Hub findings. In addition, specific users must be able to view findings from their own accounts within the organization. All accounts must be enrolled in Security Hub after the accounts are created.

Which combination of steps will meet these requirements in the MOST automated way? (Choose three.)

  1. Turn on trusted access for Security Hub in the organization’s management account. Create a new security account by using AWS Control Tower. Configure the new security account as the delegated administrator account for Security Hub. In the new security account, provide Security Hub with the CIS Benchmarks for AWS Foundations standards.
  2. Turn on trusted access for Security Hub in the organization’s management account. From the management account, provide Security Hub with the CIS Benchmarks for AWS Foundations standards.
  3. Create an AWS IAM Identity Center (AWS Single Sign-On) permission set that includes the required permissions. Use the CreateAccountAssignment API operation to associate the security team users with the permission set and with the delegated security account.
  4. Create an SCP that explicitly denies any user who is not on the security team from accessing Security Hub.
  5. In Security Hub, turn on automatic enablement.
  6. In the organization’s management account, create an Amazon EventBridge rule that reacts to the CreateManagedAccount event. Create an AWS Lambda function that uses the Security Hub CreateMembers API operation to add new accounts to Security Hub. Configure the EventBridge rule to invoke the Lambda function.

Answer(s): A,C,E



A company runs applications in AWS accounts that are in an organization in AWS Organizations. The applications use Amazon EC2 instances and Amazon S3.

The company wants to detect potentially compromised EC2 instances, suspicious network activity, and unusual API activity in its existing AWS accounts and in any AWS accounts that the company creates in the future. When the company detects one of these events, the company wants to use an existing Amazon Simple Notification Service (Amazon SNS) topic to send a notification to its operational support team for investigation and remediation.

Which solution will meet these requirements in accordance with AWS best practices?

  1. In the organization's management account, configure an AWS account as the Amazon GuardDuty administrator account. In the GuardDuty administrator account, add the company's existing AWS accounts to GuardDuty as members. In the GuardDuty administrator account, create an Amazon EventBridge (Amazon CloudWatch Events) rule with an event pattern to match GuardDuty events and to forward matching events to the SNS topic.
  2. In the organization's management account, configure Amazon GuardDuty to add newly created AWS accounts by invitation and to send invitations to the existing AWS accounts. Create an AWS CloudFormation stack set that accepts the GuardDuty invitation and creates an Amazon EventBridge (Amazon CloudWatch Events) rule. Configure the rule with an event pattern to match GuardDuty events and to forward matching events to the SNS topic. Configure the CloudFormation stack set to deploy into all AWS accounts in the organization.
  3. In the organization's management account, create an AWS CloudTrail organization trail. Activate the organization trail in all AWS accounts in the organization. Create an SCP that enables VPC Flow Logs in each account in the organization Configure AWS Security Hub for the organization. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with an event pattern to match Security Hub events and to forward matching events to the SNS topic.
  4. In the organization's management account, configure an AWS account as the AWS CloudTrail administrator account. In the CloudTrail administrator account, create a CloudTrail organization trail. Add the company's existing AWS accounts to the organization trail. Create an SCP that enables VPC Flow Logs in each account in the organization. Configure AWS Security Hub for the organization. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with an event pattern to match Security Hub events and to forward matching events to the SNS topic.

Answer(s): A



A company’s DevOps engineer is working in a multi-account environment. The company uses AWS Transit Gateway to route all outbound traffic through a network operations account. In the network operations account, all account traffic passes through a firewall appliance for inspection before the traffic goes to an internet gateway.

The firewall appliance sends logs to Amazon CloudWatch Logs and includes event severities of CRITICAL, HIGH, MEDIUM, LOW, and INFO. The security team wants to receive an alert if any CRITICAL events occur.

What should the DevOps engineer do to meet these requirements?

  1. Create an Amazon CloudWatch Synthetics canary to monitor the firewall state. If the firewall reaches a CRITICAL state or logs a CRITICAL event, use a CloudWatch alarm to publish a notification to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the security team’s email address to the topic.
  2. Create an Amazon CloudWatch mettic filter by using a search for CRITICAL events. Publish a custom metric for the finding. Use a CloudWatch alarm based on the custom metric to publish a notification to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the security team’s email address to the topic.
  3. Enable Amazon GuardDuty in the network operations account. Configure GuardDuty to monitor flow logs. Create an Amazon EventBridge (Amazon CloudWatch Events) event rule that is invoked by GuardDuty events that are CRITICAL. Define an Amazon Simple Notification Service (Amazon SNS) topic as a target. Subscribe the security team’s email address to the topic.
  4. Use AWS Firewall Manager to apply consistent policies across all accounts. Create an Amazon EventBridge (Amazon CloudWatch Events) event rule that is invoked by Firewall Manager events that are CRITICAL. Define an Amazon Simple Notification Service (Amazon SNS) topic as a target. Subscribe the security team’s email address to the topic.

Answer(s): B



A company is divided into teams. Each team has an AWS account, and all the accounts are in an organization in AWS Organizations. Each team must retain full administrative rights to its AWS account. Each team also must be allowed to access only AWS services that the company approves for use. AWS services must gain approval through a request and approval process.

How should a DevOps engineer configure the accounts to meet these requirements?

  1. Use AWS CloudFormation StackSets to provision IAM policies in each account to deny access to restricted AWS services. In each account, configure AWS Config rules that ensure that the policies are attached to IAM principals in the account.
  2. Use AWS Control Tower to provision the accounts into OUs within the organization. Configure AWS Control Tower to enable AWS IAM Identity Center (AWS Single Sign-On). Configure IAM Identity Center to provide administrative access. Include deny policies on user roles for restricted AWS services.
  3. Place all the accounts under a new top-level OU within the organization. Create an SCP that denies access to restricted AWS services. Attach the SCP to the OU.
  4. Create an SCP that allows access to only approved AWS services. Attach the SCP to the root OU of the organization. Remove the FullAWSAccess SCP from the root OU of the organization.

Answer(s): C



Page 26 of 72



Post your Comments and Discuss Amazon AWS Certified DevOps Engineer - Professional DOP-C02 exam with other Community members:

Mr. K commented on October 31, 2024
Valid exam dump. Passed in first try. Keep the good work and keep it free guys.
UNITED STATES
upvote

Fernanda commented on October 30, 2024
This is a very good practice test, I approve my exam
Anonymous
upvote

Gustavo Gonçalves commented on October 30, 2024
A questão 17 está errada a resposta é letra D. Podem corrigir por favor?
BRAZIL
upvote

DA commented on October 30, 2024
Very good and help a lot for practice
INDIA
upvote

Arthur commented on October 30, 2024
I had an awesome experience passing the AZ-104 on my first attempt! Huge thanks to this site for their support and top-notch materials—it was spot on!
UNITED STATES
upvote

George commented on October 30, 2024
Thanks for all the assistance i got the full PDF version. Highly recommended!
UNITED STATES
upvote

Arthur commented on October 30, 2024
If you're preparing for the AZ-104 exam, I highly recommend checking out these questions. They offer great resources and practice questions that can really help you understand the material and boost your confidence. Good luck with your studies!
UNITED STATES
upvote

RM commented on October 30, 2024
Thank you for the dumps
Anonymous
upvote

Dayanidhi M commented on October 29, 2024
good exam dump
Anonymous
upvote

Vulquin commented on October 28, 2024
Hello, I wanted to take the pdf version for az-140 certification and I can't find where to buy it.
Anonymous
upvote

yassmine commented on October 28, 2024
good questions
Anonymous
upvote

PP commented on October 28, 2024
Good!! please!!
KOREA REPUBLIC OF
upvote

Nevel commented on October 28, 2024
This is my Go-to site for passing my cert exams. So fart I have passed 2 exams with these dumps. So great respect!
UNITED KINGDOM
upvote

Anthony commented on October 28, 2024
good content
Anonymous
upvote

Sree commented on October 27, 2024
Good dump questions
Anonymous
upvote

Nmathew commented on October 27, 2024
Similar questions for qdba 2024
UNITED KINGDOM
upvote

Trang commented on October 27, 2024
Very helpful
JAPAN
upvote

Rakesh Debnath commented on October 27, 2024
Nice sample questions
UNITED STATES
upvote

Arvind Sharma commented on October 27, 2024
Helpful questions for preparation foe LA exam
Anonymous
upvote

Teji commented on October 26, 2024
Good Practice Questions before appearing to exams
Anonymous
upvote

Preston commented on October 26, 2024
Hope everyone is having a wonderful day. I am because I just passed my exam. Sharing my insight... this exam dump has lots of questions from the real exam. But the exam is not easy. So I need to say that you must study hard to pass.
UNITED STATES
upvote

Alex Z commented on October 26, 2024
Great insight.
UNITED STATES
upvote

Rajesh Kumar M - commented on October 26, 2024
For the question 6- the continual improvement , the organization shall continually improve the suitability, adequacy and effectiveness of the QMS. Not Efficiency, Refer Clause 10.3 continual improvement in ISO 9001 :2015
Anonymous
upvote

PC commented on October 26, 2024
Good content
Anonymous
upvote

Lawrence commented on October 26, 2024
Absolutely excellent
Anonymous
upvote

ABC commented on October 26, 2024
I found these dumps are useful
INDIA
upvote

Rupa commented on October 26, 2024
Getting good practice with the qs
Anonymous
upvote

vinay commented on October 25, 2024
practice test
UNITED STATES
upvote

Shree commented on October 25, 2024
recomendeds . Thanks
Anonymous
upvote

Olympia commented on October 25, 2024
The free version is good but does not have all questions. However the PDF has double the amount of questions and very helpful to pass the exam.
Canada
upvote

Scruzer commented on October 25, 2024
Cleared this exam today. Questions are still valid.
EUROPEAN UNION
upvote

Vidhi Mishra commented on October 25, 2024
Nice set of questions
Anonymous
upvote

Srivats commented on October 25, 2024
Hello, Great learning. Thank you. Looks like Question 13's answer should be D. "If you plan to use the segment again, stop the publish schedule instead" as highlighted in doc.
Anonymous
upvote

Priest-Son commented on October 24, 2024
helpful questions also in other forums
UNITED STATES
upvote