DOP-C02 Domain 5: Incident and Event Response

Development teams create EC2 instances, but some hosts do not use security-approved AMIs. The DevOps team needs automatic discovery and termination of noncompliant instances. What should they implement?

Multiple choice — select one answer

Answer choices

  1. a. Organization-wide AWS Config conformance pack with public access rules and remediation
  2. b. SCP on an IAM group denying ec2:RunInstances unless the AMI is approved.
  3. c. Runbooks and knowledge base in Incident Manager
  4. d. AWS Config rule detecting noncompliant instances with remediation that terminates them.

Architectural breakdown & explanation

Config continuously evaluates instances; remediation can terminate hosts that violate the AMI rule.

Correct answer(s): d. AWS Config rule detecting noncompliant instances with remediation that terminates them.

Exam domain: Domain 5: Incident and Event Response (14% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the AWS Certified DevOps Engineer – Professional bank. Run a full timed practice exam with domain-weighted random questions in your browser.