DOP-C02 Exam QuestionsBrowse all questions from this exam
Go to Exam

DOP-C02 Exam - Question 4

A company requires its developers to tag all Amazon Elastic Block Store (Amazon EBS) volumes in an account to indicate a desired backup frequency. This requirement Includes EBS volumes that do not require backups. The company uses custom tags named Backup_Frequency that have values of none, dally, or weekly that correspond to the desired backup frequency. An audit finds that developers are occasionally not tagging the EBS volumes.

A DevOps engineer needs to ensure that all EBS volumes always have the Backup_Frequency tag so that the company can perform backups at least weekly unless a different value is specified.

Which solution will meet these requirements?

Show Answer
Correct Answer: D

To ensure that all EBS volumes always have the Backup_Frequency tag, the best solution is to use AWS CloudTrail in combination with Amazon EventBridge to react to specific EBS volume events. The solution should be able to handle both the creation and modification of EBS volumes to apply the Backup_Frequency tag correctly. This can be achieved by creating an EventBridge rule that reacts to EBS CreateVolume events or EBS ModifyVolume events. Then, a custom AWS Systems Manager Automation runbook can be configured to apply the Backup_Frequency tag with a value of weekly and specified as the target of the rule. This approach ensures that the tag is applied immediately upon the creation or modification of any EBS volume, meeting the requirement for continuous tagging compliance.

Discussion

14 comments
Sign in to comment
thanhnv142
Feb 9, 2024

B is correct: We should use AWS config for this task C and D: cloud trail is for auditing account activities, which is irrelevant A: <returns a compliance failure for all Amazon EC2 resources> : we need to remediate EC2 volumes only, not all EC2 resources

SanChanOption: B
Jun 12, 2023

B is the most straightforward and efficient solution to ensure that all EBS volumes always have the Backup_Frequency tag applied with the least amount of effort. A This approach requires more effort than using a managed rule provided by AWS.

Aja1
Aug 6, 2023

https://docs.aws.amazon.com/config/latest/developerguide/required-tags.html

bhond
Aug 1, 2023

i got this question in the exam

zijo
Nov 28, 2023

B is the best choice. If you look at Config Managed Rules you can find - ebs-in-backup-plan - Check if Amazon Elastic Block Store (Amazon EBS) volumes are added in backup plans of AWS Backup. The rule is NON_COMPLIANT if Amazon EBS volumes are not included in backup plans.

DimidrolOption: B
Apr 5, 2023

B for me. https://aws.amazon.com/ru/blogs/mt/build-an-aws-config-custom-rule-to-optimize-amazon-ebs-volume-types/

Dimidrol
Apr 5, 2023

Sorry A is the answer. This is custom rule

Dimidrol
Apr 5, 2023

But very strange that custom rule for all ec2 instances , it should be only ec2 volumes

jqso234
Apr 15, 2023

Option A creates a custom rule that applies to all EC2 resources, not just volumes, which may create additional overhead. The custom AWS Systems Manager Automation runbook is used to apply the Backup_Frequency tag with a value of weekly, but this approach can result in inconsistent tagging if the developers specify a different desired backup frequency. Therefore, Option A is not the correct answer. Option B is the correct answer because it uses a managed rule specifically for EC2 volumes, which simplifies the configuration effort and ensures that all volumes have the Backup_Frequency tag applied consistently. The custom AWS Systems Manager Automation runbook is used to automatically apply the Backup_Frequency tag with a value of weekly, which reduces the risk of data loss due to missing backups. Your comment that the managed rule should only apply to volumes is correct, and Option B addresses that requirement.

luntOption: B
May 18, 2023

Only takes few minutes to login > Config > Managed rulename = BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK A = tags everything in EC2, thats EC2::* which includes ELB/EIP/etc. Nope. Option B you can specify the tags to match & expected values = answer.

eleOption: B
Apr 7, 2023

Answer B: Config has a managed rule for type AWS EC2 Volume for tag compliance check.

alce2020
Apr 14, 2023

B. Set up AWS Config in the account. Use a managed rule that returns a compliance failure for EC2::Volume resources that do not have a Backup Frequency tag applied. Configure a remediation action that uses a custom AWS Systems Manager Automation runbook to apply the Backup_Frequency tag with a value of weekly.

vhermanOption: B
May 3, 2023

B makes sense

madperroOption: B
Jun 8, 2023

B makes sense, you can use managed rule "required-tags" to identify non-compliant volumes and custom SSM document to fix it.

Sisanda_giiven
Jan 25, 2024

A is the correct answer "The AWS-managed AWS Systems Manager automation document AWS-SetRequiredTags does not work as a remediation with this rule. You will need to create your own custom Systems Manager automation documentation for remediation." from this link : https://docs.aws.amazon.com/config/latest/developerguide/required-tags.html

Diego1414
Feb 13, 2024

Answer is A. Checks if your resources have the tags that you specify. For example, you can check whether your Amazon EC2 instances have the CostCenter tag, while also checking if all your RDS instance have one set of Keys tag. Separate multiple values with commas. You can check up to 6 tags at a time. The AWS-managed AWS Systems Manager automation document AWS-SetRequiredTags does not work as a remediation with this rule. You will need to create your own custom Systems Manager automation documentation for remediation https://docs.aws.amazon.com/config/latest/developerguide/required-tags.html

Hizumi
Feb 18, 2024

We don't need to create a custom AWS Config rule, we can utilize the managed rule to detect for non-compliance on the EBS volumes. Otherwise the options indicate to use a custom runbook for AWS Systems Manager to remediate the missing tags.

c3518fcOption: B
May 9, 2024

By leveraging the AWS Config managed rule and automated remediation action, the DevOps engineer can ensure that all EBS volumes in the account always have the required Backup_Frequency tag, enabling the company to perform backups at least weekly unless a different value is explicitly specified. This solution provides continuous monitoring and automated remediation, reducing the risk of human error and ensuring compliance with the company's backup policy.

ajeeshbOption: B
Jun 30, 2024

Option B --> AWS config managed rule on EC2::Volume resource + custom SSM automation document Not Option A --> because it says custom config rule on all EC2::Instance + Managed SSM automation document Not options C & D --> As it says cloudtrail which is for logging API actions

ajeeshb
Jun 30, 2024

sorry, a typo.. Option A also says custom SSM automation document, but it is wrong where it says custom config rule on all Ec2::Instance