DOP-C02 Configuration Management and IaC • Complete Question Bank
Complete DOP-C02 Configuration Management and IaC question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. Error log from AWS CloudFormation stack update: "Resource handler returned message: 'User: arn:aws:sts::123456789012:assumed-role/AdminRole/UpdateUser is not authorized to perform: ec2:DescribeSubnets on resource: arn:aws:ec2:us-east-1:123456789012:subnet/subnet-0bb1c79de3EXAMPLE' (Service: Ec2, Status Code: 403, Request ID: ...)"
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Continuous delivery service for release pipelines
Fully managed continuous integration build service
Automates code deployments to any instance
Unified user interface for managing software development activities
Fully managed source control service hosting Git repositories
Drag a concept onto its matching description — or click a concept then click the description.
Checks that resources have specified tags
Ensures EBS volumes are encrypted
Prevents public read access on S3 buckets
Verifies CloudTrail is enabled
Checks for IAM policies granting full admin access
Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": [
"ec2:RunInstances"
],
"Resource": "arn:aws:ec2:*:*:instance/*",
"Condition": {
"StringNotEquals": {
"ec2:InstanceType": [
"t2.micro",
"t2.small",
"t2.medium"
]
}
}
},
{
"Effect": "Allow",
"Action": [
"ec2:RunInstances"
],
"Resource": "*"
}
]
}Refer to the exhibit.
{
"Resources": {
"MyInstance": {
"Type": "AWS::EC2::Instance",
"Properties": {
"ImageId": "ami-0abcdef1234567890",
"InstanceType": "t2.micro",
"Tags": [
{
"Key": "Name",
"Value": "MyServer"
}
]
},
"DependsOn": "MySecurityGroup"
},
"MySecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Security group for MyServer",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": 80,
"ToPort": 80,
"CidrIp": "0.0.0.0/0"
}
]
}
}
}
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": "ec2:*",
"Resource": "*",
"Condition": {
"StringNotEquals": {
"aws:RequestedRegion": ["us-east-1", "eu-west-1"]
}
}
}
]
}Refer to the exhibit.
AWSTemplateFormatVersion: '2010-09-09'
Resources:
MyBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: my-unique-bucket-123
VersioningConfiguration:
Status: Enabled
MyBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref MyBucket
PolicyDocument:
Statement:
- Effect: Allow
Action: s3:GetObject
Resource: !Sub "${MyBucket.Arn}/*"
Principal: "*"Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:StartInstances",
"ec2:StopInstances"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ssm:GetParameter",
"ssm:GetParameters"
],
"Resource": "arn:aws:ssm:us-east-1:123456789012:parameter/MyApp/DBPassword"
}
]
}Refer to the exhibit.
Resources:
MyBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: my-unique-bucket-12345
VersioningConfiguration:
Status: Enabled
MyBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref MyBucket
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal: "*"
Action: s3:GetObject
Resource: !Sub "${MyBucket.Arn}/*"Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:Describe*",
"ec2:StartInstances",
"ec2:StopInstances"
],
"Resource": "*"
},
{
"Effect": "Deny",
"Action": "ec2:TerminateInstances",
"Resource": "arn:aws:ec2:us-east-1:123456789012:instance/*"
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ssm:GetParameter"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:RunInstances"
],
"Resource": "arn:aws:ec2:us-east-1:123456789012:instance/*",
"Condition": {
"StringEquals": {
"ec2:InstanceType": "t2.micro"
}
}
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-bucket/*"
},
{
"Effect": "Allow",
"Action": "cloudformation:CreateStack",
"Resource": "arn:aws:cloudformation:us-east-1:123456789012:stack/*"
}
]
}Refer to the exhibit.
{
"Resources": {
"MyBucket": {
"Type": "AWS::S3::Bucket",
"Properties": {
"BucketName": "my-unique-bucket-name",
"VersioningConfiguration": {
"Status": "Enabled"
}
}
},
"MyBucketPolicy": {
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": {"Ref": "MyBucket"},
"PolicyDocument": {
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-unique-bucket-name/*"
}
]
}
}
}
}
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:StartInstances",
"ec2:StopInstances"
],
"Resource": "*"
}
]
}Refer to the exhibit.
AWS CloudFormation template snippet:
Resources:
MyBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub "${AWS::StackName}-data-${AWS::AccountId}"
VersioningConfiguration:
Status: Enabled
LifecycleConfiguration:
Rules:
- Id: ExpireOldVersions
Status: Enabled
NoncurrentVersionExpirationInDays: 30
MyBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref MyBucket
PolicyDocument:
Statement:
- Effect: Allow
Action: s3:GetObject
Principal: "*"
Resource: !Sub "${MyBucket.Arn}/*"
Condition:
StringEquals:
s3:x-amz-server-side-encryption: "AES256"A CloudFormation template includes the following resource:
MySecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: My security group SecurityGroupIngress: - IpProtocol: tcp FromPort: 443 ToPort: 443 CidrIp: 0.0.0.0/0
MyInstance: Type: AWS::EC2::Instance Properties: ImageId: ami-0abcdef1234567890 InstanceType: t2.micro SecurityGroupIds: !Ref MySecurityGroup
The stack creation fails with the error shown. What is the cause?
Refer to the exhibit. Error log from CloudFormation stack creation: "Property validation failure: The value for parameter "SecurityGroupIds" is not a list."
Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "cloudformation.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}Refer to the exhibit.
Resources:
MyBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub "${AWS::StackName}-mybucket-${AWS::Region}"
VersioningConfiguration:
Status: Enabled
DeletionPolicy: Retain{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:StartInstances",
"ec2:StopInstances"
],
"Resource": "*"
},
{
"Effect": "Deny",
"Action": "ec2:TerminateInstances",
"Resource": "arn:aws:ec2:us-east-1:123456789012:instance/*",
"Condition": {
"StringNotEquals": {
"ec2:ResourceTag/Environment": "Production"
}
}
}
]
}