DOP-C02 Exam Dumps : AWS Certified DevOps Engineer - Professional

AWS Config offers a managed rule called CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK to detect stack drift automatically.

Creating an SNS topic and subscribing the DevOps lead enables simple notification without custom Lambda functions.

An EventBridge rule that triggers on NON_COMPLIANT status (when drift is detected) can send alerts directly to SNS. Option B adds complexity by requiring custom rules and Lambda. Option C incorrectly triggers on COMPLIANT, not NON_COMPLIANT. Option D needs a Lambda for email, while SNS can send email directly. Hence, Option A offers the least operational effort.

To allow an EC2 instance to access CodeArtifact, an IAM role attached via an instance profile must be granted permissions to access the CodeArtifact repository. The EC2 instance assumes this role.

The instance then uses the AWS CLI command aws codeartifact login to authenticate and configure the package manager (e.g., pip) to use the CodeArtifact repository. This command obtains an authorization token and sets up repository credentials securely on the instance.

Service-linked roles (Option A) are managed by AWS services, not used for instance access. CodeArtifact does not support ACLs (Option C), and resource-based policies (Option B) do not grant access to EC2 instances by principal.

This method is standard for securely managing credentials and access to CodeArtifact in automated deployments.

Amazon GuardDuty provides built-in, fully managed threat detection for AWS accounts and workloads, including automatic detection of cryptocurrency mining activity, compromised EC2 instances, command-and-control traffic patterns, and anomalous behaviors. GuardDuty includes multiple threat identifiers such as EC2:CryptoCurrencyActivity.BitcoinToolDetected and EC2:UnauthorizedAccess.CryptoMining. Because this capability is native and requires no custom detection logic, it provides the lowest development and operational overhead compared to alternatives.

When GuardDuty generates a finding, it publishes the event automatically to Amazon EventBridge. The DevOps engineer can create an EventBridge rule that matches the specific mining-related finding types. The target of the rule is an AWS Lambda function that parses instance details from the finding and calls TerminateInstances on the affected EC2 instance.

This enables real-time automated remediation without needing recurring scans, log parsing, or complex data queries.

Options A and B require building custom detection pipelines and maintaining periodic Lambda polling, increasing long-term complexity. Option D (Security Hub) aggregates findings but still relies on GuardDuty for detection, adding unnecessary overhead.

Therefore, GuardDuty + EventBridge + Lambda termination is the easiest, quickest, and most AWS-recommended solution following incident-response best practices.