CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS Certified DevOps Engineer - Professional DOP-C02

Free AWS Certified DevOps Engineer - Professional DOP-C02 Exam Braindumps (page: 35)

Page 35 of 72
PDF with 281 Questions

A company manages a multi-tenant environment in its VPC and has configured Amazon GuardDuty for the corresponding AWS account. The company sends all GuardDuty findings to AWS Security Hub.

Traffic from suspicious sources is generating a large number of findings. A DevOps engineer needs to implement a solution to automatically deny traffic across the entire VPC when GuardDuty discovers a new suspicious source.

Which solution will meet these requirements?

  1. Create a GuardDuty threat list. Configure GuardDuty to reference the list. Create an AWS Lambda function that will update the threat list. Configure the Lambda function to run in response to new Security Hub findings that come from GuardDuty.
  2. Configure an AWS WAF web ACL that includes a custom rule group. Create an AWS Lambda function that will create a block rule in the custom rule group. Configure the Lambda function to run in response to new Security Hub findings that come from GuardDuty.
  3. Configure a firewall in AWS Network Firewall. Create an AWS Lambda function that will create a Drop action rule in the firewall policy. Configure the Lambda function to run in response to new Security Hub findings that come from GuardDuty.
  4. Create an AWS Lambda function that will create a GuardDuty suppression rule. Configure the Lambda function to run in response to new Security Hub findings that come from GuardDuty.

Answer(s): C



A company uses AWS Secrets Manager to store a set of sensitive API keys that an AWS Lambda function uses. When the Lambda function is invoked the Lambda function retrieves the API keys and makes an API call to an external service. The Secrets Manager secret is encrypted with the default AWS Key Management Service (AWS KMS) key.

A DevOps engineer needs to update the infrastructure to ensure that only the Lambda function’s execution role can access the values in Secrets Manager. The solution must apply the principle of least privilege.

Which combination of steps will meet these requirements? (Choose two.)

  1. Update the default KMS key for Secrets Manager to allow only the Lambda function’s execution role to decrypt
  2. Create a KMS customer managed key that trusts Secrets Manager and allows the Lambda function's execution role to decrypt. Update Secrets Manager to use the new customer managed key
  3. Create a KMS customer managed key that trusts Secrets Manager and allows the account's root principal to decrypt. Update Secrets Manager to use the new customer managed key
  4. Ensure that the Lambda function’s execution role has the KMS permissions scoped on the resource level. Configure the permissions so that the KMS key can encrypt the Secrets Manager secret
  5. Remove all KMS permissions from the Lambda function’s execution role

Answer(s): B,D



A company's DevOps engineer is creating an AWS Lambda function to process notifications from an Amazon Simple Notification Service (Amazon SNS) topic. The Lambda function will process the notification messages and will write the contents of the notification messages to an Amazon RDS Multi-AZ DB instance.

During testing, a database administrator accidentally shut down the DB instance. While the database was down the company lost several of the SNS notification messages that were delivered during that time.

The DevOps engineer needs to prevent the loss of notification messages in the future.

Which solutions will meet this requirement? (Choose two.)

  1. Replace the RDS Multi-AZ DB instance with an Amazon DynamoDB table.
  2. Configure an Amazon Simple Queue Service (Amazon SQS) queue as a destination of the Lambda function.
  3. Configure an Amazon Simple Queue Service (Amazon SQS) dead-letter queue for the SNS topic.
  4. Subscribe an Amazon Simple Queue Service (Amazon SQS) queue to the SNS topic. Configure the Lambda function to process messages from the SQS queue.
  5. Replace the SNS topic with an Amazon EventBridge event bus. Configure an EventBridge rule on the new event bus to invoke the Lambda function for each event.

Answer(s): C,D



A company has an application that runs on Amazon EC2 instances. The company uses an AWS CodePipeline pipeline to deploy the application into multiple AWS Regions. The pipeline is configured with a stage for each Region. Each stage contains an AWS CloudFormation action for each Region.

When the pipeline deploys the application to a Region, the company wants to confirm that the application is in a healthy state before the pipeline moves on to the next Region. Amazon Route 53 record sets are configured for the application in each Region. A DevOps engineer creates a Route 53 health check that is based on an Amazon CloudWatch alarm for each Region where the application is deployed.

What should the DevOps engineer do next to meet the requirements?

  1. Create an AWS Step Functions workflow to check the state of the CloudWatch alarm. Configure the Step Functions workflow to exit with an error if the alarm is in the ALARM state. Create a new stage in the pipeline between each Region deployment stage. In each new stage, include an action to invoke the Step Functions workflow.
  2. Configure an AWS CodeDeploy application to deploy a CloudFormation template with automatic rollback. Configure the CloudWatch alarm as the instance health check for the CodeDeploy application. Remove the CloudFormation actions from the pipeline. Create a CodeDeploy action in the pipeline stage for each Region.
  3. Create a new pipeline stage for each Region where the application is deployed. Configure a CloudWatch alarm action for the new stage to check the state of the CloudWatch alarm and to exit with an error if the alarm is in the ALARM state
  4. Configure the CloudWatch agent on the EC2 instances to report the application status to the Route 53 health check. Create a new pipeline stage for each Region where the application is deployed. Configure a CloudWatch alarm action to exit with an error if the CloudWatch alarm is in the ALARM state.

Answer(s): A



Page 35 of 72



Post your Comments and Discuss Amazon AWS Certified DevOps Engineer - Professional DOP-C02 exam with other Community members:

Calisto MF Moniz commented on October 12, 2024
No comment for this form for the time being.
Anonymous
upvote

Calisto MF Moniz commented on October 12, 2024
Good mechanism for Security expertise practices!
Anonymous
upvote

Meraj commented on October 12, 2024
The exam is super duper hard. You use these exam dumps to only pass. If you don't have the questions it is not easy to pass.
INDIA
upvote

Lucas commented on October 12, 2024
Its so good.
Anonymous
upvote

Iwada commented on October 12, 2024
The answers and questions are valid. I believe this site trusted and anyone preparing for this exam needs to go the this materials.
Anonymous
upvote

Ramesh commented on October 12, 2024
All are very Good Questios
Anonymous
upvote

Sandy commented on October 12, 2024
I found this exam dumps questions and answers very helpful despite some questions do not have the complete answers. Overall it helped me pass.
Anonymous
upvote

P commented on October 11, 2024
So glad to have found this site
CANADA
upvote

Michal commented on October 11, 2024
I hope it will worth it
POLAND
upvote

Bannor commented on October 11, 2024
This exam is valid and legit. I purchased the full version last week and managed to pass. There are 2 or 3 wrong answers which I reported to the admin and they fixed it right away.
CANADA
upvote

Marko commented on October 11, 2024
Been using this website for a while now. I am a big fun as it has helped me pass 3 exams so far. I hope they can keep the site live.
EUROPEAN UNION
upvote

Ngoni commented on October 11, 2024
Great resource
ZIMBABWE
upvote

jeffrey commented on October 11, 2024
this is great
Anonymous
upvote

Soniksha commented on October 10, 2024
I purchased the full version of this exam and it turned out quire accurate. I passed with the help of this exam.
UNITED STATES
upvote

Sadiq commented on October 10, 2024
Test questions
Anonymous
upvote

Viktor commented on October 10, 2024
Respect to the owners and operators of this site for providing this free exam site.
CANADA
upvote

Deep commented on October 10, 2024
Good questions
INDIA
upvote

Goben commented on October 10, 2024
Passed in one shot.
GERMANY
upvote

Neo commented on October 10, 2024
Gets easier as you go along
SOUTH AFRICA
upvote

Neo commented on October 10, 2024
Need more practice
SOUTH AFRICA
upvote

Violet commented on October 10, 2024
Need more practice
SOUTH AFRICA
upvote

Neo commented on October 10, 2024
Challenging
SOUTH AFRICA
upvote

Kopano commented on October 10, 2024
Prep going well
SOUTH AFRICA
upvote

Harika Mudumby commented on October 10, 2024
great content
Anonymous
upvote

Neo commented on October 10, 2024
Happy with the material
SOUTH AFRICA
upvote

Emily commented on October 09, 2024
A bit challe
SOUTH AFRICA
upvote

a commented on October 09, 2024
SIMPLE QUESTIONS
Anonymous
upvote

Emily commented on October 09, 2024
grt resource
SOUTH AFRICA
upvote

robin commented on October 09, 2024
Im' done with clear in my mind
Anonymous
upvote

EDC commented on October 09, 2024
Passed this exam with a freaking 95% today.
Anonymous
upvote

Divyesh Arya commented on October 09, 2024
Nice questions
UNITED STATES
upvote

Harry commented on October 09, 2024
This platform is the best out of the exam dumps sites. I love it.
UNITED STATES
upvote

Ursela commented on October 09, 2024
Invested in the full version of this exam dump PDF version and it paid off. Passed with 89%.
UNITED STATES
upvote

Rakesh commented on October 08, 2024
The best dump with best price, join this site for proof. 100% guarantee of passing with 90% score
UNITED STATES
upvote