DOP-C02 Exam Dumps : AWS Certified DevOps Engineer - Professional

The requirement is not just to perform a one-time upgrade, but to ensure that Kubernetes and related components stay continuously within the AWS standard support window, with minimal ongoing effort. EKS Auto Mode is designed to reduce operational burden by managing cluster infrastructure, including control plane and data plane lifecycle, in a more automated fashion. When EKS Auto Mode is enabled and existing managed node groups are removed, EKS can manage compute capacity and associated upgrades in a more integrated, hands-off way, tracking supported versions automatically.

Option A (aws eks update-cluster-version) and Option C (eksctl upgrade) are both manual upgrade mechanisms. They can update clusters to a specific version but do not continuously ensure future upgrades as new supported versions are released; they require the DevOps team to schedule and execute each upgrade. Option D (IaC refactor) is generally a good practice but does not inherently provide automatic version lifecycle management; it also introduces significant upfront effort compared to enabling Auto Mode.

Thus, enabling EKS Auto Mode and deprecating manual managed node groups provides the least operational overhead for staying within the EKS-supported version schedule.

Amazon ECR enhanced scanning uses Amazon Inspector for vulnerability detection.

EventBridge can capture Inspector scan findings.

Lambda can process scan findings and reject manual approval if critical vulnerabilities exist.

Options A and C use incorrect or less integrated services (basic scanning or Detective).

Option B adds unnecessary complexity with SBOM and Athena.

Refactor User Data to Use cfn-init and cfn-hup:

cfn-init helps to bootstrap the instance, installing packages and starting services.

cfn-hup is a daemon that can monitor metadata changes and re-apply configurations when necessary.

Example user data script with cfn-init:

#!/bin/bash

yum update -y

yum install -y aws-cfn-bootstrap

/opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource WebServer --region ${AWS::Region}

/opt/aws/bin/cfn-hup

Use Systems Manager State Manager:

State Manager can automatically apply an AWS Systems Manager document to instances at regular intervals, ensuring configurations are kept up-to-date.

Steps:

Create an SSM document that installs and configures your application.

Use State Manager to associate this document with your EC2 instances.

Example SSM document:

{

"schemaVersion": "2.2",

"description": "Install My Application",

"mainSteps": [

{

"action": "aws:runShellScript",

"name": "installApplication",

"inputs": {

"runCommand": [

"yum install -y my-application"

]

}

}

]

}

Create State Manager association:

aws ssm create-association --name "InstallMyApplication" --instance-id --document-version "\$LATEST"