Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 4 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 4
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company requires its developers to tag all Amazon Elastic Block Store (Amazon EBS) volumes in an account to indicate a desired backup frequency. This requirement Includes EBS volumes that do not require backups. The company uses custom tags named Backup_Frequency that have values of none, dally, or weekly that correspond to the desired backup frequency. An audit finds that developers are occasionally not tagging the EBS volumes.
A DevOps engineer needs to ensure that all EBS volumes always have the Backup_Frequency tag so that the company can perform backups at least weekly unless a different value is specified.
Which solution will meet these requirements?

  • A. Set up AWS Config in the account. Create a custom rule that returns a compliance failure for all Amazon EC2 resources that do not have a Backup Frequency tag applied. Configure a remediation action that uses a custom AWS Systems Manager Automation runbook to apply the Backup_Frequency tag with a value of weekly.
  • B. Set up AWS Config in the account. Use a managed rule that returns a compliance failure for EC2::Volume resources that do not have a Backup Frequency tag applied. Configure a remediation action that uses a custom AWS Systems Manager Automation runbook to apply the Backup_Frequency tag with a value of weekly.
  • C. Turn on AWS CloudTrail in the account. Create an Amazon EventBridge rule that reacts to EBS CreateVolume events. Configure a custom AWS Systems Manager Automation runbook to apply the Backup_Frequency tag with a value of weekly. Specify the runbook as the target of the rule.
  • D. Turn on AWS CloudTrail in the account. Create an Amazon EventBridge rule that reacts to EBS CreateVolume events or EBS ModifyVolume events. Configure a custom AWS Systems Manager Automation runbook to apply the Backup_Frequency tag with a value of weekly. Specify the runbook as the target of the rule.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Dimidrol at April 5, 2023, 9:45 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
www_dumpsvibe_com_7
Highly Voted 1 week, 5 days ago
The correct answer is B.
upvoted 10 times
...
CristianoRosa
Most Recent 2 weeks, 6 days ago
Selected Answer: B
A: It works, but it uses a custom rule. B: It is simpler than option A as it uses a managed rule which already exists. C: It only applies to new volumes and does not address existing resources. D: It is better than C but still does not fully meet the requirement to check all EBS volumes and enforce compliance. Best Answer is B.
upvoted 1 times
...
ajeeshb
2 months, 2 weeks ago
Selected Answer: B
Option B --> AWS config managed rule on EC2::Volume resource + custom SSM automation document Not Option A --> because it says custom config rule on all EC2::Instance + Managed SSM automation document Not options C & D --> As it says cloudtrail which is for logging API actions
upvoted 2 times
ajeeshb
2 months, 2 weeks ago
sorry, a typo.. Option A also says custom SSM automation document, but it is wrong where it says custom config rule on all Ec2::Instance
upvoted 1 times
...
...
c3518fc
4 months, 1 week ago
Selected Answer: B
By leveraging the AWS Config managed rule and automated remediation action, the DevOps engineer can ensure that all EBS volumes in the account always have the required Backup_Frequency tag, enabling the company to perform backups at least weekly unless a different value is explicitly specified. This solution provides continuous monitoring and automated remediation, reducing the risk of human error and ensuring compliance with the company's backup policy.
upvoted 1 times
...
Diego1414
7 months, 1 week ago
Answer is A. Checks if your resources have the tags that you specify. For example, you can check whether your Amazon EC2 instances have the CostCenter tag, while also checking if all your RDS instance have one set of Keys tag. Separate multiple values with commas. You can check up to 6 tags at a time. The AWS-managed AWS Systems Manager automation document AWS-SetRequiredTags does not work as a remediation with this rule. You will need to create your own custom Systems Manager automation documentation for remediation https://docs.aws.amazon.com/config/latest/developerguide/required-tags.html
upvoted 1 times
Hizumi
7 months ago
We don't need to create a custom AWS Config rule, we can utilize the managed rule to detect for non-compliance on the EBS volumes. Otherwise the options indicate to use a custom runbook for AWS Systems Manager to remediate the missing tags.
upvoted 1 times
...
...
thanhnv142
7 months, 1 week ago
B is correct: We should use AWS config for this task C and D: cloud trail is for auditing account activities, which is irrelevant A: <returns a compliance failure for all Amazon EC2 resources> : we need to remediate EC2 volumes only, not all EC2 resources
upvoted 4 times
...
Sisanda_giiven
7 months, 3 weeks ago
A is the correct answer "The AWS-managed AWS Systems Manager automation document AWS-SetRequiredTags does not work as a remediation with this rule. You will need to create your own custom Systems Manager automation documentation for remediation." from this link : https://docs.aws.amazon.com/config/latest/developerguide/required-tags.html
upvoted 1 times
...
zijo
9 months, 3 weeks ago
B is the best choice. If you look at Config Managed Rules you can find - ebs-in-backup-plan - Check if Amazon Elastic Block Store (Amazon EBS) volumes are added in backup plans of AWS Backup. The rule is NON_COMPLIANT if Amazon EBS volumes are not included in backup plans.
upvoted 3 times
...
bhond
1 year, 1 month ago
i got this question in the exam
upvoted 3 times
...
SanChan
1 year, 3 months ago
Selected Answer: B
B is the most straightforward and efficient solution to ensure that all EBS volumes always have the Backup_Frequency tag applied with the least amount of effort. A This approach requires more effort than using a managed rule provided by AWS.
upvoted 3 times
Aja1
1 year, 1 month ago
https://docs.aws.amazon.com/config/latest/developerguide/required-tags.html
upvoted 4 times
...
...
madperro
1 year, 3 months ago
Selected Answer: B
B makes sense, you can use managed rule "required-tags" to identify non-compliant volumes and custom SSM document to fix it.
upvoted 1 times
...
lunt
1 year, 4 months ago
Selected Answer: B
Only takes few minutes to login > Config > Managed rulename = BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK A = tags everything in EC2, thats EC2::* which includes ELB/EIP/etc. Nope. Option B you can specify the tags to match & expected values = answer.
upvoted 2 times
...
vherman
1 year, 4 months ago
Selected Answer: B
B makes sense
upvoted 1 times
...
alce2020
1 year, 5 months ago
B. Set up AWS Config in the account. Use a managed rule that returns a compliance failure for EC2::Volume resources that do not have a Backup Frequency tag applied. Configure a remediation action that uses a custom AWS Systems Manager Automation runbook to apply the Backup_Frequency tag with a value of weekly.
upvoted 1 times
...
ele
1 year, 5 months ago
Selected Answer: B
Answer B: Config has a managed rule for type AWS EC2 Volume for tag compliance check.
upvoted 1 times
...
Dimidrol
1 year, 5 months ago
Selected Answer: B
B for me. https://aws.amazon.com/ru/blogs/mt/build-an-aws-config-custom-rule-to-optimize-amazon-ebs-volume-types/
upvoted 2 times
Dimidrol
1 year, 5 months ago
Sorry A is the answer. This is custom rule
upvoted 2 times
Dimidrol
1 year, 5 months ago
But very strange that custom rule for all ec2 instances , it should be only ec2 volumes
upvoted 1 times
jqso234
1 year, 5 months ago
Option A creates a custom rule that applies to all EC2 resources, not just volumes, which may create additional overhead. The custom AWS Systems Manager Automation runbook is used to apply the Backup_Frequency tag with a value of weekly, but this approach can result in inconsistent tagging if the developers specify a different desired backup frequency. Therefore, Option A is not the correct answer. Option B is the correct answer because it uses a managed rule specifically for EC2 volumes, which simplifies the configuration effort and ensures that all volumes have the Backup_Frequency tag applied consistently. The custom AWS Systems Manager Automation runbook is used to automatically apply the Backup_Frequency tag with a value of weekly, which reduces the risk of data loss due to missing backups. Your comment that the managed rule should only apply to volumes is correct, and Option B addresses that requirement.
upvoted 4 times
...
...
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel