DOP-C02 (Page 11)

A company must encrypt all AMIs that the company shares across accounts.A DevOps engineer has access to a source account where an unencrypted custom AMI has been built.The DevOps engineer also has access to a target account where an Amazon EC2 Auto Scaling group will launch EC2 instances from the AMI.The DevOps engineer must share the AMI with the target account.The company has created an AWS Key Management Service (AWS KMS) key in the source account.Which additional steps should the DevOps engineer perform to meet the requirements? (Choose three.)Read More →

A company requires its internal business teams to launch resources through pre-approved AWS CloudFormation templates only.The security team requires automated monitoring when resources drift from their expected state.Which strategy should be used to meet these requirements?Read More →

A company’s application development team uses Linux-based Amazon EC2 instances as bastion hosts.Inbound SSH access to the bastion hosts is restricted to specific IP addresses, as defined in the associated security groups.The company’s security team wants to receive a notification if the security group rules are modified to allow SSH access from any IP address.What should a DevOps engineer do to meet this requirement?Read More →

A company uses an organization in AWS Organizations to manage multiple AWS accounts.The company needs an automated process across all AWS accounts to isolate any compromised Amazon EC2 instances when the instances receive a specific tag.Which combination of steps will meet these requirements? (Choose two.)Read More →

A company’s DevOps engineer is creating an AWS Lambda function to process notifications from an Amazon Simple Notification Service (Amazon SNS) topic.The Lambda function will process the notification messages and will write the contents of the notification messages to an Amazon RDS Multi-AZ DB instance.During testing, a database administrator accidentally shut down the DB instance.While the database was down the company lost several of the SNS notification messages that were delivered during that time.The DevOps engineer needs to prevent the loss of notification messages in the future.Which solutions will meet this requirement? (Choose two.)Read More →

A company is divided into teams.Each team has an AWS account, and all the accounts are in an organization in AWS Organizations.Each team must retain full administrative rights to its AWS account.Each team also must be allowed to access only AWS services that the company approves for use.AWS services must gain approval through a request and approval process.How should a DevOps engineer configure the accounts to meet these requirements?Read More →

A company uses AWS Organizations to manage its AWS accounts.The organization root has an OU that is named Environments.The Environments OU has two child OUs that are named Development and Production, respectively.The Environments OU and the child OUs have the default FullAWSAccess policy in place.A DevOps engineer plans to remove the FullAWSAccess policy from the Development OU and replace the policy with a policy that allows all actions on Amazon EC2 resources.What will be the outcome of this policy replacement?Read More →

A company has configured Amazon RDS storage autoscaling for its RDS DB instances.A DevOps team needs to visualize the autoscaling events on an Amazon CloudWatch dashboard.Which solution will meet this requirement?Read More →

A company wants to use a grid system for a proprietary enterprise in-memory data store on top of AWS.This system can run in multiple server nodes in any Linux-based distribution.The system must be able to reconfigure the entire cluster every time a node is added or removed.When adding or removing nodes, an /etc/cluster/nodes.config file must be updated, listing the IP addresses of the current node members of that cluster.The company wants to automate the task of adding new nodes to a cluster.What can a DevOps engineer do to meet these requirements?Read More →

A company has an AWS Control Tower landing zone that manages its organization in AWS Organizations.The company created an OU structure that is based on the company’s requirements.The company’s DevOps team has established the core accounts for the solution and an account for all centralized AWS CloudFormation and AWS Service Catalog solutions.The company wants to offer a series of customizations that an account can request through AWS Control Tower.Which combination of steps will meet these requirements? (Choose three.)Read More →