Pre-Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70track

Free Amazon Web Services DOP-C02 Practice Exam with Questions & Answers | Set: 5

Questions 41

A DevOps engineer is creating an AWS CloudFormation template to deploy a web service. The web service will run on Amazon EC2 instances in a private subnet behind an Application Load Balancer (ALB). The DevOps engineer must ensure that the service can accept requests from clients that have IPv6 addresses.

What should the DevOps engineer do with the CloudFormation template so that IPv6 clients can access the web service?

Options:
A.

Add an IPv6 CIDR block to the VPC and the private subnet for the EC2 instances. Create route table entries for the IPv6 network, use EC2 instance types that support IPv6, and assign IPv6 addresses to each EC2 instance.

B.

Assign each EC2 instance an IPv6 Elastic IP address. Create a target group, and add the EC2 instances as targets. Create a listener on port 443 of the ALB, and associate the target group with the ALB.

C.

Replace the ALB with a Network Load Balancer (NLB). Add an IPv6 CIDR block to the VPC and subnets for the NLB, and assign the NLB an IPv6 Elastic IP address.

D.

Add an IPv6 CIDR block to the VPC and subnets for the ALB. Create a listener on port 443. and specify the dualstack IP address type on the ALB. Create a target group, and add the EC2 instances as targets. Associate the target group with the ALB.

Amazon Web Services DOP-C02 Premium Access
Questions 42

A company builds an application that uses an Application Load Balancer in front of Amazon EC2 instances that are in an Auto Scaling group. The

application is stateless. The Auto Scaling group uses a custom AMI that is fully prebuilt. The EC2 instances do not have a custom bootstrapping process.

The AMI that the Auto Scaling group uses was recently deleted. The Auto Scaling group ' s scaling activities show failures because the AMI ID does not exist.

Which combination of steps should a DevOps engineer take to meet these requirements? (Select THREE.)

Options:
A.

Create a new launch template that uses the new AMI.

B.

Update the Auto Scaling group to use the new launch template.

C.

Reduce the Auto Scaling group ' s desired capacity to O.

D.

Increase the Auto Scaling group ' s desired capacity by I.

E.

Create a new AMI from a running EC2 instance in the Auto Scaling group.

F.

Create a new AMI by copying the most recent public AMI of the operating system that the EC2 instances use.

Questions 43

A DevOps administrator is configuring a repository to store a company ' s container images. The administrator needs to configure a lifecycle rule that automatically deletes container images that have a specific tag and that are older than 15 days. Which solution will meet these requirements with the MOST operational efficiency?

Options:
A.

Create a repository in Amazon Elastic Container Registry (Amazon ECR). Add a lifecycle policy to the repository to expire images that have the matching tag after 15 days.

B.

Create a repository in AWS CodeArtifact. Add a repository policy to the CodeArtifact repository to expire old assets that have the matching tag after 15 days.

C.

Create a bucket in Amazon S3. Add a bucket lifecycle policy to expire old objects that have the matching tag after 15 days.

D.

Create an EC2 Image Builder container recipe. Add a build component to expire the container that has the matching tag after 15 days.

Questions 44

A company uses a pipeline in AWS CodePipeline to deploy an application. The company created an AWS Fault Injection Service (AWS FIS) experiment template to test the resiliency of the application. A DevOps engineer needs to integrate the experiment into the pipeline.

Which solution will meet this requirement?

Options:
A.

Configure a new stage in the pipeline that includes an AWS FIS action. Configure the action to reference the AWS FIS experiment template. Grant the pipeline access to start the experiment.

B.

Create an Amazon EventBridge scheduler. Grant the scheduler permission to start the AWS FIS experiment. Configure a new stage in the pipeline that includes an action to invoke the EventBridge scheduler.

C.

Create an AWS Lambda function to start the AWS FIS experiment. Grant the Lambda function permission to start the experiment. Create a new stage in the pipeline that has a Lambda action. Set the action to invoke the Lambda function.

D.

Export the AWS FIS experiment template to an Amazon S3 bucket. Create an AWS CodeBuild unit test project that has a buildspec that starts the AWS FIS experiment. Grant the CodeBuild project access to start the experiment. Configure a new stage in the pipeline that includes an action to run the CodeBuild unit test project.

Questions 45

A company is using AWS Organizations and wants to implement a governance strategy with the following requirements:

    AWS resource access is restricted to the same two Regions for all accounts.

    AWS services are limited to a specific group of authorized services for all accounts.

    Authentication is provided by Active Directory .

    Access permissions are organized by job function and are identical in each account.

Which solution will meet these requirements?

Options:
A.

Establish an organizational unit (OU) with group policies in the management account to restrict Regions and authorized services. Use AWS CloudFormation StackSets to provision roles with permissions for each job function, including an IAM trust policy for IAM identity provider authentication in each account.

B.

Establish a permission boundary in the management account to restrict Regions and authorized services. Use AWS CloudFormation StackSets to provision roles with permissions for each job function, including an IAM trust policy for IAM identity provider authentication in each account.

C.

Establish a service control policy in the management account to restrict Regions and authorized services. Use AWS Resource Access Manager (AWS RAM) to share management account roles with permissions for each job function, including AWS IAM Identity Center for authentication in each account.

D.

Establish a service control policy (SCP) in the management account to restrict Regions and authorized services. Use AWS CloudFormation StackSets to provision roles with permissions for each job function, including an IAM trust policy for IAM identity provider authentication in each account.

Questions 46

A company uses an organization in AWS Organizations to manage multiple AWS accounts The company needs an automated process across all AWS accounts to isolate any compromised Amazon EC2 instances when the instances receive a specific tag.

Which combination of steps will meet these requirements? (Select TWO.)

Options:
A.

Use AWS Cloud Formation StackSets to deploy the Cloud Formation stacks in all AWS accounts.

B.

Create an SCP that has a Deny statement for the ec2: " action with a condition of " aws:RequestTag/isolation " : false.

C.

Attach the SCP to the root of the organization.

D.

Create an AWS Cloud Formation template that creates an EC2 instance rote that has no 1AM policies attached. Configure the template to have a security group that has an explicit Deny rule on all traffic. Use the Cloud Formation template to create an AWS Lambda function that attaches the 1AM role to instances. Configure the Lambda function to add a network ACL. Sot up an Amazon EventBridge rule to invoke the Lambda function when a specific ta

E.

Create an AWS Cloud Formation template that creates an EC2 instance role that has no 1AM policies attached. Configure the template to have a security group that has no inbound rules or outbound rules. Use the CloudFormation template to create an AWS Lambda function that attaches the 1AM role to instances. Configure the Lambda function to replace any existing security groups with the new security group. Set up an Amazon EventBridge rule to i

Questions 47

An AWS CodePipeline pipeline has implemented a code release process. The pipeline is integrated with AWS CodeDeploy to deploy versions of an application to multiple Amazon EC2 instances for each CodePipeline stage.

During a recent deployment the pipeline failed due to a CodeDeploy issue. The DevOps team wants to improve monitoring and notifications during deployment to decrease resolution times.

What should the DevOps engineer do to create notifications. When issues are discovered?

Options:
A.

Implement Amazon CloudWatch Logs for CodePipeline and CodeDeploy create an AWS Config rule to evaluate code deployment issues, and create an Amazon Simple Notification Service (Amazon SNS) topic to notify stakeholders of deployment issues.

B.

Implement Amazon EventBridge for CodePipeline and CodeDeploy create an AWS Lambda function to evaluate code deployment issues, and create an Amazon Simple Notification Service (Amazon SNS) topic to notify stakeholders of deployment issues.

C.

Implement AWS CloudTrail to record CodePipeline and CodeDeploy API call information create an AWS Lambda function to evaluate code deployment issues and create an Amazon Simple Notification Service (Amazon SNS) topic to notify stakeholders of deployment issues.

D.

Implement Amazon EventBridge for CodePipeline and CodeDeploy create an Amazon. Inspector assessment target to evaluate code deployment issues and create an Amazon Simple. Notification Service (Amazon SNS) topic to notify stakeholders of deployment issues.

Questions 48

A company gives its employees limited rights to AWS DevOps engineers have the ability to assume an administrator role. For tracking purposes, the security team wants to receive a near-real-time notification when the administrator role is assumed.

How should this be accomplished?

Options:
A.

Configure AWS Config to publish logs to an Amazon S3 bucket Use Amazon Athena to query the logs and send a notification to the security team when the administrator role is assumed

B.

Configure Amazon GuardDuty to monitor when the administrator role is assumed and send a notification to the security team

C.

Create an Amazon EventBridge event rule using an AWS Management Console sign-in events event pattern that publishes a message to an Amazon SNS topic if the administrator role is assumed

D.

Create an Amazon EventBridge events rule using an AWS API call that uses an AWS CloudTrail event pattern to invoke an AWS Lambda function that publishes a message to an Amazon SNS topic if the administrator role is assumed.

Questions 49

A company runs applications on Windows and Linux Amazon EC2 instances The instances run across multiple Availability Zones In an AWS Region. The company uses Auto Scaling groups for each application.

The company needs a durable storage solution for the instances. The solution must use SMB for Windows and must use NFS for Linux. The solution must also have sub-millisecond latencies. All instances will read and write the data.

Which combination of steps will meet these requirements? (Select THREE.)

Options:
A.

Create an Amazon Elastic File System (Amazon EFS) file system that has targets in multiple Availability Zones

B.

Create an Amazon FSx for NetApp ONTAP Multi-AZ file system.

C.

Create a General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volume to use for shared storage.

D.

Update the user data for each application ' s launch template to mount the file system

E.

Perform an instance refresh on each Auto Scaling group.

F.

Update the EC2 instances for each application to mount the file system when new instances are launched

Questions 50

A company uses machine learning on transactional data that a development team uploads from multiple sources to an Amazon S3 bucket. The development team finds duplicate objects in the S3 bucket across multiple prefixes. The duplications are increasing the company ' s storage costs.

The company wants to implement an automated solution to identify and remove duplicate objects from the S3 bucket.

Which solution will meet this requirement?

Options:
A.

Use Amazon S3 Storage Lens to scan the S3 bucket and prefixes, create an inventory of the duplicate objects, and invoke an AWS Lambda function to delete the duplicate objects.

B.

Configure AWS CloudTrail to record data events for the S3 bucket. Use Amazon Athena to query S3 data events to identify duplicate objects. Use an AWS Lambda function to delete duplicate objects.

C.

Use Amazon S3 Inventory to generate reports. Use Amazon Athena to query the reports based on ETag values. Use S3 Batch Operations and an AWS Lambda function to remove duplicate objects.

D.

Use AWS Config to identify object changes. Use Amazon EventBridge to delete duplicate objects by running the aws:executeScript action in AWS Systems Manager.

Exam Code: DOP-C02
Certification Provider: Amazon Web Services
Exam Name: AWS Certified DevOps Engineer - Professional
Last Update: May 22, 2026
Questions: 435

Amazon Web Services Related Exams

How to pass Amazon Web Services SAP-C02 - AWS Certified Solutions Architect - Professional Exam
How to pass Amazon Web Services AIP-C01 - AWS Certified Generative AI Developer - Professional Exam
MLS-C01 - AWS Certified Machine Learning - Specialty
AIF-C01 - AWS Certified AI Practitioner Exam
Data-Engineer-Associate - AWS Certified Data Engineer - Associate (DEA-C01)
CLF-C02 - AWS Certified Cloud Practitioner
GDP-C01 - AWS Certified Generative AI Developer - Professional
MLA-C01 - AWS Certified Machine Learning Engineer - Associate
SOA-C01 - AWS Certified SysOps Administrator - Associate
AXS-C01 - AWS Certified Alexa Skill Builder-Specialty
SCS-C03 - AWS Certified Security – Specialty
DVA-C02 - AWS Certified Developer - Associate
SOA-C03 - AWS Certified CloudOps Engineer - Associate
Amazon Web Services Free Access
Get Amazon Web Services Full Access

Amazon Web Services Free Exams
Amazon Web Services Free Exams
Get free access to Amazon Web Services exam prep materials and practice tests at Examstrack. Achieve your Amazon Web Services certification goals by exploring Examstrack.