Amazon Web Services Updated DOP-C02 Exam Questions and Answers by brooklyn

Comprehensive and Detailed Explanation From Exact Extract:

The default CPU utilization metric does not reflect the processing backlog in the SQS queue, so the Auto Scaling group is not scaling properly to handle the workload.

To scale the Auto Scaling group based on queue length, you can create a target tracking scaling policy that uses a custom metric that combines the SQS queue's ApproximateNumberOfMessagesVisible and the number of instances (GroupIn-ServiceInstances) metric using CloudWatch metric math. This allows the scaling policy to calculate the average number of messages per instance and scale accordingly.

This approach requires no additional Lambda functions or log processing, thus minimizing operational overhead.

Option A and B require Lambda functions to publish custom metrics, which increases operational complexity. Option D also adds complexity with logging and metric filters.

The best solution to log and review all stopped tasks for errors is to use Amazon EventBridge and Amazon CloudWatch Logs. Amazon EventBridge allows the DevOps engineer to create a rule that matches task state change events from Amazon ECS. The rule can then send the event data to Amazon CloudWatch Logs as the target. Amazon CloudWatch Logs can store and monitor the log data, and also provide CloudWatch Logs Insights, a feature that enables the DevOps engineer to interactively search and analyze the log data. Using CloudWatch Logs Insights, the DevOps engineer can filter and aggregate the log data based on various fields, such as cluster, task, container, and reason. This way, the DevOps engineer can easily identify and investigate the stopped tasks and their errors.

The other options are not as effective or efficient as the solution in option A. Option B is not suitable because the embedded metric format is designed for custom metrics, not for logging task state changes. Option C is not feasible because the EC2 instances do not store the task state change events in their logs. Option D is not relevant because the EC2_INSTANCE_TERMINATING lifecycle hook is triggered when an EC2 instance is terminated by the Auto Scaling group, not when a task is stopped by Amazon ECS.

Creating a CloudWatch Events Rule That Triggers on an Event - Amazon Elastic Container Service

Sending and Receiving Events Between AWS Accounts - Amazon EventBridge

Working with Log Data - Amazon CloudWatch Logs

Analyzing Log Data with CloudWatch Logs Insights - Amazon CloudWatch Logs

Embedded Metric Format - Amazon CloudWatch

Amazon EC2 Auto Scaling Lifecycle Hooks - Amazon EC2 Auto Scaling

Comprehensive & Detailed Explanation (150–250 words):

EKS control plane nodes are fully managed by AWS and are not accessible for configuration, SSH, SSM commands, or custom workloads. Therefore, any prefetching of container images must occur on the worker nodes (EC2 instances in the node groups) because those are the machines that pull and cache container images before running pods.

Option C is the only solution that aligns with AWS architecture:

It creates an IAM role allowing Systems Manager Run Command to execute on EC2 worker nodes.

It uses node group tags to target the correct nodes dynamically.

State Manager runs the prefetch script whenever triggered by the EventBridge automation — ensuring newly added nodes pre-pull images and reduce cold-start latency to seconds.

Options A and D are invalid because you cannot run Systems Manager commands on EKS control plane nodes; AWS manages them and does not expose them. Option B incorrectly targets node groups based on machine size, which does not provide reliable node identification or filtering.

Thus, Option C provides the correct, scalable, and supported method for prefetching images across all worker nodes.