DOP-C02 Amazon Web Services AWS Certified DevOps Engineer

AWS Certified DevOps Engineer - Professional

Last Update 15 hours ago Total Questions : 449

The AWS Certified DevOps Engineer - Professional content is now fully updated, with all current exam questions added 15 hours ago. Deciding to include DOP-C02 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our DOP-C02 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these DOP-C02 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any AWS Certified DevOps Engineer - Professional practice test comfortably within the allotted time.

Question # 101

A security team wants to use AWS CloudTrail to monitor all actions and API calls in multiple accounts that are in the same organization in AWS Organizations. The security team needs to ensure that account users cannot turn off CloudTrail in the accounts.

Which solution will meet this requirement?

Apply an SCP to all OUs to deny the cloudtrail:StopLogging action and the cloudtrail:DeleteTrail action.

Create IAM policies in each account to deny the cloudtrail:StopLogging action and the cloudtrail:DeleteTrail action.

Set up Amazon CloudWatch alarms to notify the security team when a user disables CloudTrail in an account.

Use AWS Config to automatically re-enable CloudTrail if a user disables CloudTrail in an account.

Question # 102

A DevOps engineer is building a solution that uses Amazon Simple Queue Service (Amazon SQS) standard queues. The solution also includes an AWS Lambda function and an Amazon DynamoDB table. The Lambda function pulls content from the SQS queue and writes the content to the DynamoDB table.

The solution must maximize the scalability of the Lambda function and must prevent successfully processed SQS messages from being processed multiple times.

Which solution will meet these requirements?

Set the batch window to 1 second in the Lambda function ' s event source mapping.

Set the batch size to 1 in the Lambda function ' s event source mapping.

Set a value of ReportBatchItemFailures in the FunctionResponseTypes list in the Lambda function ' s event source mapping.

Set the reserved concurrency to 1 in the Lambda function ' s concurrency and recursion detection settings.

Question # 103

A developer is maintaining a fleet of 50 Amazon EC2 Linux servers. The servers are part of an Amazon EC2 Auto Scaling group, and also use Elastic Load Balancing for load balancing.

Occasionally, some application servers are being terminated after failing ELB HTTP health checks. The developer would like to perform a root cause analysis on the issue, but before being able to access application logs, the server is terminated.

How can log collection be automated?

Use Auto Scaling lifecycle hooks to put instances in a Pending:Wait state. Create an Amazon CloudWatch alarm for EC2 Instance Terminate Successful and trigger an AWS Lambda function that invokes an SSM Run Command script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.

Use Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state. Create an AWS Config rule for EC2 Instance-terminate Lifecycle Action and trigger a step function that invokes a script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.

Use Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state. Create an Amazon CloudWatch subscription filter for EC2 Instance Terminate Successful and trigger a CloudWatch agent that invokes a script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.

Use Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state. Create an Amazon EventBridge rule for EC2 Instance-terminate Lifecycle Action and trigger an AWS Lambda function that invokes an SSM Run Command script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.

Question # 104

A company wants to set up a continuous delivery pipeline. The company stores application code in a private GitHub repository. The company needs to deploy the application components to Amazon Elastic Container Service (Amazon ECS). Amazon EC2, and AWS Lambda. The pipeline must support manual approval actions.

Which solution will meet these requirements?

Use AWS CodePipeline with Amazon ECS. Amazon EC2, and Lambda as deploy providers.

Use AWS CodePipeline with AWS CodeDeploy as the deploy provider.

Use AWS CodePipeline with AWS Elastic Beanstalk as the deploy provider.

Use AWS CodeDeploy with GitHub integration to deploy the application.

Question # 105

A DevOps engineer is building a multistage pipeline with AWS CodePipeline to build, verify, stage, test, and deploy an application. A manual approval stage is required between the test stage and the deploy stage. The development team uses a custom chat tool with webhook support that requires near-real-time notifications.

How should the DevOps engineer configure status updates for pipeline activity and approval requests to post to the chat tool?

Create an Amazon CloudWatch Logs subscription that filters on CodePipeline Pipeline Execution State Change. Publish subscription events to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the chat webhook URL to the SNS topic, and complete the subscription validation.

Create an AWS Lambda function that is invoked by AWS CloudTrail events. When a CodePipeline Pipeline Execution State Change event is detected, send the event details to the chat webhook URL.

Create an Amazon EventBridge rule that filters on CodePipeline Pipeline Execution State Change. Publish the events to an Amazon Simple Notification Service (Amazon SNS) topic. Create an AWS Lambda function that sends event details to the chat webhook URL. Subscribe the function to the SNS topic.

Modify the pipeline code to send the event details to the chat webhook URL at the end of each stage. Parameterize the URL so that each pipeline can send to a different URL based on the pipeline environment.

Question # 106

A company uses Amazon RDS for all databases in Its AWS accounts The company uses AWS Control Tower to build a landing zone that has an audit and logging account All databases must be encrypted at rest for compliance reasons. The company ' s security engineer needs to receive notification about any noncompliant databases that are in the company ' s accounts

Which solution will meet these requirements with the MOST operational efficiency?

Use AWS Control Tower to activate the optional detective control (guardrail) to determine whether the RDS storage is encrypted Create an Amazon Simple Notification Service (Amazon SNS) topic in the company ' s audit account. Create an Amazon EventBridge rule to filter noncompliant events from the AWS Control Tower control (guardrail) to notify the SNS topic. Subscribe the security engineer ' s email address to the SNS topic

Use AWS Cloud Formation StackSets to deploy AWS Lambda functions to every account. Write the Lambda function code to determine whether the RDS storage is encrypted in the account the function is deployed to Send the findings as an Amazon CloudWatch metric to the management account Create an Amazon Simple Notification Service (Amazon SNS) topic. Create a CloudWatch alarm that notifies the SNS topic when metric thresholds are met. Subscribe t

Create a custom AWS Config rule in every account to determine whether the RDS storage is encrypted Create an Amazon Simple Notification Service (Amazon SNS) topic in the audit account Create an Amazon EventBridge rule to filter noncompliant events from the AWS Control Tower control (guardrail) to notify the SNS topic. Subscribe the security engineer ' s email address to the SNS topic

Launch an Amazon EC2 instance. Run an hourly cron job by using the AWS CLI to determine whether the RDS storage is encrypted in each AWS account Store the results in an RDS database. Notify the security engineer by sending email messages from the EC2 instance when noncompliance is detected

Question # 107

A company has deployed a new REST API by using Amazon API Gateway. The company uses the API to access confidential data. The API must be accessed from only specific VPCs in the company. Which solution will meet these requirements?

Create and attach a resource policy to the API Gateway API. Configure the resource policy to allow only the specific VPC IDs.

Add a security group to the API Gateway API. Configure the inbound rules to allow only the specific VPC IP address ranges.

Create and attach an IAM role to the API Gateway API. Configure the IAM role to allow only the specific VPC IDs.

Add an ACL to the API Gateway API. Configure the outbound rules to allow only the specific VPC IP address ranges.

Question # 108

A software engineering team is using AWS CodeDeploy to deploy a new version of an application. The team wants to ensure that if any issues arise during the deployment, the process can automatically roll back to the previous version.

During the deployment process, a health check confirms the application ' s stability. If the health check fails, the deployment must revert automatically.

Which solution will meet these requirements?

Implement lifecycle event hooks in the deployment configuration.

Use AWS CloudFormation to monitor the health of the deployment.

Set up alarms in Amazon CloudWatch to start a rollback.

Configure automatic rollback settings in AWS CodeDeploy.

Question # 109

A company uses Amazon Elastic Kubernetes Services (Amazon EKS) to host containerized applications that are available in Amazon Elastic Container Registry (Amazon ECR).

The company currently launches EKS clusters in the company ' s development environment by using the AWS CLI aws eks create-cluster command. The company uses the aws eks create-addon command to install required add-ons. All installed add-ons are currently version compatible with the version of Kubernetes that the company uses. All clusters exclusively use managed node groups for compute capacity.

Some of the EKS clusters require a version upgrade. A DevOps engineer must ensure that upgrades continuously occur within the AWS standard support schedule.

Which solution will meet this requirement with the LEAST operational overhead?

Run the aws eks update-cluster-version command, providing appropriate arguments such as cluster name and version number.

Enable EKS Auto Mode on all EKS clusters. Remove all existing managed node groups.

Run the eksctl command to upgrade the EKS clusters. Provide appropriate arguments such as cluster name and version number.

Refactor the environment to create EKS clusters by using infrastructure as code (IaC). Upgrade the clusters by using code changes.

Question # 110

A company is using AWS CodeDeploy to automate software deployment. The deployment must meet these requirements:

• A number of instances must be available to serve traffic during the deployment Traffic must be balanced across those instances, and the instances must automatically heal in the event of failure.

• A new fleet of instances must be launched for deploying a new revision automatically, with no manual provisioning.

• Traffic must be rerouted to the new environment to half of the new instances at a time. The deployment should succeed if traffic is rerouted to at least half of the instances; otherwise, it should fail.

• Before routing traffic to the new fleet of instances, the temporary files generated during the deployment process must be deleted.

• At the end of a successful deployment, the original instances in the deployment group must be deleted immediately to reduce costs.

How can a DevOps engineer meet these requirements?

Use an Application Load Balancer and an in-place deployment. Associate the Auto Scaling group with the deployment group. Use the Automatically copy Auto Scaling group option. and use CodeDeployDefault.OneAtAtime as the deployment configuration. Instruct AWS CodeDeploy to terminate the original instances in the deployment group, and use the AllowTraffic hook within appspec.yml to delete the temporary files.

Use an Application Load Balancer and a blue/green deployment. Associate the Auto Scaling group and Application Load Balancer target group with the deployment group. Use the Automatically copy Auto Scaling group option, create a custom deployment configuration with minimum healthy hosts defined as 50%. and assign the configuration to the deployment group. Instruct AWS CodeDeploy to terminate the original instances in the deployment group, an

Use an Application Load Balancer and a blue/green deployment. Associate the Auto Scaling group and the Application Load Balancer target group with the deployment group. Use the Automatically copy Auto scaling group option, and use CodeDeployDefault.HalfAtAtime as the deployment configuration. Instruct AWSCodeDeploy to terminate the original instances in the deployment group, and use the BeforeAlIowTraffic hook within appspec.yml to delete t

Use an Application Load Balancer and an in-place deployment. Associate the Auto Scaling group and Application Load Balancer target group with the deployment group. Use the Automatically copy Auto Scaling group option, and use CodeDeployDefaulLAIIatOnce as a deployment configuration. Instruct AWS CodeDeploy to terminate the original instances in the deployment group, and use the BlockTraffic hook within appspec.yml to delete the temporary fi

Answer:

Explanation:

Step 1: Use a Blue/Green Deployment StrategyA blue/green deployment strategy is necessary to meet the requirement of launching a new fleet of instances for each deployment and ensuring availability. In a blue/green deployment, the new version (green environment) is deployed to a separate set of instances, while the old version (blue environment) remains active. After testing the new version, traffic can be gradually shifted.

Action: Use AWS CodeDeploy ' s blue/green deployment configuration.

Why: Blue/green deployment minimizes downtime and ensures that traffic is shifted only to healthy instances.

[Reference: AWS documentation on Blue/Green Deployment., Step 2: Use an Application Load Balancer and Auto Scaling GroupThe Application Load Balancer (ALB) is essential to balance traffic across multiple instances, and Auto Scaling ensures the deployment scales automatically to meet demand., Action: Associate the Auto Scaling group and Application Load Balancer target group with the deployment group., Why: This configuration ensures that traffic is evenly distributed and that instances automatically scale based on traffic load., Reference: AWS documentation on Deploying with Auto Scaling and Load Balancing., Step 3: Use Custom Deployment ConfigurationThe company requires that traffic be rerouted to at least half of the instances to succeed. AWS CodeDeploy allows you to configure custom deployment settings with specific thresholds for healthy hosts., Action: Create a custom deployment configuration where 50% of the instances must be healthy., Why: This ensures that the deployment continues only if at least 50% of the new instances are healthy., Reference: AWS documentation on Deployment Configurations., Step 4: Clean Temporary Files Using HooksBefore routing traffic to the new environment, the temporary files generated during the deployment must be deleted. This can be achieved using the BeforeAllowTraffic hook in the appspec.yml file., Action: Use the BeforeAllowTraffic lifecycle event hook to clean up temporary files before routing traffic to the new environment., Why: This ensures that the environment is clean before the new instances start serving traffic., Reference: AWS documentation on AppSpec File Hooks., Step 5: Terminate Original Instances After DeploymentAfter a successful deployment, AWS CodeDeploy can automatically terminate the original instances (blue environment) to save costs., Action: Instruct AWS CodeDeploy to terminate the original instances after the new instances are healthy., Why: This helps in cost reduction by removing unused instances after the deployment., Reference: AWS documentation on Terminate Old Instances., This corresponds to Option C: Use an Application Load Balancer and a blue/green deployment. Associate the Auto Scaling group and the Application Load Balancer target group with the deployment group. Use the Automatically copy Auto Scaling group option, and use CodeDeployDefault.HalfAtATime as the deployment configuration. Instruct AWS CodeDeploy to terminate the original instances in the deployment group, and use the BeforeAllowTraffic hook within appspec.yml to delete the temporary files., , ]

Go to page: