ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 4 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 4
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company requires its developers to tag all Amazon Elastic Block Store (Amazon EBS) volumes in an account to indicate a desired backup frequency. This requirement Includes EBS volumes that do not require backups. The company uses custom tags named Backup_Frequency that have values of none, dally, or weekly that correspond to the desired backup frequency. An audit finds that developers are occasionally not tagging the EBS volumes.
A DevOps engineer needs to ensure that all EBS volumes always have the Backup_Frequency tag so that the company can perform backups at least weekly unless a different value is specified.
Which solution will meet these requirements?

  • A. Set up AWS Config in the account. Create a custom rule that returns a compliance failure for all Amazon EC2 resources that do not have a Backup Frequency tag applied. Configure a remediation action that uses a custom AWS Systems Manager Automation runbook to apply the Backup_Frequency tag with a value of weekly.
  • B. Set up AWS Config in the account. Use a managed rule that returns a compliance failure for EC2::Volume resources that do not have a Backup Frequency tag applied. Configure a remediation action that uses a custom AWS Systems Manager Automation runbook to apply the Backup_Frequency tag with a value of weekly.
  • C. Turn on AWS CloudTrail in the account. Create an Amazon EventBridge rule that reacts to EBS CreateVolume events. Configure a custom AWS Systems Manager Automation runbook to apply the Backup_Frequency tag with a value of weekly. Specify the runbook as the target of the rule.
  • D. Turn on AWS CloudTrail in the account. Create an Amazon EventBridge rule that reacts to EBS CreateVolume events or EBS ModifyVolume events. Configure a custom AWS Systems Manager Automation runbook to apply the Backup_Frequency tag with a value of weekly. Specify the runbook as the target of the rule.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Dimidrol at April 5, 2023, 9:45 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
bb4f13b
3 months, 3 weeks ago
Selected Answer: D
Option D: Real-Time Enforcement: Ensures tagging compliance as soon as a volume is created or modified. Comprehensive Coverage: Captures both CreateVolume and ModifyVolume events. Minimal Overhead: Automates tagging without requiring manual audits or remediation actions
upvoted 1 times
dark4igi
1 month, 3 weeks ago
what will happen if dev decide to change tag to dally? AWS Systems Manager Automation runbook to apply the Backup_Frequency tag with a value of weekly
upvoted 1 times
...
...
lunt
7 months ago
Selected Answer: B
Only takes few minutes to login > Config > Managed rulename = BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK A = tags everything in EC2, thats EC2::* which includes ELB/EIP/etc. Nope. Option B you can specify the tags to match & expected values = answer.
upvoted 3 times
...
CristianoRosa
7 months ago
Selected Answer: B
A: It works, but it uses a custom rule. B: It is simpler than option A as it uses a managed rule which already exists. C: It only applies to new volumes and does not address existing resources. D: It is better than C but still does not fully meet the requirement to check all EBS volumes and enforce compliance. Best Answer is B.
upvoted 4 times
...
c3518fc
7 months ago
Selected Answer: B
By leveraging the AWS Config managed rule and automated remediation action, the DevOps engineer can ensure that all EBS volumes in the account always have the required Backup_Frequency tag, enabling the company to perform backups at least weekly unless a different value is explicitly specified. This solution provides continuous monitoring and automated remediation, reducing the risk of human error and ensuring compliance with the company's backup policy.
upvoted 1 times
...
ajeeshb
7 months ago
Selected Answer: B
Option B --> AWS config managed rule on EC2::Volume resource + custom SSM automation document Not Option A --> because it says custom config rule on all EC2::Instance + Managed SSM automation document Not options C & D --> As it says cloudtrail which is for logging API actions
upvoted 2 times
ajeeshb
9 months, 4 weeks ago
sorry, a typo.. Option A also says custom SSM automation document, but it is wrong where it says custom config rule on all Ec2::Instance
upvoted 1 times
...
...
Diego1414
1 year, 2 months ago
Answer is A. Checks if your resources have the tags that you specify. For example, you can check whether your Amazon EC2 instances have the CostCenter tag, while also checking if all your RDS instance have one set of Keys tag. Separate multiple values with commas. You can check up to 6 tags at a time. The AWS-managed AWS Systems Manager automation document AWS-SetRequiredTags does not work as a remediation with this rule. You will need to create your own custom Systems Manager automation documentation for remediation https://docs.aws.amazon.com/config/latest/developerguide/required-tags.html
upvoted 1 times
Hizumi
1 year, 2 months ago
We don't need to create a custom AWS Config rule, we can utilize the managed rule to detect for non-compliance on the EBS volumes. Otherwise the options indicate to use a custom runbook for AWS Systems Manager to remediate the missing tags.
upvoted 1 times
...
...
thanhnv142
1 year, 2 months ago
B is correct: We should use AWS config for this task C and D: cloud trail is for auditing account activities, which is irrelevant A: <returns a compliance failure for all Amazon EC2 resources> : we need to remediate EC2 volumes only, not all EC2 resources
upvoted 4 times
...
Sisanda_giiven
1 year, 3 months ago
A is the correct answer "The AWS-managed AWS Systems Manager automation document AWS-SetRequiredTags does not work as a remediation with this rule. You will need to create your own custom Systems Manager automation documentation for remediation." from this link : https://docs.aws.amazon.com/config/latest/developerguide/required-tags.html
upvoted 1 times
...
zijo
1 year, 4 months ago
B is the best choice. If you look at Config Managed Rules you can find - ebs-in-backup-plan - Check if Amazon Elastic Block Store (Amazon EBS) volumes are added in backup plans of AWS Backup. The rule is NON_COMPLIANT if Amazon EBS volumes are not included in backup plans.
upvoted 3 times
...
SanChan
1 year, 10 months ago
Selected Answer: B
B is the most straightforward and efficient solution to ensure that all EBS volumes always have the Backup_Frequency tag applied with the least amount of effort. A This approach requires more effort than using a managed rule provided by AWS.
upvoted 3 times
Aja1
1 year, 8 months ago
https://docs.aws.amazon.com/config/latest/developerguide/required-tags.html
upvoted 4 times
...
...
madperro
1 year, 10 months ago
Selected Answer: B
B makes sense, you can use managed rule "required-tags" to identify non-compliant volumes and custom SSM document to fix it.
upvoted 1 times
...
vherman
1 year, 11 months ago
Selected Answer: B
B makes sense
upvoted 1 times
...
alce2020
2 years ago
B. Set up AWS Config in the account. Use a managed rule that returns a compliance failure for EC2::Volume resources that do not have a Backup Frequency tag applied. Configure a remediation action that uses a custom AWS Systems Manager Automation runbook to apply the Backup_Frequency tag with a value of weekly.
upvoted 1 times
...
ele
2 years ago
Selected Answer: B
Answer B: Config has a managed rule for type AWS EC2 Volume for tag compliance check.
upvoted 1 times
...
Dimidrol
2 years ago
Selected Answer: B
B for me. https://aws.amazon.com/ru/blogs/mt/build-an-aws-config-custom-rule-to-optimize-amazon-ebs-volume-types/
upvoted 2 times
Dimidrol
2 years ago
Sorry A is the answer. This is custom rule
upvoted 2 times
Dimidrol
2 years ago
But very strange that custom rule for all ec2 instances , it should be only ec2 volumes
upvoted 1 times
jqso234
2 years ago
Option A creates a custom rule that applies to all EC2 resources, not just volumes, which may create additional overhead. The custom AWS Systems Manager Automation runbook is used to apply the Backup_Frequency tag with a value of weekly, but this approach can result in inconsistent tagging if the developers specify a different desired backup frequency. Therefore, Option A is not the correct answer. Option B is the correct answer because it uses a managed rule specifically for EC2 volumes, which simplifies the configuration effort and ensures that all volumes have the Backup_Frequency tag applied consistently. The custom AWS Systems Manager Automation runbook is used to automatically apply the Backup_Frequency tag with a value of weekly, which reduces the risk of data loss due to missing backups. Your comment that the managed rule should only apply to volumes is correct, and Option B addresses that requirement.
upvoted 4 times
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago