ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 84 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 84
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company has a guideline that every Amazon EC2 instance must be launched from an AMI that the company’s security team produces. Every month, the security team sends an email message with the latest approved AMIs to all the development teams.

The development teams use AWS CloudFormation to deploy their applications. When developers launch a new service, they have to search their email for the latest AMIs that the security department sent. A DevOps engineer wants to automate the process that the security team uses to provide the AMI IDs to the development teams.

What is the MOST scalable solution that meets these requirements?

  • A. Direct the security team to use CloudFormation to create new versions of the AMIs and to list the AMI ARNs in an encrypted Amazon S3 object as part of the stack’s Outputs section. Instruct the developers to use a cross-stack reference to load the encrypted S3 object and obtain the most recent AMI ARNs.
  • B. Direct the security team to use a CloudFormation stack to create an AWS CodePipeline pipeline that builds new AMIs and places the latest AMI ARNs in an encrypted Amazon S3 object as part of the pipeline output. Instruct the developers to use a cross-stack reference within their own CloudFormation template to obtain the S3 object location and the most recent AMI ARNs.
  • C. Direct the security team to use Amazon EC2 Image Builder to create new AMIs and to place the AMI ARNs as parameters in AWS Systems Manager Parameter Store. Instruct the developers to specify a parameter of type SSM in their CloudFormation stack to obtain the most recent AMI ARNs from Parameter Store.
  • D. Direct the security team to use Amazon EC2 Image Builder to create new AMIs and to create an Amazon Simple Notification Service (Amazon SNS) topic so that every development team can receive notifications. When the development teams receive a notification, instruct them to write an AWS Lambda function that will update their CloudFormation stack with the most recent AMI ARNs.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by ParagSanyashiv at May 9, 2023, 3:58 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
thanhnv142
Highly Voted 1 year, 2 months ago
Selected Answer: C
C is correct: <automate the process that the security team uses to provide the AMI IDs to the development teams> and <MOST scalable solution> means we need a pipeline (imange builder) to build AMI and to automate sharing A and B: no mention of EC2 Imange builder, which is better than codepipeline in building Ec2 image D: They have to do this manually
upvoted 6 times
...
ad3fdb1
Most Recent 5 months, 2 weeks ago
A question to answer of option C - is it able to update the System Manager Parameter Store automatically? Option A seems able to do it automatically, right?
upvoted 1 times
...
yuliaqwerty
1 year, 3 months ago
C is the best option
upvoted 2 times
...
rlf
1 year, 6 months ago
Answer is C. https://aws.amazon.com/ko/blogs/compute/tracking-the-latest-server-images-in-amazon-ec2-image-builder-pipelines/
upvoted 2 times
...
habros
1 year, 9 months ago
Selected Answer: C
Use SSM Parameter Store or Secret Manager as the lookup K/V store for all the related AMIs. ANother way is also for security team to constantly update and share the images cross-account and grant them KMS keys to the encrypted AMIs. (not in question)
upvoted 2 times
...
devnv
1 year, 11 months ago
C is correct
upvoted 2 times
...
ParagSanyashiv
1 year, 11 months ago
Selected Answer: C
C make more sense
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago