DOP-C02 Exam Dumps : AWS Certified DevOps Engineer - Professional

Amazon ECR enhanced scanning uses Amazon Inspector for vulnerability detection.

EventBridge can capture Inspector scan findings.

Lambda can process scan findings and reject manual approval if critical vulnerabilities exist.

Options A and C use incorrect or less integrated services (basic scanning or Detective).

Option B adds unnecessary complexity with SBOM and Athena.

The requirement is not just to perform a one-time upgrade, but to ensure that Kubernetes and related components stay continuously within the AWS standard support window, with minimal ongoing effort. EKS Auto Mode is designed to reduce operational burden by managing cluster infrastructure, including control plane and data plane lifecycle, in a more automated fashion. When EKS Auto Mode is enabled and existing managed node groups are removed, EKS can manage compute capacity and associated upgrades in a more integrated, hands-off way, tracking supported versions automatically.

Option A (aws eks update-cluster-version) and Option C (eksctl upgrade) are both manual upgrade mechanisms. They can update clusters to a specific version but do not continuously ensure future upgrades as new supported versions are released; they require the DevOps team to schedule and execute each upgrade. Option D (IaC refactor) is generally a good practice but does not inherently provide automatic version lifecycle management; it also introduces significant upfront effort compared to enabling Auto Mode.

Thus, enabling EKS Auto Mode and deprecating manual managed node groups provides the least operational overhead for staying within the EKS-supported version schedule.

Using an organization trail with logs centralized in the audit account’s S3 bucket ensures compliance and isolation. An EventBridge rule in the audit account triggers on failed login events (ConsoleLogin failed) and sends SNS notifications in near real time.