Spring Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70track

Free Amazon Web Services DOP-C02 Practice Exam with Questions & Answers | Set: 8

Questions 71

A company uses a CI/CD pipeline to deploy its workload in the ap-southeast-2 Region. The company receives images through a Network Load Balancer (NLB) and processes the images in AWS Fargate tasks on an Amazon ECS cluster. An Amazon ECR repository stores the images as Docker images. The company uses Route 53 for DNS. The company saves the images in an S3 bucket and metadata in DynamoDB. The company wants to expand to eu-west-2 with high availability and resilience.

Which combination of steps will meet these requirements with the FEWEST configuration changes? (Select THREE).

Options:
A.

Configure ECR replication to eu-west-2 on the repository. Configure an NLB in eu-west-2 that resolves to Fargate tasks in an ECS cluster in eu-west-2. Configure a latency routing policy in Route 53 for the two workloads.

B.

Configure the DynamoDB table as a global table with a replica in eu-west-2. Configure the Fargate tasks to interact with the DynamoDB table in ap-southeast-2.

C.

Configure the DynamoDB table as a global table with a replica in eu-west-2. Configure the Fargate tasks to interact with the DynamoDB table in the same Region that the tasks run in.

D.

Configure a new S3 bucket in eu-west-2. Configure data replication between the S3 bucket in ap-southeast-2 and the S3 bucket in eu-west-2. Configure the Fargate tasks to use the S3 bucket in the same Region that the tasks run in to perform S3 PUT and GET operations.

E.

Configure an S3 Multi-Region Access Point for the S3 bucket in ap-southeast-2 and a new S3 bucket in eu-west-2. Configure two-way replication on the S3 buckets. Configure the workloads to use the Multi-Region Access Point for S3 PUT and GET operations.

F.

Configure the CI/CD pipeline to deploy ECR images to both Regions. Configure an NLB in eu-west-2 that resolves to Fargate tasks in an ECS cluster in eu-west-2. Configure a failover routing policy in Route 53 for the two workloads.

Amazon Web Services DOP-C02 Premium Access
Questions 72

A company has an application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB) The EC2 Instances are in multiple Availability Zones The application was misconfigured in a single Availability Zone, which caused a partial outage of the application.

A DevOps engineer made changes to ensure that the unhealthy EC2 instances in one Availability Zone do not affect the healthy EC2 instances in the other Availability Zones. The DevOps engineer needs to test the application's failover and shift where the ALB sends traffic During failover. the ALB must avoid sending traffic to the Availability Zone where the failure has occurred.

Which solution will meet these requirements?

Options:
A.

Turn off cross-zone load balancing on the ALB Use Amazon Route 53 Application Recovery Controller to start a zonal shift away from the Availability Zone

B.

Turn off cross-zone load balancing on the ALB's target group Use Amazon Route 53 Application Recovery Controller to start a zonal shift away from the Availability Zone

C.

Create an Amazon Route 53 Application Recovery Controller resource set that uses the DNS hostname of the ALB Start a zonal shift for the resource set away from the Availability Zone

D.

Create an Amazon Route 53 Application Recovery Controller resource set that uses the ARN of the ALB's target group Create a readiness check that uses the ElbV2TargetGroupsCanServeTraffic rule

Questions 73

A company is developing a web application's infrastructure using AWS CloudFormation The database engineering team maintains the database resources in a Cloud Formation template, and the software development team maintains the web application resources in a separate CloudFormation template. As the scope of the application grows, the software development team needs to use resources maintained by the database engineering team However, both teams have their own review and lifecycle management processes that they want to keep. Both teams also require resource-level change-set reviews. The software development team would like to deploy changes to this template using their Cl/CD pipeline.

Which solution will meet these requirements?

Options:
A.

Create a stack export from the database CloudFormation template and import those references into the web application CloudFormation template

B.

Create a CloudFormation nested stack to make cross-stack resource references and parameters available in both stacks.

C.

Create a CloudFormation stack set to make cross-stack resource references and parameters available in both stacks.

D.

Create input parameters in the web application CloudFormation template and pass resource names and IDs from the database stack.

Questions 74

A company’s security team requires that all external Application Load Balancers (ALBs) and Amazon API Gateway APIs are associated with AWS WAF web ACLs. The company has hundreds of AWS accounts, all of which are included in a single organization in AWS Organizations. The company has configured AWS Config for the organization. During an audit, the company finds some externally facing ALBs that are not associated with AWS WAF web ACLs.

Which combination of steps should a DevOps engineer take to prevent future violations? (Choose two.)

Options:
A.

Delegate AWS Firewall Manager to a security account.

B.

Delegate Amazon GuardDuty to a security account.

C.

Create an AWS Firewall Manager policy to attach AWS WAF web ACLs to any newly created ALBs and API Gateway APIs.

D.

Create an Amazon GuardDuty policy to attach AWS WAF web ACLs to any newly created ALBs and API Gateway APIs.

E.

Configure an AWS Config managed rule to attach AWS WAF web ACLs to any newly created ALBs and API Gateway APIs.

Questions 75

A company has multiple accounts in an organization in AWS Organizations. The company's SecOps team needs to receive an Amazon Simple Notification Service (Amazon SNS) notification if any account in the organization turns off the Block Public Access feature on an Amazon S3 bucket. A DevOps engineer must implement this change without affecting the operation of any AWS accounts. The implementation must ensure that individual member accounts in the organization cannot turn off the notification.

Which solution will meet these requirements?

Options:
A.

Designate an account to be the delegated Amazon GuardDuty administrator account. Turn on GuardDuty for all accounts across the organization. In the GuardDuty administrator account, create an SNS topic. Subscribe the SecOps team's email address to the SNS topic. In the same account, create an Amazon EventBridge rule that uses an event pattern for GuardDuty findings and a target of the SNS topic.

B.

Create an AWS CloudFormation template that creates an SNS topic and subscribes the SecOps team’s email address to the SNS topic. In the template, include an Amazon EventBridge rule that uses an event pattern of CloudTrail activity for s3:PutBucketPublicAccessBlock and a target of the SNS topic. Deploy the stack to every account in the organization by using CloudFormation StackSets.

C.

Turn on AWS Config across the organization. In the delegated administrator account, create an SNS topic. Subscribe the SecOps team's email address to the SNS topic. Deploy a conformance pack that uses the s3-bucket-level-public-access-prohibited AWS Config managed rule in each account and uses an AWS Systems Manager document to publish an event to the SNS topic to notify the SecOps team.

D.

Turn on Amazon Inspector across the organization. In the Amazon Inspector delegated administrator account, create an SNS topic. Subscribe the SecOps team’s email address to the SNS topic. In the same account, create an Amazon EventBridge rule that uses an event pattern for public network exposure of the S3 bucket and publishes an event to the SNS topic to notify the SecOps team.

Questions 76

A developer is creating a proof of concept for a new software as a service (SaaS) application. The application is in a shared development AWS account that is part of an organization in AWS Organizations.

The developer needs to create service-linked IAM roles for the AWS services that are being considered for the proof of concept. The solution needs to give the developer the ability to create and configure the service-linked roles only.

Which solution will meet these requirements?

Options:
A.

Create an IAM user for the developer in the organization’s management account. Configure a cross-account role in the development account for the developer to use. Limit the scope of the cross-account role to common services.

B.

Add the developer to an IAM group. Attach the PowerUserAccess managed policy to the IAM group. Enforce multi-factor authentication (MFA) on the user account.

C.

Add an SCP to the development account in Organizations. Configure the SCP with a Deny rule for iam:* to limit the developer’s access.

D.

Create an IAM role that has the necessary IAM access to allow the developer to create policies and roles. Create and attach a permissions boundary to the role. Grant the developer access to assume the role.

Questions 77

A company is developing an application that uses AWS Lambda functions. A DevOps engineer must create an AWS CloudFormation template that defines a deployment configuration for gradual traffic shifting to new Lambda function versions.

Which CloudFormation resource configuration will meet this requirement?

Options:
A.

Use an AWS::CodeDeploy::DeploymentConfig resource. Define a TimeBasedCanary configuration. Specify values for percentage and minutes for traffic shifting.

B.

Use an AWS::CodeDeploy::DeploymentGroup resource. Define the DeploymentStyle property as BLUE_GREEN. Configure the TrafficRoutingConfig data type for linear traffic shifting.

C.

Use an AWS::Lambda::Version resource with the VersionWeight property to control the percentage of traffic that is routed to the new Lambda function versions.

D.

Use an AWS::Lambda::Alias resource with the RoutingConfig property to specify weights for gradual traffic shifting between the Lambda function versions.

Questions 78

A company has deployed a new platform that runs on Amazon Elastic Kubernetes Service (Amazon EKS). The new platform hosts web applications that users frequently update. The application developers build the Docker images for the applications and deploy the Docker images manually to the platform.

The platform usage has increased to more than 500 users every day. Frequent updates, building the updated Docker images for the applications, and deploying the Docker images on the platform manually have all become difficult to manage.

The company needs to receive an Amazon Simple Notification Service (Amazon SNS) notification if Docker image scanning returns any HIGH or CRITICAL findings for operating system or programming language package vulnerabilities.

Which combination of steps will meet these requirements? (Select TWO.)

Options:
A.

Create an AWS CodeCommit repository to store the Dockerfile and Kubernetes deployment files. Create a pipeline in AWS CodePipeline. Use an Amazon S3 event to invoke the pipeline when a newer version of the Dockerfile is committed. Add a stop to the pipeline to initiate the AWS CodeBuild project.

B.

Create an AWS CodeCommit repository to store the Dockerfile and Kubernetes deployment files. Create a pipeline in AWS CodePipeline. Use an Amazon EvenlBridge event to invoke the pipeline when a newer version of the Dockerfile is committed. Add a step to the pipeline to initiate the AWS CodeBuild project.

C.

Create an AWS CodeBuild project that builds the Docker images and stores the Docker images in an Amazon Elastic Container Registry (Amazon ECR) repository. Turn on basic scanning for the ECR repository. Create an Amazon EventBridge rule that monitors Amazon GuardDuty events. Configure the EventBridge rule to send an event to an SNS topic when the finding-severity-counts parameter is more than 0 at a CRITICAL or HIGH level.

D.

Create an AWS CodeBuild project that builds the Docker images and stores the Docker images in an Amazon Elastic Container Registry (Amazon ECR) repository. Turn on enhanced scanning for the ECR repository. Create an Amazon EventBridge rule that monitors ECR image scan events. Configure the EventBridge rule to send an event to an SNS topic when the finding-severity-counts parameter is more than 0 at a CRITICAL or HIGH level.

E.

Create an AWS CodeBuild project that scans the Dockerfile. Configure the project to build the Docker images and store the Docker images in an Amazon Elastic Container Registry (Amazon ECR) repository if the scan is successful. Configure an SNS topic to provide notification if the scan returns any vulnerabilities.

Questions 79

A company is storing 100 GB of log data in .csv format in an Amazon S3 bucket. SQL developers want to query this data and generate graphs to visualize it. The SQL developers also need an efficient, automated way to store metadata from the .csv file. Which combination of steps will meet these requirements with the LEAST amount of effort? (Select THREE.)

Options:
A.

Filter the data through AWS X-Ray to visualize the data.

B.

Filter the data through Amazon QuickSight to visualize the data.

C.

Query the data with Amazon Athena.

D.

Use the AWS Glue Data Catalog as the persistent metadata store.

E.

Use Amazon DynamoDB as the persistent metadata store.

F.

Query the data with Amazon Redshift.

Questions 80

A company has a file-reading application that saves files to a database running on Amazon EC2 instances. Regulations require daily file deletions from EC2 instances and deletion of database records older than 60 days. Database record deletion must occur after file deletion. The company needs email notifications for any deletion script failures.

Which solution will meet these requirements with the LEAST development effort?

Options:
A.

Use AWS Systems Manager State Manager to automatically invoke an Automation document at the specified time daily. Configure the Automation document to run deletion scripts sequentially via run command. Create an EventBridge rule to send failure notifications to Amazon SNS.

B.

Use AWS Systems Manager State Manager to automatically invoke an Automation document at the specified time daily. Configure the Automation document to run deletion scripts sequentially. Add a conditional check for errors as the last step and send failure notifications via Amazon SES.

C.

Create an EventBridge rule to invoke a Lambda function at the specified time. Configure the Lambda function to run deletion scripts sequentially and send failure notifications via SNS.

D.

Create an EventBridge rule to invoke a Lambda function at the specified time. Configure the Lambda function to run deletion scripts sequentially and send failure notifications via SES.

Exam Code: DOP-C02
Certification Provider: Amazon Web Services
Exam Name: AWS Certified DevOps Engineer - Professional
Last Update: Feb 21, 2026
Questions: 419

Amazon Web Services Related Exams

How to pass Amazon Web Services SAP-C02 - AWS Certified Solutions Architect - Professional Exam
How to pass Amazon Web Services AIP-C01 - AWS Certified Generative AI Developer - Professional Exam
SCS-C03 - AWS Certified Security – Specialty
Data-Engineer-Associate - AWS Certified Data Engineer - Associate (DEA-C01)
DVA-C02 - AWS Certified Developer - Associate
SOA-C01 - AWS Certified SysOps Administrator - Associate
SAA-C03 - AWS Certified Solutions Architect - Associate (SAA-C03)
SOA-C03 - AWS Certified CloudOps Engineer - Associate
GDP-C01 - AWS Certified Generative AI Developer - Professional
CLF-C02 - AWS Certified Cloud Practitioner
AXS-C01 - AWS Certified Alexa Skill Builder-Specialty
AIF-C01 - AWS Certified AI Practitioner Exam
SCS-C02 - AWS Certified Security - Specialty
MLA-C01 - AWS Certified Machine Learning Engineer - Associate
MLS-C01 - AWS Certified Machine Learning - Specialty
Amazon Web Services Free Access
Get Amazon Web Services Full Access

Amazon Web Services Free Exams
Amazon Web Services Free Exams
Get free access to Amazon Web Services exam prep materials and practice tests at Examstrack. Achieve your Amazon Web Services certification goals by exploring Examstrack.