ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 241 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 241
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company has an application that stores data that includes personally identifiable information (PII) in an Amazon S3 bucket. All data is encrypted with AWS Key Management Service (AWS KMS) customer managed keys. All AWS resources are deployed from an AWS CloudFormation template.

A DevOps engineer needs to set up a development environment for the application in a different AWS account. The data in the development environment's S3 bucket needs to be updated once a week from the production environment's S3 bucket.

The company must not move PII from the production environment without anonymizing the PII first. The data in each environment must be encrypted with different KMS customer managed keys.

Which combination of steps should the DevOps engineer take to meet these requirements? (Choose two.)

  • A. Activate Amazon Macie on the S3 bucket in the production account. Create an AWS Step Functions state machine to initiate a discovery job and redact all PII before copying files to the S3 bucket in the development account. Give the state machine tasks decrypt permissions on the KMS key in the production account. Give the state machine tasks encrypt permissions on the KMS key in the development account.
  • B. Set up S3 replication between the production S3 bucket and the development S3 bucket. Activate Amazon Macie on the development S3 bucket. Create an AWS Step Functions state machine to initiate a discovery job and redact all PII as the files are copied to the development S3 bucket. Give the state machine tasks encrypt and decrypt permissions on the KMS key in the development account.
  • C. Set up an S3 Batch Operations job to copy files from the production S3 bucket to the development S3 bucket. In the development account, configure an AWS Lambda function to redact ail PII. Configure S3 Object Lambda to use the Lambda function for S3 GET requests. Give the Lambda function's IAM role encrypt and decrypt permissions on the KMS key in the development account.
  • D. Create a development environment from the CloudFormation template in the development account. Schedule an Amazon EventBridge rule to start the AWS Step Functions state machine once a week.
  • E. Create a development environment from the CloudFormation template in the development account. Schedule a cron job on an Amazon EC2 instance to run once a week to start the S3 Batch Operations job.
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
by xdkonorek2 at July 5, 2024, 6:43 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
jamesf
9 months, 1 week ago
Selected Answer: AD
Option A addresses the need to anonymize PII before moving data to the development environment. By using Amazon Macie, you can identify PII in the production S3 bucket. AWS Step Functions can orchestrate a workflow to redact this PII before transferring the data. This ensures compliance with data protection requirements. You need to provide the necessary KMS key permissions for decrypting and encrypting data as it moves between accounts. Option D ensures that the data update process is automated and scheduled. Using Amazon EventBridge to trigger the AWS Step Functions state machine on a weekly basis automates the data transfer and anonymization process.
upvoted 4 times
...
tgv
9 months, 2 weeks ago
Selected Answer: AD
---> A D
upvoted 3 times
...
trungtd
9 months, 3 weeks ago
Selected Answer: AD
A. Anonymizing PII in the Production Account D. Automating the Weekly Data Transfer B suggests replicating the data before redacting PII, which violates the requirement C does not ensure that the PII is redacted before the data is stored in the development environment E introduces additional infrastructure management and costs
upvoted 3 times
...
getadroit
10 months ago
redact should be done before
upvoted 1 times
...
getadroit
10 months ago
A & D https://aws.amazon.com/blogs/security/how-to-use-amazon-macie-to-preview-sensitive-data-in-s3-buckets/
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago