Amazon DOP-C02 Practice Test : Free Online Preparation

Question 1
- A company uses Amazon S3 to store proprietary information. The development team creates buckets for new projects on a daily basis. The security team wants to ensure that all existing and future buckets have encryption, logging, and versioning enabled. Additionally, no buckets should ever be publicly read or write accessible.
  What should a DevOps engineer do to meet these requirements?
  
  A : Enable AWS CloudTrail and configure automatic remediation using AWS Lambda.
  
  B : Enable AWS Config rules and configure automatic remediation using AWS Systems Manager documents.
  
  C : Enable AWS Trusted Advisor and configure automatic remediation using Amazon EventBridge.
  
  D : Enable AWS Systems Manager and configure automatic remediation using Systems Manager documents.
  
  Answer: B
Question 2
- A cloud team uses AWS Organizations and AWS IAM Identity Center (AWS Single Sign-On) to manage a company's AWS accounts. The company recently established a research team. The research team requires the ability to fully manage the resources in its account. The research team must not be able to create IAM users.
  The cloud team creates a Research Administrator permission set in IAM Identity Center for the research team. The permission set has the AdministratorAccess AWS managed policy attached. The cloud team must ensure that no one on the research team can create IAM users.
  Which solution will meet these requirements?
  A : Create an IAM policy that denies the iam:CreateUser action. Attach the IAM policy to the Research Administrator permission set.
  
  B : . Create an IAM policy that allows all actions except the iam:CreateUser action. Use the IAM policy to set the permissions boundary for the Research Administrator permission set.
  
  C : Create an SCP that denies the iam:CreateUser action. Attach the SCP to the research team's AWS account.
  
  D : reate an AWS Lambda function that deletes IAM users. Create an Amazon EventBridge rule that detects the IAM CreateUser event. Configure the rule to invoke the Lambda function.
  
  Answer: C
Question 3
- A company deploys an application to Amazon EC2 instances. The application runs Amazon Linux 2 and uses AWS CodeDeploy. The application has the following file structure for its code repository:
  The appspec.yml file has the following contents in the files section:
  What will the result be for the deployment of the config.txt file?
  
  A : The config.txt file will be deployed to only /var/www/html/config/config.txt.
  
  B : The config.txt file will be deployed to /usr/local/src/config.txt and to /var/www/html/config/config.txt.
  
  C : The config.txt file will be deployed to only /usr/local/src/config.txt.
  
  D : The config.txt file will be deployed to /usr/local/src/config.txt and to /var/www/html/application/web/config.txt.
  
  Answer: C
Question 4
- A company manages a multi-tenant environment in its VPC and has configured Amazon GuardDuty for the corresponding AWS account. The company sends all GuardDuty findings to AWS Security Hub.
  Traffic from suspicious sources is generating a large number of findings. A DevOps engineer needs to implement a solution to automatically deny traffic across the entire VPC when GuardDuty discovers a new suspicious source.
  Which solution will meet these requirements?
  A : A. Create a GuardDuty threat list. Configure GuardDuty to reference the list. Create an AWS Lambda function that will update the threat list. Configure the Lambda function to run in response to new Security Hub findings that come from GuardDuty.
  
  B : Configure an AWS WAF web ACL that includes a custom rule group. Create an AWS Lambda function that will create a block rule in the custom rule group. Configure the Lambda function to run in response to new Security Hub findings that come from GuardDuty.
  
  C : Configure a firewall in AWS Network Firewall. Create an AWS Lambda function that will create a Drop action rule in the firewall policy. Configure the Lambda function to run in response to new Security Hub findings that come from GuardDuty
  
  D : Create an AWS Lambda function that will create a GuardDuty suppression rule. Configure the Lambda function to run in response to new Security Hub findings that come from GuardDuty.
  
  Answer: B
Question 5
- A space exploration company receives telemetry data from multiple satellites. Small packets of data are received through Amazon API Gateway and are placed directly into an Amazon Simple Queue Service (Amazon SQS) standard queue. A custom application is subscribed to the queue and transforms the data into a standard format.
  Because of inconsistencies in the data that the satellites produce, the application is occasionally unable to transform the data. In these cases, the messages remain in the SQS queue. A DevOps engineer must develop a solution that retains the failed messages and makes them available to scientists for review and future processing.
  Which solution will meet these requirements?
  
  A : Configure AWS Lambda to poll the SQS queue and invoke a Lambda function to check whether the queue messages are valid. If validation fails, send a copy of the data that is not valid to an Amazon S3 bucket so that the scientists can review and correct the data. When the data is corrected, amend the message in the SQS queue by using a replay Lambda function with the corrected data.
  
  B : Convert the SQS standard queue to an SQS FIFO queue. Configure AWS Lambda to poll the SQS queue every 10 minutes by using an Amazon EventBridge schedule. Invoke the Lambda function to identify any messages with a SentTimestamp value that is older than 5 minutes, push the data to the same location as the application's output location, and remove the messages from the queue.
  
  C : Create an SQS dead-letter queue. Modify the existing queue by including a redrive policy that sets the Maximum Receives setting to 1 and sets the dead-letter queue ARN to the ARN of the newly created queue. Instruct the scientists to use the dead-letter queue to review the data that is not valid. Reprocess this data at a later time.
  
  D : Configure API Gateway to send messages to different SQS virtual queues that are named for each of the satellites. Update the application to use a new virtual queue for any data that it cannot transform, and send the message to the new virtual queue. Instruct the scientists to use the virtual queue to review the data that is not valid. Reprocess this data at a later time.
  
  Answer: C

Free Amazon DOP-C02 Exam Questions

Try our Free Demo Practice Tests for Comprehensive DOP-C02 Exam Preparation