Amazon Web Services help2pass passed Exam Today Dop-c02 by Kiyan q8 vce pdf

Page: 16 / 30

Exam Name:	AWS Certified DevOps Engineer - Professional
Exam Code:	DOP-C02 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Professional
Questions:	407 Q&A's	Shared By:	kiyan

Question 64

A company uses AWS Directory Service for Microsoft Active Directory as its identity provider (IdP). The company requires all infrastructure to be

defined and deployed by AWS CloudFormation.

A DevOps engineer needs to create a fleet of Windows-based Amazon EC2 instances to host an application. The DevOps engineer has created a

CloudFormation template that contains an EC2 launch template, IAM role, EC2 security group, and EC2 Auto Scaling group. The DevOps engineer must implement a solution that joins all EC2 instances to the domain of the AWS Managed Microsoft AD directory.

Which solution will meet these requirements with the MOST operational efficiency?

Options:

In the CloudFormation template, create an AWS::SSM::Document resource that joins the EC2 instance to the AWS Managed Microsoft AD domain by using the parameters for the existing directory. Update the launch template to include the SSMAssociation property to use the new SSM document. Attach the AmazonSSMManagedlnstanceCore and AmazonSSMDirectoryServiceAccess AWS managed policies to the IAM role that the EC2 instances use.

In the CloudFormation template, update the launch template to include specific tags that propagate on launch. Create an AWS::SSM::Association resource to associate the AWS-JoinDirectoryServiceDomain Automation runbook with the EC2 instances that have the specified tags. Define the required parameters to join the AWS Managed Microsoft AD directory. Attach the AmazonSSMManagedlnstanceCore and AmazonSSMDirectoryServiceAccess AWS managed polici

Store the existing AWS Managed Microsoft AD domain connection details in AWS Secrets Manager. In the CloudFormation template, create an AWS::SSM::Association resource to associate the AWS-CreateManagedWindowslnstanceWithApproval Automation runbook with the EC2 Auto Scaling group. Pass the ARNs for the parameters from Secrets Manager to join the domain. Attach the AmazonSSMDirectoryServiceAccess and SecretsManagerReadWrite AWS managed polici

Store the existing AWS Managed Microsoft AD domain administrator credentials in AWS Secrets Manager. In the CloudFormation template, update the EC2 launch template to include user data. Configure the user data to pull the administrator credentials from Secrets Manager and to join the AWS Managed Microsoft AD domain. Attach the AmazonSSMManagedlnstanceCore and SecretsManagerReadWrite AWS managed policies to the IAM role that the EC2 instance

Discussion

Question 65

A company is hosting a static website from an Amazon S3 bucket. The website is available to customers at example.com. The company uses an Amazon Route 53 weighted routing policy with a TTL of 1 day. The company has decided to replace the existing static website with a dynamic web application. The dynamic web application uses an Application Load Balancer (ALB) in front of a fleet of Amazon EC2 instances.

On the day of production launch to customers, the company creates an additional Route 53 weighted DNS record entry that points to the ALB with a weight of 255 and a TTL of 1 hour. Two days later, a DevOps engineer notices that the previous static website is displayed sometimes when customers navigate to example.com.

How can the DevOps engineer ensure that the company serves only dynamic content for example.com?

Options:

Delete all objects, including previous versions, from the S3 bucket that contains the static website content.

Update the weighted DNS record entry that points to the S3 bucket. Apply a weight of 0. Specify the domain reset option to propagate changes immediately.

Configure webpage redirect requests on the S3 bucket with a hostname that redirects to the ALB.

Remove the weighted DNS record entry that points to the S3 bucket from the example.com hosted zone. Wait for DNS propagation to become complete.

Discussion

Question 66

A DevOps engineer needs to implement integration tests into an existing AWS CodePipelme CI/CD workflow for an Amazon Elastic Container Service (Amazon ECS) service. The CI/CD workflow retrieves new application code from an AWS CodeCommit repository and builds a container image. The CI/CD workflow then uploads the container image to Amazon Elastic Container Registry (Amazon ECR) with a new image tag version.

The integration tests must ensure that new versions of the service endpoint are reachable and that vanous API methods return successful response data The DevOps engineer has already created an ECS cluster to test the service

Which combination of steps will meet these requirements with the LEAST management overhead? (Select THREE.)

Options:

Add a deploy stage to the pipeline Configure Amazon ECS as the action provider

Add a deploy stage to the pipeline Configure AWS CodeDeploy as the action provider

Add an appspec.yml file to the CodeCommit repository

Update the image build pipeline stage to output an imagedefinitions json file that references the new image tag.

Create an AWS Lambda function that runs connectivity checks and API calls against the service. Integrate the Lambda function with CodePipeline by using aLambda action stage

Write a script that runs integration tests against the service. Upload the script to an Amazon S3 bucket. Integrate the script in the S3 bucket with CodePipeline by using an S3 action stage.

Discussion

Answer:

A, D, E

Explanation:

 Add a Deploy Stage to the Pipeline, Configure Amazon ECS as the Action Provider:

By adding a deploy stage to the pipeline and configuring Amazon ECS as the action provider, the pipeline can automatically deploy the new container image to the ECS cluster.

This ensures that the service is updated with the new image tag, making the new version of the service endpoint reachable.

[Reference: AWS CodePipeline with ECS,  Update the Image Build Pipeline Stage to Output an imagedefinitions.json File that References the New Image Tag:, The imagedefinitions.json file provides the necessary information about the container images and their tags for the ECS task definitions., Updating the pipeline to output this file ensures that the correct image version is deployed., Example imagedefinitions.json, , [, {, "name": "container-name",, "imageUri": "123456789012.dkr.ecr.region.amazonaws.com/my-repo:my-tag", }, ], , ,  Reference: CodePipeline ECS Deployment,  Create an AWS Lambda Function that Runs Connectivity Checks and API Calls against the Service. Integrate the Lambda Function with CodePipeline by Using a Lambda Action Stage:, The Lambda function can perform the necessary integration tests by making connectivity checks and API calls to the deployed service endpoint., Integrating this Lambda function into CodePipeline ensures that these tests are run automatically after deployment, providing near-real-time feedback on the new deployment’s health., , Example Lambda function integration:, actions:, - name: TestService, actionTypeId:, category: Test, owner: AWS, provider: Lambda, version: 1, runOrder: 2, configuration:, FunctionName: testServiceFunction, , Reference: Integrating Lambda with CodePipeline, These steps ensure that the CI/CD workflow deploys the new container image to ECS, updates the image references, and performs integration tests, meeting the requirements with minimal management overhead., , , , ]

Question 67

A company in a highly regulated industry is building an artifact by using AWS CodeBuild and AWS CodePipeline. The company must connect to an external authenticated API during the building process.

The company's DevOps engineer needs to encrypt the build outputs by using an AWS Key Management Service (AWS KMS) key. The external API credentials must be reset each month. The DevOps engineer has created a new key in AWS KMS.

Which solution will meet these requirements?

Options:

Store the API credentials in AWS Systems Manager Parameter Store. Update the key policy for the CodeBuild IAM service role to have access to the KMS key. Set CODEBUILD_KMS_KEY_ID as the new key ID.

Store the API credentials in AWS Systems Manager Parameter Store. Update the key policy for the CodePipeline IAM service role to have access to the KMS key. Add the key to the pipeline.

Store the API credentials in AWS Secrets Manager. Update the key policy for the CodeBuild IAM service role to have access to the KMS key. Set CODEBUILD_KMS_KEY_ID as the new key ID.

Store the API credentials in AWS Secrets Manager. Update the key policy for the CodePipeline IAM service role to have access to the KMS key. Add the key to the pipeline.

Discussion

Cecilia

Yes, I passed my certification exam using Cramkey Dumps.

Helena Dec 19, 2025

Great. Yes they are really effective

Lennox

Something Special that they provide a comprehensive overview of the exam content. They cover all the important topics and concepts, so you can be confident that you are well-prepared for the test.

Aiza Dec 6, 2025

That makes sense. What makes Cramkey Dumps different from other study materials?

Nylah

I've been looking for good study material for my upcoming certification exam. Need help.

Dolly Dec 5, 2025

Then you should definitely give Cramkey Dumps a try. They have a huge database of questions and answers, making it easy to study and prepare for the exam. And the best part is, you can be sure the information is accurate and relevant.

Hendrix

Great website with Great Exam Dumps. Just passed my exam today.

Luka Dec 17, 2025

Absolutely. Cramkey Dumps only provides the latest and most updated exam questions and answers.

Carson

Yeah, definitely. I would definitely recommend Cramkey Dumps to anyone who is preparing for an exam.

Rufus Dec 16, 2025

Me too. They're a lifesaver!

Page: 16 / 30

Title

Questions

Posted