Amazon Web Services help2pass passed Exam Today Dop-c02 by Kiyan q8 vce pdf

Page: 16 / 30

Exam Name:	AWS Certified DevOps Engineer - Professional
Exam Code:	DOP-C02 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Professional
Questions:	407 Q&A's	Shared By:	kiyan

Question 64

A company uses AWS Directory Service for Microsoft Active Directory as its identity provider (IdP). The company requires all infrastructure to be

defined and deployed by AWS CloudFormation.

A DevOps engineer needs to create a fleet of Windows-based Amazon EC2 instances to host an application. The DevOps engineer has created a

CloudFormation template that contains an EC2 launch template, IAM role, EC2 security group, and EC2 Auto Scaling group. The DevOps engineer must implement a solution that joins all EC2 instances to the domain of the AWS Managed Microsoft AD directory.

Which solution will meet these requirements with the MOST operational efficiency?

Options:

In the CloudFormation template, create an AWS::SSM::Document resource that joins the EC2 instance to the AWS Managed Microsoft AD domain by using the parameters for the existing directory. Update the launch template to include the SSMAssociation property to use the new SSM document. Attach the AmazonSSMManagedlnstanceCore and AmazonSSMDirectoryServiceAccess AWS managed policies to the IAM role that the EC2 instances use.

In the CloudFormation template, update the launch template to include specific tags that propagate on launch. Create an AWS::SSM::Association resource to associate the AWS-JoinDirectoryServiceDomain Automation runbook with the EC2 instances that have the specified tags. Define the required parameters to join the AWS Managed Microsoft AD directory. Attach the AmazonSSMManagedlnstanceCore and AmazonSSMDirectoryServiceAccess AWS managed polici

Store the existing AWS Managed Microsoft AD domain connection details in AWS Secrets Manager. In the CloudFormation template, create an AWS::SSM::Association resource to associate the AWS-CreateManagedWindowslnstanceWithApproval Automation runbook with the EC2 Auto Scaling group. Pass the ARNs for the parameters from Secrets Manager to join the domain. Attach the AmazonSSMDirectoryServiceAccess and SecretsManagerReadWrite AWS managed polici

Store the existing AWS Managed Microsoft AD domain administrator credentials in AWS Secrets Manager. In the CloudFormation template, update the EC2 launch template to include user data. Configure the user data to pull the administrator credentials from Secrets Manager and to join the AWS Managed Microsoft AD domain. Attach the AmazonSSMManagedlnstanceCore and SecretsManagerReadWrite AWS managed policies to the IAM role that the EC2 instance

Discussion

Question 65

A company is hosting a static website from an Amazon S3 bucket. The website is available to customers at example.com. The company uses an Amazon Route 53 weighted routing policy with a TTL of 1 day. The company has decided to replace the existing static website with a dynamic web application. The dynamic web application uses an Application Load Balancer (ALB) in front of a fleet of Amazon EC2 instances.

On the day of production launch to customers, the company creates an additional Route 53 weighted DNS record entry that points to the ALB with a weight of 255 and a TTL of 1 hour. Two days later, a DevOps engineer notices that the previous static website is displayed sometimes when customers navigate to example.com.

How can the DevOps engineer ensure that the company serves only dynamic content for example.com?

Options:

Delete all objects, including previous versions, from the S3 bucket that contains the static website content.

Update the weighted DNS record entry that points to the S3 bucket. Apply a weight of 0. Specify the domain reset option to propagate changes immediately.

Configure webpage redirect requests on the S3 bucket with a hostname that redirects to the ALB.

Remove the weighted DNS record entry that points to the S3 bucket from the example.com hosted zone. Wait for DNS propagation to become complete.

Discussion

Ilyas

Definitely. I felt much more confident and prepared because of the Cramkey Dumps. I was able to answer most of the questions with ease and I think that helped me to score well on the exam.

Saoirse Jan 14, 2026

That's amazing. I'm glad you found something that worked for you. Maybe I should try them out for my next exam.

Wyatt

Passed my exam… Thank you so much for your excellent Exam Dumps.

Arjun Jan 20, 2026

That sounds really useful. I'll definitely check it out.

Peyton

Hey guys. Guess what? I passed my exam. Thanks a lot Cramkey, your provided information was relevant and reliable.

Coby Jan 4, 2026

Thanks for sharing your experience. I think I'll give Cramkey a try for my next exam.

Stefan

Thank you so much Cramkey I passed my exam today due to your highly up to date dumps.

Ocean Jan 9, 2026

Agree….Cramkey Dumps are constantly updated based on changes in the exams. They also have a team of experts who regularly review the materials to ensure their accuracy and relevance. This way, you can be sure you're studying the most up-to-date information available.

Sam

Can I get help from these dumps and their support team for preparing my exam?

Audrey Jan 22, 2026

Definitely, you won't regret it. They've helped so many people pass their exams and I'm sure they'll help you too. Good luck with your studies!

Question 66

A DevOps engineer needs to implement integration tests into an existing AWS CodePipelme CI/CD workflow for an Amazon Elastic Container Service (Amazon ECS) service. The CI/CD workflow retrieves new application code from an AWS CodeCommit repository and builds a container image. The CI/CD workflow then uploads the container image to Amazon Elastic Container Registry (Amazon ECR) with a new image tag version.

The integration tests must ensure that new versions of the service endpoint are reachable and that vanous API methods return successful response data The DevOps engineer has already created an ECS cluster to test the service

Which combination of steps will meet these requirements with the LEAST management overhead? (Select THREE.)

Options:

Add a deploy stage to the pipeline Configure Amazon ECS as the action provider

Add a deploy stage to the pipeline Configure AWS CodeDeploy as the action provider

Add an appspec.yml file to the CodeCommit repository

Update the image build pipeline stage to output an imagedefinitions json file that references the new image tag.

Create an AWS Lambda function that runs connectivity checks and API calls against the service. Integrate the Lambda function with CodePipeline by using aLambda action stage

Write a script that runs integration tests against the service. Upload the script to an Amazon S3 bucket. Integrate the script in the S3 bucket with CodePipeline by using an S3 action stage.

Discussion

Answer:

A, D, E

Explanation:

 Add a Deploy Stage to the Pipeline, Configure Amazon ECS as the Action Provider:

By adding a deploy stage to the pipeline and configuring Amazon ECS as the action provider, the pipeline can automatically deploy the new container image to the ECS cluster.

This ensures that the service is updated with the new image tag, making the new version of the service endpoint reachable.

[Reference: AWS CodePipeline with ECS,  Update the Image Build Pipeline Stage to Output an imagedefinitions.json File that References the New Image Tag:, The imagedefinitions.json file provides the necessary information about the container images and their tags for the ECS task definitions., Updating the pipeline to output this file ensures that the correct image version is deployed., Example imagedefinitions.json, , [, {, "name": "container-name",, "imageUri": "123456789012.dkr.ecr.region.amazonaws.com/my-repo:my-tag", }, ], , ,  Reference: CodePipeline ECS Deployment,  Create an AWS Lambda Function that Runs Connectivity Checks and API Calls against the Service. Integrate the Lambda Function with CodePipeline by Using a Lambda Action Stage:, The Lambda function can perform the necessary integration tests by making connectivity checks and API calls to the deployed service endpoint., Integrating this Lambda function into CodePipeline ensures that these tests are run automatically after deployment, providing near-real-time feedback on the new deployment’s health., , Example Lambda function integration:, actions:, - name: TestService, actionTypeId:, category: Test, owner: AWS, provider: Lambda, version: 1, runOrder: 2, configuration:, FunctionName: testServiceFunction, , Reference: Integrating Lambda with CodePipeline, These steps ensure that the CI/CD workflow deploys the new container image to ECS, updates the image references, and performs integration tests, meeting the requirements with minimal management overhead., , , , ]

Question 67

A company in a highly regulated industry is building an artifact by using AWS CodeBuild and AWS CodePipeline. The company must connect to an external authenticated API during the building process.

The company's DevOps engineer needs to encrypt the build outputs by using an AWS Key Management Service (AWS KMS) key. The external API credentials must be reset each month. The DevOps engineer has created a new key in AWS KMS.

Which solution will meet these requirements?

Options:

Store the API credentials in AWS Systems Manager Parameter Store. Update the key policy for the CodeBuild IAM service role to have access to the KMS key. Set CODEBUILD_KMS_KEY_ID as the new key ID.

Store the API credentials in AWS Systems Manager Parameter Store. Update the key policy for the CodePipeline IAM service role to have access to the KMS key. Add the key to the pipeline.

Store the API credentials in AWS Secrets Manager. Update the key policy for the CodeBuild IAM service role to have access to the KMS key. Set CODEBUILD_KMS_KEY_ID as the new key ID.

Store the API credentials in AWS Secrets Manager. Update the key policy for the CodePipeline IAM service role to have access to the KMS key. Add the key to the pipeline.