Stay ahead with 100% Free AWS Certified DevOps Engineer- Professional DOP-C02 Dumps Practice Questions
A company is using AWS to run digital workloads. Each application team in the company has its own AWS
account for application hosting. The accounts are consolidated in an organization in AWS Organizations.
The company wants to enforce security standards across the entire organization. To avoid noncompliance
because of security misconfiguration, the company has enforced the use of AWS CloudFormation. A
production support team can modify resources in the production environment by using the AWS Management
Console to troubleshoot and resolve application-related issues.
A DevOps engineer must implement a solution to identify in near real time any AWS service misconfiguration
that results in noncompliance. The solution must automatically remediate the issue within 15 minutes of
identification. The solution also must track noncompliant resources and events in a centralized dashboard with
accurate timestamps.
Which solution will meet these requirements with the LEAST development overhead?
A company manages multiple AWS accounts in AWS Organizations. The company's security policy states
that AWS account root user credentials for member accounts must not be used. The company monitors access
to the root user credentials.
A recent alert shows that the root user in a member account launched an Amazon EC2 instance. A DevOps
engineer must create an SCP at the organization's root level that will prevent the root user in member accounts
from making any AWS service API calls.
Which SCP will meet these requirements?
A company's DevOps engineer is creating an AWS Lambda function to process notifications from an Amazon
Simple Notification Service (Amazon SNS) topic. The Lambda function will process the notification messages
and will write the contents of the notification messages to an Amazon RDS Multi-AZ DB instance.
During testing a database administrator accidentally shut down the DB instance. While the database was down
the company lost several of the SNS notification messages that were delivered during that time.
The DevOps engineer needs to prevent the loss of notification messages in the future
Which solutions will meet this requirement? (Select TWO.)
A company uses an Amazon Elastic Kubernetes Service (Amazon EKS) cluster to deploy its web applications on containers. The web applications contain confidential data that cannot be decrypted without specific credentials.
A DevOps engineer has stored the credentials in AWS Secrets Manager. The secrets are encrypted by an AWS Key Management Service (AWS KMS) customer managed key. A Kubernetes service account for a third-party tool makes the secrets available to the applications. The service account assumes an IAM role that the company created to access the secrets.
The service account receives an Access Denied (403 Forbidden) error while trying to retrieve the secrets from Secrets Manager.
What is the root cause of this issue?
© Copyrights TheExamsLab 2025. All Rights Reserved
We use cookies to ensure your best experience. So we hope you are happy to receive all cookies on the TheExamsLab.