CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. DOP-C02

Free DOP-C02 Exam Braindumps (page: 11)

Page 10 of 90
PDF with 354 Questions

A company has multiple member accounts that are part of an organization in AWS Organizations. The security team needs to review every Amazon EC2 security group and their inbound and outbound rules. The security team wants to programmatically retrieve this information from the member accounts using an AWS Lambda function in the management account of the organization.
Which combination of access changes will meet these requirements? (Choose three.)

  1. Create a trust relationship that allows users in the member accounts to assume the management account IAM role.
  2. Create a trust relationship that allows users in the management account to assume the IAM roles of the member accounts.
  3. Create an IAM role in each member account that has access to the AmazonEC2ReadOnlyAccess managed policy.
  4. Create an I AM role in each member account to allow the sts:AssumeRole action against the management account IAM role's ARN.
  5. Create an I AM role in the management account that allows the sts:AssumeRole action against the member account IAM role's ARN.
  6. Create an IAM role in the management account that has access to the AmazonEC2ReadOnlyAccess managed policy.

Answer(s): B,C,E



A space exploration company receives telemetry data from multiple satellites. Small packets of data are received through Amazon API Gateway and are placed directly into an Amazon Simple Queue Service (Amazon SQS) standard queue. A custom application is subscribed to the queue and transforms the data into a standard format.
Because of inconsistencies in the data that the satellites produce, the application is occasionally unable to transform the data. In these cases, the messages remain in the SQS queue. A DevOps engineer must develop a solution that retains the failed messages and makes them available to scientists for review and future processing.
Which solution will meet these requirements?

  1. Configure AWS Lambda to poll the SQS queue and invoke a Lambda function to check whether the queue messages are valid. If validation fails, send a copy of the data that is not valid to an Amazon S3 bucket so that the scientists can review and correct the data. When the data is corrected, amend the message in the SQS queue by using a replay Lambda function with the corrected data.
  2. Convert the SQS standard queue to an SQS FIFO queue. Configure AWS Lambda to poll the SQS queue every 10 minutes by using an Amazon EventBridge schedule. Invoke the Lambda function to identify any messages with a SentTimestamp value that is older than 5 minutes, push the data to the same location as the application's output location, and remove the messages from the queue.
  3. Create an SQS dead-letter queue. Modify the existing queue by including a redrive policy that sets the Maximum Receives setting to 1 and sets the dead-letter queue ARN to the ARN of the newly created queue. Instruct the scientists to use the dead-letter queue to review the data that is not valid. Reprocess this data at a later time.
  4. Configure API Gateway to send messages to different SQS virtual queues that are named for each of the satellites. Update the application to use a new virtual queue for any data that it cannot transform, and send the message to the new virtual queue. Instruct the scientists to use the virtual queue to review the data that is not valid. Reprocess this data at a later time.

Answer(s): C



A company wants to use AWS CloudFormation for infrastructure deployment. The company has strict tagging and resource requirements and wants to limit the deployment to two Regions. Developers will need to deploy multiple versions of the same application.
Which solution ensures resources are deployed in accordance with company policy?

  1. Create AWS Trusted Advisor checks to find and remediate unapproved CloudFormation StackSets.
  2. Create a Cloud Formation drift detection operation to find and remediate unapproved CloudFormation StackSets.
  3. Create CloudFormation StackSets with approved CloudFormation templates.
  4. Create AWS Service Catalog products with approved CloudFormation templates.

Answer(s): D



A company requires that its internally facing web application be highly available. The architecture is made up of one Amazon EC2 web server instance and one NAT instance that provides outbound internet access for updates and accessing public data.
Which combination of architecture adjustments should the company implement to achieve high availability? (Choose two.)

  1. Add the NAT instance to an EC2 Auto Scaling group that spans multiple Availability Zones. Update the route tables.
  2. Create additional EC2 instances spanning multiple Availability Zones. Add an Application Load Balancer to split the load between them.
  3. Configure an Application Load Balancer in front of the EC2 instance. Configure Amazon CloudWatch alarms to recover the EC2 instance upon host failure.
  4. Replace the NAT instance with a NAT gateway in each Availability Zone. Update the route tables.
  5. Replace the NAT instance with a NAT gateway that spans multiple Availability Zones. Update the route tables.

Answer(s): B,D






Post your Comments and Discuss Amazon DOP-C02 exam with other Community members:

DOP-C02 Discussions & Posts