Amazon Web Services DOP-C02 Exam With Confidence Using Practice Dumps

CloudWatch metric filters can parse logs directly to create metrics without additional infrastructure.

Metric filters combined with CloudWatch dashboards provide the simplest and most operationally efficient solution.

Options A, B, and D add complexity with additional services (OpenSearch, Lambda, Kinesis).

For pull through cache repositories, Amazon ECR now supports repository creation templates that can be applied to a registry prefix, such as /external. These templates define default settings, including encryption configuration with a specific KMS key, tag immutability, scan on push, and more. When new cache repositories are auto-created under that prefix, they inherit the template settings automatically.

In this scenario, existing external cache repositories are noncompliant because they use SSE-S3. The company can delete those repositories (removing the noncompliant caches) and configure an ECR repository creation template for the /external prefix that specifies the required customer managed KMS key. As new images are pulled, ECR recreates the cache repositories under that prefix with KMS encryption using the specified key, guaranteeing compliance going forward.

Option A (AWS Config) would only detect noncompliance after creation and cannot enforce encryption at creation time. Option C (SCP) cannot directly control repository encryption properties. Option D misuses EventBridge; KMS cannot be a “target” that retroactively encrypts repositories.

Therefore, using an ECR repository creation template with the desired KMS key is the correct, automatic, and secure solution.

The “fan-out” batch build type in AWS CodeBuild allows running multiple builds in parallel for different subsets of tests, reducing overall test execution time. CodeBuild then aggregates the results into a single consolidated report. This approach is detailed in the AWS documentation under “Batch builds and parallel execution with CodeBuild.”