Amazon Web Services AWS Certified DevOps Engineer - Professional DOP-C02 Exam Dumps: Updated Questions & Answers (April 2026)

When setting the flag authenticated-read in the command line, the owner gets FULL_CONTROL. The AuthenticatedUsers group (Anyone with an AWS account) gets READ access. Reference: https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html

(A) When Docker communicates with an Amazon Elastic Container Registry (ECR) repository, it requires authentication. You can authenticate your Docker client to the Amazon ECR registry with the help of the AWS CLI (Command Line Interface). Specifically, you can use the " aws ecr get-login-password " command to get an authorization token and then use Docker ' s " docker login " command with that token to authenticate to the registry. You would need to perform these steps in your buildspec.yml file before attempting to push or pull images from/to the ECR repository.

AWS CodeDeploy supports deployment of both Lambda functions and ECS services with native integration.

It provides deployment strategies such as canary deployments for Lambda and blue/green deployments for ECS, which minimize downtime and risk.

CodeDeploy automates the deployment process, which reduces manual effort and improves consistency.

AWS Systems Manager Parameter Store is a simple, managed solution for storing configuration data securely and at scale.

Option A uses CloudFormation stack updates with resource replacement, which can cause downtime and is less flexible for minimizing downtime compared to CodeDeploy’s deployment strategies.

Option C adds unnecessary orchestration complexity with Step Functions and cross-region deployments, increasing deployment effort.

Option D’s all-at-once deployments for Lambda and rolling updates for ECS do not minimize downtime as effectively as canary and blue/green strategies. Hence, option B meets the requirement with the least deployment effort and maximizes automation and availability.

Reference from AWS Official Documentation:

Deploying Lambda Functions with CodeDeploy: " AWS CodeDeploy supports canary and linear deployment strategies for AWS Lambda functions to reduce deployment risk. " (CodeDeploy Lambda Deployment)

Deploying ECS Services with CodeDeploy Blue/Green: " CodeDeploy supports blue/green deployments for ECS to minimize downtime during service updates. " (CodeDeploy ECS Blue/Green)

AWS Systems Manager Parameter Store: " Parameter Store provides secure, hierarchical storage for configuration data management. " (Systems Manager Parameter Store)

AWS Secrets Manager is a secrets management service that helps you protect access to your applications, services, and IT resources. This service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. Using Secrets Manager, you can secure and manage secrets used to access resources in the AWS Cloud, on third-party services, and on-premises. SSM parameter store and AWS Secret manager are both a secure option. However, Secrets manager is more flexible and has more options like password generation. Reference: https://www.1strategy.com/blog/2019/02/28/aws-parameter-store-vs-aws-secrets-manager/

S3 RTC ensures ≤15-min replication SLA.

Multi-Region Access Point (MRAP) simplifies active-passive replication access.

SubmitMultiRegionAccessPointRoutes API manages routing changes during failover. This configuration follows AWS DR best practices for S3 active/passive architectures.

Verified Answer: A, C, and E.

Short Explanation: To improve the performance of the application, the DevOps engineer should use Amazon RDS Proxy, implement the database connection opening outside the Lambda event handler code, and connect to the proxy endpoint from the Lambda function.

Amazon RDS Proxy is a fully managed, highly available database proxy for Amazon Relational Database Service (RDS) that makes applications more scalable, more resilient to database failures, and more secure1. By using Amazon RDS Proxy, the DevOps engineer can reduce the overhead of opening and closing connections to the database, which can improve latency and throughput2.

The DevOps engineer should connect the proxy to the Aurora cluster reader endpoint, which allows read-only connections to one of the Aurora Replicas in the DB cluster3. This can help balance the load across multiple read replicas and improve performance for read-intensive workloads4.

The DevOps engineer should implement the database connection opening outside the Lambda event handler code, which means using a global variable to store the database connection object5. This can enable connection reuse across multiple invocations of the Lambda function, which can reduce latency and improve performance.

The DevOps engineer should connect to the proxy endpoint from the Lambda function, which is a unique URL that represents the proxy. This can allow the Lambda function to access the database through the proxy, which can provide benefits such as connection pooling, load balancing, failover handling, and enhanced security.

The other options are incorrect because:

Implementing database connection pooling inside the Lambda code is unnecessary and redundant when using Amazon RDS Proxy, which already provides connection pooling as a service.

Implementing the database connection opening and closing inside the Lambda event handler code is inefficient and costly, as it can increase latency and consume more resources for each invocation of the Lambda function.

Connecting to the Aurora cluster endpoint from the Lambda function is not optimal for read-only queries, as it can direct traffic to either the primary instance or one of the Aurora Replicas in the DB cluster. This can result in inconsistent performance and potential conflicts with write operations on the primary instance.

The correct approach to meet the requirements for separate environment pipelines and automatic deployment for test environments is to create two AWS CodePipeline configurations, one for each environment. The production pipeline should have a manual approval step to ensure that changes are reviewed before being deployed to production. A single AWS CodeCommit repository with separate branches for each environment allows for organized and efficient code management. Each CodePipeline retrieves the source code from the appropriate branch in the repository. The deployment step utilizes AWS CloudFormation to deploy the Lambda functions, ensuring that the infrastructure as code is maintained and version-controlled.

AWS Lambda with Amazon API Gateway: Using AWS Lambda with Amazon API Gateway

Tutorial on using Lambda with API Gateway: Tutorial: Using Lambda with API Gateway

AWS CodePipeline automatic deployment: Set Up a Continuous Deployment Pipeline Using AWS CodePipeline

Building a pipeline for test and production stacks: Walkthrough: Building a pipeline for test and production stacks

Activating S3 server access logging and using Amazon Athena to create an external table with the log files is the easiest and most cost-effective way to analyze access patterns. This option requires minimal setup and allows for quick analysis of the access patterns with SQL queries. Additionally, Amazon Athena scales automatically to match the query load, so there is no need for additional infrastructure provisioning or management.

https://docs.aws.amazon.com/cli/latest/reference/cloudformation/continue-update-rollback.html For a specified stack that is in the UPDATE_ROLLBACK_FAILED state, continues rolling it back to the UPDATE_ROLLBACK_COMPLETE state. Depending on the cause of the failure, you can manually fix the error and continue the rollback. By continuing the rollback, you can return your stack to a working state (the UPDATE_ROLLBACK_COMPLETE state), and then try to update the stack again.