Discount Offer! Use Coupon Code to get 20% OFF DO2022
Our DOP-C02 dumps are key to get access. More than 4104+ satisfied customers.
Customers Passed DOP-C02 Exam Today
Maximum Passing Score in Real DOP-C02 Exam
Guaranteed Questions came from our DOP-C02 dumps
A company runs applications in AWS accounts that are in an organization in AWSOrganizations The applications use Amazon EC2 instances and Amazon S3.The company wants to detect potentially compromised EC2 instances suspicious networkactivity and unusual API activity in its existing AWS accounts and in any AWS accountsthat the company creates in the future When the company detects one to these events thecompany wants to use an existing Amazon Simple Notification Service (Amazon SNS)topic to send a notification to its operational support team for investigation and remediation.Which solution will meet these requirements in accordance with AWS best practices?
A. In the organization's management account configure an AWS account as the AmazonGuardDuty administrator account. In the GuardDuty administrator account add thecompany's existing AWS accounts to GuardDuty as members In the GuardDutyadministrator account create an Amazon EventBridge rule with an event pattern to matchGuardDuty events and to forward matching events to the SNS topic.
B. In the organization's management account configure Amazon GuardDuty to add newlycreated AWS accounts by invitation and to send invitations to the existing AWS accountsCreate an AWS Cloud Formation stack set that accepts the GuardDuty invitation andcreates an Amazon EventBridge rule Configure the rule with an event pattern to match.GuardDuty events and to forward matching events to the SNS topic. Configure the CloudFormation stack set to deploy into all AWS accounts in the organization.
C. In the organization's management account. create an AWS CloudTrail organization trailActivate the organization trail in all AWS accounts in the organization. Create an SCP thatenables VPC Flow Logs in each account in the organization. Configure AWS Security Hubfor the organization Create an Amazon EventBridge rule with an even pattern to matchSecurity Hub events and to forward matching events to the SNS topic.
D. In the organization's management account configure an AWS account as the AWSCloudTrail administrator account in the CloudTrail administrator account create aCloudTrail organization trail. Add the company's existing AWS accounts to the organizationtrail Create an SCP that enables VPC Flow Logs in each account in the organization.Configure AWS Security Hub for the organization. Create an Amazon EventBridge rule withan event pattern to match Security Hub events and to forward matching events to the SNStopic.
A company has a data ingestion application that runs across multiple AWS accounts. Theaccounts are in an organization in AWS Organizations. The company needs to monitor theapplication and consolidate access to the application. Currently the company is running theapplication on Amazon EC2 instances from several Auto Scaling groups. The EC2instances have no access to the internet because the data is sensitive Engineers havedeployed the necessary VPC endpoints. The EC2 instances run a custom AMI that is builtspecifically tor the application.To maintain and troubleshoot the application, system administrators need the ability to login to the EC2 instances. This access must be automated and controlled centrally. Thecompany's security team must receive a notification whenever the instances are accessed.Which solution will meet these requirements?
A. Create an Amazon EventBridge rule to send notifications to the security team whenevera user logs in to an EC2 instance Use EC2 Instance Connect to log in to the instances.Deploy Auto Scaling groups by using AWS Cloud Formation Use the cfn-init helper script todeploy appropriate VPC routes for external access Rebuild the custom AMI so that thecustom AMI includes AWS Systems Manager Agent.
B. Deploy a NAT gateway and a bastion host that has internet access Create a securitygroup that allows incoming traffic on all the EC2 instances from the bastion host InstallAWS Systems Manager Agent on all the EC2 instances Use Auto Scaling group lifecyclehooks for monitoring and auditing access Use Systems Manager Session Manager to log into the instances Send logs to a log group m Amazon CloudWatch Logs. Export data toAmazon S3 for auditing Send notifications to the security team by using S3 eventnotifications.
C. Use EC2 Image Builder to rebuild the custom AMI Include the most recent version ofAWS Systems Manager Agent in the Image Configure the Auto Scaling group to attach theAmazonSSMManagedinstanceCore role to all the EC2 instances Use Systems ManagerSession Manager to log in to the instances Enable logging of session details to Amazon S3Create an S3 event notification for new file uploads to send a message to the security teamthrough an Amazon Simple Notification Service (Amazon SNS) topic.
D. Use AWS Systems Manager Automation to build Systems Manager Agent into thecustom AMI Configure AWS Configure to attach an SCP to the root organization account toallow the EC2 instances to connect to Systems Manager Use Systems Manager SessionManager to log in to the instances Enable logging of session details to Amazon S3 Createan S3 event notification for new file uploads to send a message to the security teamthrough an Amazon Simple Notification Service (Amazon SNS) topic.
A DevOps engineer is designing an application that integrates with a legacy REST API.The application has an AWS Lambda function that reads records from an Amazon Kinesisdata stream. The Lambda function sends the records to the legacy REST API.Approximately 10% of the records that the Lambda function sends from the Kinesis datastream have data errors and must be processed manually. The Lambda function eventsource configuration has an Amazon Simple Queue Service (Amazon SQS) dead-letterqueue as an on-failure destination. The DevOps engineer has configured the Lambdafunction to process records in batches and has implemented retries in case of failure.During testing the DevOps engineer notices that the dead-letter queue contains manyrecords that have no data errors and that already have been processed by the legacyREST API. The DevOps engineer needs to configure the Lambda function's event sourceoptions to reduce the number of errorless records that are sent to the dead-letter queue.Which solution will meet these requirements?
A. Increase the retry attempts
B. Configure the setting to split the batch when an error occurs
C. Increase the concurrent batches per shard
D. Decrease the maximum age of record
A company manages an application that stores logs in Amazon CloudWatch Logs. Thecompany wants to archive the logs to an Amazon S3 bucket Logs are rarely accessed after90 days and must be retained tor 10 years.Which combination of steps should a DevOps engineer take to meet these requirements?(Select TWO.)
A. Configure a CloudWatch Logs subscription filter to use AWS Glue to transfer all logs toan S3 bucket.
B. Configure a CloudWatch Logs subscription filter to use Amazon Kinesis Data Firehoseto stream all logs to an S3 bucket.
C. Configure a CloudWatch Logs subscription fitter to stream all logs to an S3 bucket.
D. Configure the S3 bucket lifecycle policy to transition logs to S3 Glacier after 90 days andto expire logs after 3.650 days.
E. Configure the S3 bucket lifecycle policy to transition logs to Reduced Redundancy after 90 days and to expire logs after 3.650 days.
A company wants to ensure that their EC2 instances are secure. They want to be notified ifany new vulnerabilities are discovered on their instances and they also want an audit trailof all login activities on the instances.Which solution will meet these requirements'?
A. Use AWS Systems Manager to detect vulnerabilities on the EC2 instances Install theAmazon Kinesis Agent to capture system logs and deliver them to Amazon S3.
B. Use AWS Systems Manager to detect vulnerabilities on the EC2 instances Install theSystems Manager Agent to capture system logs and view login activity in the CloudTrailconsole.
C. Configure Amazon CloudWatch to detect vulnerabilities on the EC2 instances Install theAWS Config daemon to capture system logs and view them in the AWS Config console.
D. Configure Amazon Inspector to detect vulnerabilities on the EC2 instances Install theAmazon CloudWatch Agent to capture system logs and record them via AmazonCloudWatch Logs.
A company is storing 100 GB of log data in csv format in an Amazon S3 bucket SQLdevelopers want to query this data and generate graphs to visualize it. The SQLdevelopers also need an efficient automated way to store metadata from the csv file.Which combination of steps will meet these requirements with the LEAST amount of effort?(Select THREE.)
A. Fitter the data through AWS X-Ray to visualize the data.
B. Filter the data through Amazon QuickSight to visualize the data.
C. Query the data with Amazon Athena.
D. Query the data with Amazon Redshift.
E. Use the AWS Glue Data Catalog as the persistent metadata store.
F. Use Amazon DynamoDB as the persistent metadata store.
A company is developing a new application. The application uses AWS Lambda functionsfor its compute tier. The company must use a canary deployment for any changes to theLambda functions. Automated rollback must occur if any failures are reported.The company’s DevOps team needs to create the infrastructure as code (IaC) and theCI/CD pipeline for this solution.Which combination of steps will meet these requirements? (Choose three.)
A. Create an AWS CloudFormation template for the application. Define each Lambdafunction in the template by using the AWS::Lambda::Function resource type. In thetemplate, include a version for the Lambda function by using the AWS::Lambda::Versionresource type. Declare the CodeSha256 property. Configure an AWS::Lambda::Aliasresource that references the latest version of the Lambda function.
B. Create an AWS Serverless Application Model (AWS SAM) template for the application.Define each Lambda function in the template by using the AWS::Serverless::Functionresource type. For each function, include configurations for the AutoPublishAlias propertyand the DeploymentPreference property. Configure the deployment configuration type toLambdaCanary10Percent10Minutes.
C. Create an AWS CodeCommit repository. Create an AWS CodePipeline pipeline. Usethe CodeCommit repository in a new source stage that starts the pipeline. Create an AWSCodeBuild project to deploy the AWS Serverless Application Model (AWS SAM) template.Upload the template and source code to the CodeCommit repository. In the CodeCommitrepository, create a buildspec.yml file that includes the commands to build and deploy theSAM application.
D. Create an AWS CodeCommit repository. Create an AWS CodePipeline pipeline. Usethe CodeCommit repository in a new source stage that starts the pipeline. Create an AWSCodeDeploy deployment group that is configured for canary deployments with aDeploymentPreference type of Canary10Percent10Minutes. Upload the AWSCloudFormation template and source code to the CodeCommit repository. In theCodeCommit repository, create an appspec.yml file that includes the commands to deploythe CloudFormation template.
E. Create an Amazon CloudWatch composite alarm for all the Lambda functions. Configurean evaluation period and dimensions for Lambda. Configure the alarm to enter the ALARMstate if any errors are detected or if there is insufficient data.
F. Create an Amazon CloudWatch alarm for each Lambda function. Configure the alarmsto enter the ALARM state if any errors are detected. Configure an evaluation period,dimensions for each Lambda function and version, and the namespace as AWS/Lambdaon the Errors metric.
The security team depends on AWS CloudTrail to detect sensitive security issues in thecompany's AWS account. The DevOps engineer needs a solution to auto-remediateCloudTrail being turned off in an AWS account.What solution ensures the LEAST amount of downtime for the CloudTrail log deliveries?
A. Create an Amazon EventBridge rule for the CloudTrail StopLogging event. Create anAWS Lambda (unction that uses the AWS SDK to call StartLogging on the ARN of theresource in which StopLogging was called. Add the Lambda function ARN as a target tothe EventBridge rule.
B. Deploy the AWS-managed CloudTrail-enabled AWS Config rule set with a periodicinterval to 1 hour. Create an Amazon EventBridge rule tor AWS Config rules compliancechange. Create an AWS Lambda function that uses the AWS SDK to call StartLogging onthe ARN of the resource in which StopLoggmg was called. Add the Lambda function ARNas a target to the EventBridge rule.
C. Create an Amazon EventBridge rule for a scheduled event every 5 minutes. Create anAWS Lambda function that uses the AWS SDK to call StartLogging on a CloudTrail trail inthe AWS account. Add the Lambda function ARN as a target to the EventBridge rule.
D. Launch a t2 nano instance with a script running every 5 minutes that uses the AWS SDKto query CloudTrail in the current account. If the CloudTrail trail is disabled have the scriptre-enable the trail.
A company is using an organization in AWS Organizations to manage multiple AWSaccounts. The company's development team wants to use AWS Lambda functions to meetresiliency requirements and is rewriting all applications to work with Lambda functions thatare deployed in a VPC. The development team is using Amazon Elastic Pile System(Amazon EFS) as shared storage in Account A in the organization. The company wants to continue to use Amazon EPS with Lambda Company policyrequires all serverless projects to be deployed in Account B.A DevOps engineer needs to reconfigure an existing EFS file system to allow Lambdafunctions to access the data through an existing EPS access point.Which combination of steps should the DevOps engineer take to meet these requirements?(Select THREE.)
A. Update the EFS file system policy to provide Account B with access to mount and writeto the EFS file system in Account A.
B. Create SCPs to set permission guardrails with fine-grained control for Amazon EFS.
C. Create a new EFS file system in Account B Use AWS Database Migration Service (AWSDMS) to keep data from Account A and Account B synchronized.
D. Update the Lambda execution roles with permission to access the VPC and the EFS filesystem.
E. Create a VPC peering connection to connect Account A to Account B.
F. Configure the Lambda functions in Account B to assume an existing IAM role in Account A.
A company wants to use a grid system for a proprietary enterprise m-memory data store on top of AWS. This system can run in multiple server nodes in any Linux-based distribution.The system must be able to reconfigure the entire cluster every time a node is added orremoved. When adding or removing nodes an /etc./cluster/nodes config file must beupdated listing the IP addresses of the current node members of that cluster.The company wants to automate the task of adding new nodes to a cluster.What can a DevOps engineer do to meet these requirements?
A. Use AWS OpsWorks Stacks to layer the server nodes of that cluster. Create a Chefrecipe that populates the content of the 'etc./cluster/nodes config file and restarts theservice by using the current members of the layer. Assign that recipe to the Configurelifecycle event.
B. Put the file nodes config in version control. Create an AWS CodeDeploy deploymentconfiguration and deployment group based on an Amazon EC2 tag value for theclusternodes. When adding a new node to the cluster update the file with all tagged instances andmake a commit in version control. Deploy the new file and restart the services.
C. Create an Amazon S3 bucket and upload a version of the /etc./cluster/nodes config fileCreate a crontab script that will poll for that S3 file and download it frequently. Use aprocess manager such as Monit or system, to restart the cluster services when it detectsthat the new file was modified. When adding a node to the cluster edit the file's most recentmembers Upload the new file to the S3 bucket.
D. Create a user data script that lists all members of the current security group of thecluster and automatically updates the /etc/cluster/. nodes config. Tile whenever a newinstance is added to the cluster.