Amazon Web Services DOP-C02 Practice Exam Dumps 2025

Amazon Web Services Related Exams

Amazon Web Services SOA-C01

AWS Certified SysOps Administrator - Associate

View Detail

Amazon Web Services MLS-C01

AWS Certified Machine Learning - Specialty

View Detail

Amazon Web Services AXS-C01

AWS Certified Alexa Skill Builder-Specialty

View Detail

Amazon Web Services SAA-C03

AWS Certified Solutions Architect - Associate (SAA-C03)

View Detail

Amazon Web Services ANS-C01

Amazon AWS Certified Advanced Networking - Specialty

View Detail

Amazon Web Services DVA-C02

AWS Certified Developer - Associate

View Detail

Amazon Web Services SCS-C02

AWS Certified Security - Specialty

View Detail

Amazon Web Services CLF-C02

AWS Certified Cloud Practitioner

View Detail

Amazon Web Services Data-Engineer-Associate

AWS Certified Data Engineer - Associate (DEA-C01)

View Detail

Amazon Web Services AIF-C01

AWS Certified AI Practitioner Exam

View Detail

Last Week Results

32 Customers Passed Amazon Web Services
DOP-C02 Exam

Average Score In Real Exam

86.7%

Questions came word for word from this dump

88.6%

Amazon Web Services Bundle Exams

Duration: 3 to 12 Months

7 Certifications

17 Exams

Amazon Web Services Updated Exams

Most authenticate information

Prepare within Days

Time-Saving Study Content

90 to 365 days Free Update

$249.6*

View Detail

Free DOP-C02 Exam Dumps

AWS Certified DevOps Engineer - Professional Questions and Answers

Question 1

A company uses AWS Secrets Manager to store a set of sensitive API keys that an AWS Lambda function uses. When the Lambda function is invoked, the Lambda function retrieves the API keys and makes an API call to an external service. The Secrets Manager secret is encrypted with the default AWS Key Management Service (AWS KMS) key.

A DevOps engineer needs to update the infrastructure to ensure that only the Lambda function ' s execution role can access the values in Secrets Manager. The solution must apply the principle of least privilege.

Which combination of steps will meet these requirements? (Select TWO.)

Options:

Update the default KMS key for Secrets Manager to allow only the Lambda function ' s execution role to decrypt.

Create a KMS customer managed key that trusts Secrets Manager and allows the Lambda function ' s execution role to decrypt. Update Secrets Manager to use the new customer managed key.

Create a KMS customer managed key that trusts Secrets Manager and allows the account ' s :root principal to decrypt. Update Secrets Manager to use the new customer managed key.

Ensure that the Lambda function ' s execution role has the KMS permissions scoped on the resource level. Configure the permissions so that the KMS key can encrypt the Secrets Manager secret.

Remove all KMS permissions from the Lambda function ' s execution role.

Buy Now

Answer:

B, D

Explanation:

The requirement is to update the infrastructure to ensure that only the Lambda function’s execution role can access the values in Secrets Manager. The solution must apply the principle of least privilege, which means granting the minimum permissions necessary to perform a task.

To do this, the DevOps engineer needs to use the following steps:

Create a KMS customer managed key that trusts Secrets Manager and allows the Lambda function’s execution role to decrypt. A customer managed key is a symmetric encryption key that is fully managed by the customer. The customer can define the key policy, which specifies who can use and manage the key. By creating a customer managed key, the DevOps engineer can restrict the decryption permission to only the Lambda function’s execution role, and prevent other principals from accessing the secret values. The customer managed key also needs to trust Secrets Manager, which means allowing Secrets Manager to use the key to encrypt and decrypt secrets on behalf of the customer.

Update Secrets Manager to use the new customer managed key. Secrets Manager allows customers to choose which KMS key to use for encrypting each secret. By default, Secrets Manager uses the default KMS key for Secrets Manager, which is a service-managed key that is shared by all customers in the same AWS Region. By updating Secrets Manager to use the new customer managed key, the DevOps engineer can ensure that only the Lambda function’s execution role can decrypt the secret values using that key.

Ensure that the Lambda function’s execution role has the KMS permissions scoped on the resource level. The Lambda function’s execution role is an IAM role that grants permissions to the Lambda function to access AWS services and resources. The role needs to have KMS permissions to use the customer managed key for decryption. However, to apply the principle of least privilege, the role should have the permissions scoped on the resource level, which means specifying the ARN of the customer managed key as a condition in the IAM policy statement. This way, the role can only use that specific key and not any other KMS keys in the account.

Question 2

A company runs an application on an Amazon Elastic Container Service (Amazon ECS) service by using the AWS Fargate launch type. The application consumes messages from an Amazon Simple Queue Service (Amazon SQS) queue. The application can take several minutes to process each message from the queue. When the application processes a message, the application reads a file from an Amazon S3 bucket and processes the data in the file. The application writes the processed output to a second S3 bucket. The company uses Amazon CloudWatch Logs to monitor processing errors and to ensure that the application processes messages successfully.

The SQS queue typically receives a low volume of messages. However, occasionally the queue receives higher volumes of messages. A DevOps engineer needs to implement a solution to reduce the processing time of message bursts.

Which solution will meet this requirement in the MOST cost-effective way?

Options:

Register the ECS service as a scalable target in AWS Application Auto Scaling. Configure a target tracking scaling policy to scale the service in response to the queue size.

Increase the maximum number of messages that Amazon SQS requests to batch messages together. Use long polling to minimize the number of API calls to Amazon SQS during periods of low traffic.

Send messages to an Amazon EventBridge event bus instead of the SQS queue. Replace the ECS service with an EventBridge rule that launches ECS tasks in response to matching events.

Create an Auto Scaling group of EC2 instances. Create a capacity provider in the ECS cluster by using the Auto Scaling group. Change the ECS service to use the EC2 launch type.

Question 3

A DevOps engineer needs to implement a CI/CD pipeline that uses AWS CodeBuild to run a test suite. The test suite contains many test cases and takes a long time to finish running. The DevOps engineer wants to reduce the duration to run the tests. However, the DevOps engineer still wants to generate a single test report for all the test cases.

Which solution will meet these requirements?

Options:

Run the test suite in a batch build type of build matrix by using the codebuild-tests-run command.

Run the test suite in a batch build type of build fanout by using the codebuild-tests-run command.

Run the test suite in a batch build type of build list by using different subsets of the test cases.

Run the test suite in a batch build type of build graph by using different subsets of the test cases.

Pre-Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

DOP-C02 Exam Dumps : AWS Certified DevOps Engineer - Professional

Amazon Web Services Related Exams

Verified By IT Certified Experts

CertsTopics.com Certified Safe Files

Up-To-Date Exam Study Material

99.5% High Success Pass Rate

100% Accurate Answers

Instant Downloads

Exam Questions And Answers PDF

Try Demo Before You Buy

AWS Certified DevOps Engineer - Professional Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

CompTIA

Fortinet

Microsoft

Salesforce