CertsTopics Logo

Spring Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

DOP-C02 Leak Questions

Page: 19 / 30
Total 425 questions
Get DOP-C02 Full Access Download DOP-C02 PDF

AWS Certified DevOps Engineer - Professional Questions and Answers

Question 73

A company uses AWS Lambda functions in the primary operating AWS Region of its AWS account. The company manually created the Lambda functions.

The company needs to use a Python-based AWS Cloud Development Kit (AWS CDK) application to manage the Lambda functions.

Which solution meets these requirements with the LEAST implementation effort?

Options:

A.

Start a partial scan by using the AWS CloudFormation IaC generator. Filter by the Lambda resource type. Create an AWS CDK app from the scanned resources.

B.

Start a partial scan by using the AWS CloudFormation IaC generator. Filter by the Lambda resource type. Create a CloudFormation template from the scanned resources. Convert the template to an AWS CDK app.

C.

Start a partial scan by using the AWS CloudFormation IaC generator. Filter by the Lambda resource type. Create a CloudFormation template. Replace the code properties, then convert the template to an AWS CDK app.

D.

Create a resource inventory by using AWS Config. Filter by the Lambda resource type. Export the inventory to a .csv file. Write an AWS CDK app that references the Lambda functions from the .csv file.

Question 74

A company uses an organization in AWS Organizations to manage its AWS accounts. The company ' s DevOps team has developed an AWS Lambda function that calls the Organizations API to create new AWS accounts.

The Lambda function runs in the organization ' s management account. The DevOps team needs to move the Lambda function from the management account to a dedicated AWS account. The DevOps team must ensure that the Lambda function has the ability to create new AWS accounts only in Organizations before the team deploys the Lambda function to the new account.

Which solution will meet these requirements?

Options:

A.

In the management account, create a new IAM role that has the necessary permission to create new accounts in Organizations. Allow the role to be assumed by the Lambda execution role in the new AWS account. Update the Lambda function code to assume the role when the Lambda function creates new AWS accounts. Update the Lambda execution role to ensure that it has permission to assume the new role.

B.

In the management account, turn on delegated administration for Organizations. Create a new delegation policy that grants the new AWS account permission to create new AWS accounts in Organizations. Ensure that the Lambda execution role has the organizations:CreateAccount permission.

C.

In the management account, create a new IAM role that has the necessary permission to create new accounts in Organizations. Allow the role to be assumed by the Lambda service principal. Update the Lambda function code to assume the role when the Lambda function creates new AWS accounts. Update the Lambda execution role to ensure that it has permission to assume the new role.

D.

In the management account, enable AWS Control Tower. Turn on delegated administration for AWS Control Tower. Create a resource policy that allows the new AWS account to create new AWS accounts in AWS Control Tower. Update the Lambda function code to use the AWS Control Tower API in the new AWS account. Ensure that the Lambda execution role has the controltower:CreateManagedAccount permission.

Question 75

A DevOps engineer needs to implement a CI/CD pipeline that uses AWS CodeBuild to run a test suite. The test suite contains many test cases and takes a long time to finish running. The DevOps engineer wants to reduce the duration to run the tests. However, the DevOps engineer still wants to generate a single test report for all the test cases.

Which solution will meet these requirements?

Options:

A.

Run the test suite in a batch build type of build matrix by using the codebuild-tests-run command.

B.

Run the test suite in a batch build type of build fanout by using the codebuild-tests-run command.

C.

Run the test suite in a batch build type of build list by using different subsets of the test cases.

D.

Run the test suite in a batch build type of build graph by using different subsets of the test cases.

Question 76

A large enterprise is deploying a web application on AWS. The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application stores data in an Amazon RDS for Oracle DB instance and Amazon DynamoDB. There are separate environments tor development testing and production.

What is the MOST secure and flexible way to obtain password credentials during deployment?

Options:

A.

Retrieve an access key from an AWS Systems Manager securestring parameter to access AWS services. Retrieve the database credentials from a Systems Manager SecureString parameter.

B.

Launch the EC2 instances with an EC2 1AM role to access AWS services Retrieve the database credentials from AWS Secrets Manager.

C.

Retrieve an access key from an AWS Systems Manager plaintext parameter to access AWS services. Retrieve the database credentials from a Systems Manager SecureString parameter.

D.

Launch the EC2 instances with an EC2 1AM role to access AWS services Store the database passwords in an encrypted config file with the application artifacts.

Page: 19 / 30
Total 425 questions
Get DOP-C02 Full Access Download DOP-C02 PDF