Summer Special Sale - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

Page: 1 / 14
Total 134 questions
Exam Code: DOP-C02                Update: Jul 14, 2026
Exam Name: AWS Certified DevOps Engineer - Professional

Amazon Web Services AWS Certified DevOps Engineer - Professional DOP-C02 Exam Dumps: Updated Questions & Answers (July 2026)

Question # 1

A company uses Amazon RDS for Microsoft SQL Server as its primary database. They need high availability within and across AWS Regions, with an RPO < 1 min and RTO < 10 min. Route 53 CNAME is used for the DB endpoint and must redirect to standby during failover.

Which solution meets these requirements?

A.

Deploy an Amazon RDS for SQL Server Multi-AZ DB cluster with cross-Region read replicas. Use automation to promote replica and update Route 53.

B.

Deploy RDS Multi-AZ with snapshots copied every 5 minutes; use Lambda to restore snapshot and update Route 53 on failover.

C.

Deploy Single-AZ RDS and use AWS DMS to continuously replicate to another Region. Use CloudWatch alarms for failover notification.

D.

Deploy Single-AZ RDS and use AWS Backup for cross-Region backups every 30 seconds. Use automation to restore and update Route 53 during failover.

Question # 2

A company recently launched multiple applications that use Application Load Balancers. Application response time often slows down when the applications experience problems A DevOps engineer needs to Implement a monitoring solution that alerts the company when the applications begin to perform slowly The DevOps engineer creates an Amazon Simple Notification Semce (Amazon SNS) topic and subscribe the company ' s email address to the topic

What should the DevOps engineer do next to meet the requirements?

A.

Create an Amazon EventBridge rule that invokes an AWS Lambda function to query the applications on a 5-minute interval Configure the Lambda function to publish a notification to the SNS topic when the applications return errors.

B.

Create an Amazon CloudWatch Synthetics canary that runs a custom script to query the applications on a 5-minute interval. Configure the canary to use the SNS topic when the applications return errors.

C.

Create an Amazon CloudWatch alarm that uses the AWS/AppljcabonELB namespace RequestCountPerTarget metric Configure the CloudWatch alarm to send a notification when the number of connections becomes greater than the configured number of threads that the application supports Configure the CloudWatch alarm to use the SNS topic.

D.

Create an Amazon CloudWatch alarm that uses the AWS/ApplicationELB namespace RequestCountPerTarget metric Configure the CloudWatch alarm to send a notification when the average response time becomes greater than the longest response time that the application supports Configure the CloudWatch alarm to use the SNS topic

Question # 3

A company uses Amazon Elastic Container Service (Amazon ECS) with an Amazon EC2 launch type. The company requires all log data to be centralized on Amazon CloudWatch. The company ' s ECS tasks include a LogConfiguration object that specifies a value of awslogs for the log driver name.

The company ' s ECS tasks failed to deploy. An error message indicates that a missing permission causes the failure. The company confirmed that the IAM role used to launch container instances includes the logs:CreateLogGroup, logs:CreateLogStream, and logs:PutLogEvents permissions.

Which solution will fix the problem?

A.

Add an IAM trust policy to the IAM role that establishes Amazon ECS as a trusted service.

B.

Add the logs:PutDestination permission to the policy applied to the IAM role.

C.

Remove the logs:CreateLogStream permission from the policy applied to the IAM role.

D.

Add an IAM trust policy to the IAM role that establishes CloudWatch as a trusted service.

Question # 4

A company ' s application development team uses Linux-based Amazon EC2 instances as bastion hosts. Inbound SSH access to the bastion hosts is restricted to specific IP addresses, as defined in the associated security groups. The company ' s security team wants to receive a notification if the security group rules are modified to allow SSH access from any IP address.

What should a DevOps engineer do to meet this requirement?

A.

Create an Amazon EventBridge rule with a source of aws.cloudtrail and the event name AuthorizeSecurityGroupIngress. Define an Amazon Simple Notification Service (Amazon SNS) topic as the target.

B.

Enable Amazon GuardDuty and check the findings for security groups in AWS Security Hub. Configure an Amazon EventBridge rule with a custom pattern that matches GuardDuty events with an output of NON_COMPLIANT. Define an Amazon Simple Notification Service (Amazon SNS) topic as the target.

C.

Create an AWS Config rule by using the restricted-ssh managed rule to check whether security groups disallow unrestricted incoming SSH traffic. Configure automatic remediation to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic.

D.

Enable Amazon Inspector. Include the Common Vulnerabilities and Exposures-1.1 rules package to check the security groups that are associated with the bastion hosts. Configure Amazon Inspector to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic.

Question # 5

A DevOps team incorporates automatic load and stress testing capabilities into a CI/CD pipeline by using AWS CodeBuild. The DevOps team uses an Amazon Aurora MySQL DB cluster in a testing environment to perform load testing. The DevOps team set the minimum capacity for the testing DB cluster to 1. The DevOps team uses 10 DB clusters in a production environment. The DevOps team has set all the DB clusters to automatically scale up to a maximum capacity of 15 Aurora Replicas.

When the DevOps team performs load testing, the configuration of the Aurora DB cluster in the testing environment prevents the cluster from scaling rapidly enough to meet the transient demand, which causes load testing to fail.

The DevOps team must configure the DB cluster in the testing environment to meet the load-testing demand.

Which solution will meet this requirement MOST cost-effectively?

A.

Set the minimum capacity to 10. Reduce the scale-in cooldown period in the PRE_BUILD phase of the CodeBuild configuration.

B.

Set the minimum capacity to 10 in the PRE_BUILD phase of the CodeBuild configuration. Reset the capacity to 1 in the POST_BUILD phase.

C.

Set the minimum capacity to 10 in the POST_BUILD phase of the CodeBuild configuration. Reset the capacity to 1 in the same POST_BUILD phase.

D.

Add an Amazon RDS Proxy in front of the testing Aurora DB cluster. Set the RDS Proxy endpoint in the PRE_BUILD phase of the CodeBuild configuration.

Question # 6

A DevOps engineer is creating an AWS CloudFormation template to deploy a web service. The web service will run on Amazon EC2 instances in a private subnet behind an Application Load Balancer (ALB). The DevOps engineer must ensure that the service can accept requests from clients that have IPv6 addresses.

What should the DevOps engineer do with the CloudFormation template so that IPv6 clients can access the web service?

A.

Add an IPv6 CIDR block to the VPC and the private subnet for the EC2 instances. Create route table entries for the IPv6 network, use EC2 instance types that support IPv6, and assign IPv6 addresses to each EC2 instance.

B.

Assign each EC2 instance an IPv6 Elastic IP address. Create a target group, and add the EC2 instances as targets. Create a listener on port 443 of the ALB, and associate the target group with the ALB.

C.

Replace the ALB with a Network Load Balancer (NLB). Add an IPv6 CIDR block to the VPC and subnets for the NLB, and assign the NLB an IPv6 Elastic IP address.

D.

Add an IPv6 CIDR block to the VPC and subnets for the ALB. Create a listener on port 443. and specify the dualstack IP address type on the ALB. Create a target group, and add the EC2 instances as targets. Associate the target group with the ALB.

Question # 7

A company has a search application that has a web interface. The company uses Amazon CloudFront, Application Load Balancers (ALBs), and Amazon EC2 instances in an Auto Scaling group with a desired capacity of 3. The company uses prebaked AMIs. The application starts in 1 minute. The application queries an Amazon OpenSearch Service cluster. The application is deployed to multiple Availability Zones. Because of compliance requirements, the application needs to have a disaster recovery (DR) environment in a separate AWS Region. The company wants to minimize the ongoing cost of the DR environment and requires an RTO and an RPO of under 30 minutes. The company has created an ALB in the DR Region. Which solution will meet these requirements?

A.

Add the new ALB as an origin in the CloudFront distribution. Configure origin failover functionality. Copy the AMI to the DR Region. Create a launch template and an Auto Scaling group with a desired capacity of 0 in the DR Region. Create a new OpenSearch Service cluster in the DR Region. Set up cross-cluster replication for the cluster.

B.

Create a new CloudFront distribution in the DR Region and add the new ALB as an origin. Use Amazon Route 53 DNS for Regional failover. Copy the AMI to the DR Region. Create a launch template and an Auto Scaling group with a desired capacity of 0 in the DR Region. Reconfigure the OpenSearch Service cluster as a Multi-AZ with Standby deployment. Ensure that the standby nodes are in the DR Region.

C.

Create a new CloudFront distribution in the DR Region and add the new ALB as an origin. Use Amazon Route 53 DNS for Regional failover. Copy the AMI to the DR Region. Create a launch template and an Auto Scaling group with a desired capacity of 3 in the DR Region. Reconfigure the OpenSearch Service cluster as a Multi-AZ with Standby deployment. Ensure that the standby nodes are in the DR Region.

D.

Add the new ALB as an origin in the CloudFront distribution. Configure origin failover functionality. Copy the AMI to the DR Region. Create a launch template and an Auto Scaling group with a desired capacity of 3 in the DR Region. Create a new OpenSearch Service cluster in the DR Region. Set up cross-cluster replication for the cluster.

Question # 8

A DevOps engineer is setting up a container-based architecture. The engineer has decided to use AWS CloudFormation to automatically provision an Amazon ECS cluster and an Amazon EC2 Auto Scaling group to launch the EC2 container instances. After successfully creating the CloudFormation stack, the engineer noticed that, even though the ECS cluster and the EC2 instances were created successfully and the stack finished the creation, the EC2 instances were associating with a different cluster.

How should the DevOps engineer update the CloudFormation template to resolve this issue?

A.

Reference the EC2 instances in the AWS: ECS: Cluster resource and reference the ECS cluster in the AWS: ECS: Service resource.

B.

Reference the ECS cluster in the AWS: AutoScaling: LaunchConfiguration resource of the UserData property.

C.

Reference the ECS cluster in the AWS:EC2: lnstance resource of the UserData property.

D.

Reference the ECS cluster in the AWS: CloudFormation: CustomResource resource to trigger an AWS Lambda function that registers the EC2 instances with the appropriate ECS cluster.

Question # 9

An ecommerce company has chosen AWS to host its new platform. The company ' s DevOps team has started building an AWS Control Tower landing zone. The DevOps team has set the identity store within AWS IAM Identity Center (AWS Single Sign-On) to external identity provider (IdP) and has configured SAML 2.0.

The DevOps team wants a robust permission model that applies the principle of least privilege. The model must allow the team to build and manage only the team ' s own resources.

Which combination of steps will meet these requirements? (Choose three.)

A.

Create IAM policies that include the required permissions. Include the aws:PrincipalTag condition key.

B.

Create permission sets. Attach an inline policy that includes the required permissions and uses the aws:PrincipalTag condition key to scope the permissions.

C.

Create a group in the IdP. Place users in the group. Assign the group to accounts and the permission sets in IAM Identity Center.

D.

Create a group in the IdP. Place users in the group. Assign the group to OUs and IAM policies.

E.

Enable attributes for access control in IAM Identity Center. Apply tags to users. Map the tags as key-value pairs.

F.

Enable attributes for access control in IAM Identity Center. Map attributes from the IdP as key-value pairs.

Question # 10

A company recently migrated its application to an Amazon Elastic Kubernetes Service (Amazon EKS) cluster that uses Amazon EC2 instances. The company configured the application to automatically scale based on CPU utilization.

The application produces memory errors when it experiences heavy loads. The application also does not scale out enough to handle the increased load. The company needs to collect and analyze memory metrics for the application over time.

Which combination of steps will meet these requirements? (Select THREE.)

A.

Attach the Cloud WatchAgentServer Pol icy managed 1AM policy to the 1AM instance profile that the cluster uses.

B.

Attach the Cloud WatchAgentServer Pol icy managed 1AM policy to a service account role for the cluster.

C.

Collect performance metrics by deploying the unified Amazon CloudWatch agent to the existing EC2 instances in the cluster. Add the agent to the AMI for any new EC2 instances that are added to the cluster.

D.

Collect performance logs by deploying the AWS Distro for OpenTelemetry collector as a DaemonSet.

E.

Analyze the pod_memory_utilization Amazon CloudWatch metric in the Containerlnsights namespace by using the Service dimension.

F.

Analyze the node_memory_utilization Amazon CloudWatch metric in the Containerlnsights namespace by using the ClusterName dimension.

Page: 1 / 14
Total 134 questions

Most Popular Certification Exams

Payment

       

Contact us

Site Secure

mcafee secure

TESTED 14 Jul 2026