DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

AWS DOP-C02 Exam Questions for Effective Preparation | AWS Certified DevOps Engineer - Professional

Unlock your potential as an AWS Certified DevOps Engineer - Professional with SPOTO's comprehensive exam questions and answers, test questions, and exam preparation resources. Our meticulously crafted study materials cover the entire DOP-C02 exam scope, ensuring you possess the knowledge to confidently tackle any challenge. Enhance your preparation with our mock exams, simulating the real testing environment to identify strengths and areas for improvement. With SPOTO's exam resources at your disposal, you'll be well-equipped to pass successfully on your first attempt. Don't leave your certification aspirations to chance – leverage our proven solutions and embark on your journey to becoming an AWS DevOps expert today. Invest in SPOTO's study materials for a seamless path to DOP-C02 success.
Take other online exams

Question #1
A company provides an application to customers. The application has an Amazon API Gateway REST API that invokes an AWS Lambda function. On initialization, the Lambda function loads a large amount of data from an Amazon DynamoDB table. The data load process results in long cold-start times of 8-10 seconds. The DynamoDB table has DynamoDB Accelerator (DAX) configured.Customers report that the application intermittently takes a long time to respond to requests. The application receives thousands of requests th
A. onfigure provisioned concurrency on the Lambda function with a concurrency value of 1
B. onfigure reserved concurrency on the Lambda function with a concurrency value of 0
C. onfigure provisioned concurrency on the Lambda function
D. onfigure reserved concurrency on the Lambda function
View answer
Correct Answer: C
Question #2
A company is adopting AWS CodeDeploy to automate its application deployments for a Java-Apache Tomcat application with an Apache webserver. The development team started with a proof of concept, created a deployment group for a developer environment, and performed functional tests within the application After completion, the team will create additional deployment groups for staging and production. The current log level is configured within the Apache settings, but the team wants to change this configuration
A. ag the Amazon EC2 instances depending on the deployment group
B. reate a script that uses the CodeDeploy environment variable DEPLOYMENT_GROUP_NAME to identify which deployment group the instance is part of
C. reate a CodeDeploy custom environment variable for each environment
D. reate a script that uses the CodeDeploy environment variable DEPLOYMENT_GROUP_ID to identify which deployment group the instance is part of to configure the log level settings
View answer
Correct Answer: B
Question #3
A company is hosting a web application in an AWS Region. For disaster recovery purposes, a second region is being used as a standby. Disaster recovery requirements state that session data must be replicated between regions in near-real time and 1% of requests should route to the secondary region to continuously verify system functionality. Additionally, if there is a disruption in service in the main region, traffic should be automatically routed to the secondary region, and the secondary region must be abl
A. n both regions, deploy the application on AWS Elastic Beanstalk and use Amazon DynamoDB global tables for session data
B. n both regions, launch the application in Auto Scaling groups and use DynamoDB for session data
C. n both regions, deploy the application in AWS Lambda, exposed by Amazon API Gateway, and use Amazon RDS PostgreSQL with cross-region replication for session data
D. n both regions, launch the application in Auto Scaling groups and use DynamoDB global tables for session data
View answer
Correct Answer: A
Question #4
A company uses AWS Organizations to manage multiple accounts. Information security policies require that all unencrypted Amazon EBS volumes be marked as non-compliant. A DevOps engineer needs to automatically deploy the solution and ensure that this compliance check is always present.With solution will accomplish this?
A. reate an AWS CloudFormation template that defines an AWS Inspector rule to check whether EBS encryption is enabled
B. reate an AWS Config organizational rule to check whether EBS encryption is enabled and deploy the rule using the AWS CLI
C. reate an SCP in Organizations
D. eploy an IAM role to all accounts from a single trusted account
View answer
Correct Answer: B
Question #5
A DevOps engineer is creating an AWS CloudFormation template to deploy a web service. The web service will run on Amazon EC2 instances in a private subnet behind an Application Load Balancer (ALB). The DevOps engineer must ensure that the service can accept requests from clients that have IPv6 addresses.What should the DevOps engineer do with the CloudFormation template so that IPv6 clients can access the web service?
A. dd an IPv6 CIDR block to the VPC and the private subnet for the EC2 instances
B. ssign each EC2 instance an IPv6 Elastic IP address
C. eplace the ALB with a Network Load Balancer (NLB)
D. dd an IPv6 CIDR block to the VPC and subnets for the ALB
View answer
Correct Answer: B
Question #6
A company has an organization in AWS Organizations. The organization includes workload accounts that contain enterprise applications. The company centrally manages users from an operations account. No users can be created in the workload accounts. The company recently added an operations team and must provide the operations team members with administrator access to each workload account.Which combination of actions will provide this access? (Choose three.)
A. esignate an account to be the delegated Amazon GuardDuty administrator account
B. reate an AWS CloudFormation template that creates an SNS topic and subscribes the SecOps team’s email address to the SNS topic
C. urn on AWS Config across the organization
D. urn on Amazon Inspector across the organization
View answer
Correct Answer: ABE
Question #7
A DevOps engineer is building a continuous deployment pipeline for a serverless application that uses AWS Lambda functions. The company wants to reduce the customer impact of an unsuccessful deployment. The company also wants to monitor for issues.Which deploy stage configuration will meet these requirements?
A. se an AWS Serverless Application Model (AWS SAM) template to define the serverless application
B. se AWS CloudFormation to publish a new stack update, and include Amazon CloudWatch alarms on all resources
C. se AWS CloudFormation to publish a new version on every stack update, and include Amazon CloudWatch alarms on all resources
D. se AWS CodeBuild to add sample event payloads for testing to the Lambda functions
View answer
Correct Answer: A
Question #8
A company has microservices running in AWS Lambda that read data from Amazon DynamoDB. The Lambda code is manually deployed by developers after successful testing The company now needs the tests and deployments be automated and run in the cloud Additionally, traffic to the new versions of each microservice should be incrementally shifted over time after deployment.What solution meets all the requirements, ensuring the MOST developer velocity?
A. reate an AWS CodePipelme configuration and set up a post-commit hook to trigger the pipeline after tests have passed Use AWS CodeDeploy and create a Canary deployment configuration that specifies the percentage of traffic and interval
B. reate an AWS CodeBuild configuration that triggers when the test code is pushed Use AWS CloudFormation to trigger an AWS CodePipelme configuration that deploys the new Lambda versions and specifies the traffic shift percentage and interval
C. reate an AWS CodePipelme configuration and set up the source code step to trigger when code is pushed
D. se the AWS CLI to set up a post-commit hook that uploads the code to an Amazon S3 bucket after tests have passed
View answer
Correct Answer: C
Question #9
A company has a single developer writing code for an automated deployment pipeline. The developer is storing source code in an Amazon S3 bucket for each project. The company wants to add more developers to the team but is concerned about code conflicts and lost work The company also wants to build a test environment to deploy newer versions of code for testing and allow developers to automatically deploy to both environments when code is changed in the repository.What is the MOST efficient way to meet these
A. reate an AWS CodeCommit repository tor each project, use the mam branch for production code
B. reate another S3 bucket for each project for testing code, and use an AWS Lambda function to promote code changes between testing and production buckets Enable versioning on all buckets to prevent code conflicts
C. reate an AWS CodeCommit repository for each project, and use the main branch for production and test code with different deployment pipelines for each environment Use feature branches to develop new features
D. nable versioning and branching on each S3 bucket, use the main branch for production code, and create a testing branch for code deployed to testing
View answer
Correct Answer: A
Question #10
A company is adopting AWS CodeDeploy to automate its application deployments for a Java-Apache Tomcat application with an Apache Webserver. The development team started with a proof of concept, created a deployment group for a developer environment, and performed functional tests within the application. After completion, the team will create additional deployment groups for staging and production.The current log level is configured within the Apache settings, but the team wants to change this configuration
A. ag the Amazon EC2 instances depending on the deployment group
B. reate a script that uses the CodeDeploy environment variable DEPLOYMENT_GROUP_ NAME to identify which deployment group the instance is part of
C. reate a CodeDeploy custom environment variable for each environment
D. reate a script that uses the CodeDeploy environment variable DEPLOYMENT_GROUP_ID to identify which deployment group the instance is part of to configure the log level settings
View answer
Correct Answer: B
Question #11
A company hosts its staging website using an Amazon EC2 instance backed with Amazon EBS storage. The company wants to recover quickly with minimal data losses in the event of network connectivity issues or power failures on the EC2 instance.Which solution will meet these requirements?
A. dd the instance to an EC2 Auto Scaling group with the minimum, maximum, and desired capacity set to 1
B. dd the instance to an EC2 Auto Scaling group with a lifecycle hook to detach the EBS volume when the EC2 instance shuts down or terminates
C. reate an Amazon CloudWatch alarm for the StatusCheckFailed_System metric and select the EC2 action to recover the instance
D. reate an Amazon CloudWatch alarm for the StatusCheckFailed_Instance metric and select the EC2 action to reboot the instance
View answer
Correct Answer: A
Question #12
A company's developers use Amazon EC2 instances as remote workstations. The company is concerned that users can create or modify EC2 security groups to allow unrestricted inbound access.A DevOps engineer needs to develop a solution to detect when users create unrestricted security group rules. The solution must detect changes to security group rules in near real time, remove unrestricted rules, and send email notifications to the security team. The DevOps engineer has created an AWS Lambda function that che
A. onfigure the Lambda function to be invoked by the SNS topic
B. reate an Amazon EventBridge scheduled rule to invoke the Lambda function
C. reate an Amazon EventBridge event rule that has the default event bus as the source
D. reate an Amazon EventBridge custom event bus that subscribes to events from all AWS services
View answer
Correct Answer: C
Question #13
A company runs an application with an Amazon EC2 and on-premises configuration. A DevOps Engineer needs to standardize patching across both environments. Company policy dictates that patching only happens during non-business hours.Which combination of actions will meet these requirements? (Choose three.)
A. se AWS Service Catalog with AWS Control Tower
B. eploy CloudFormation stack sets by using the required templates
C. reate an Amazon EventBridge rule to detect the CreateManagedAccount event
D. eploy the Customizations for AWS Control Tower (CfCT) solution
View answer
Correct Answer: ABF
Question #14
A company is using an Amazon Aurora cluster as the data store for its application. The Aurora cluster is configured with a single DB instance. The application performs read and write operations on the database by using the cluster's instance endpoint.The company has scheduled an update to be applied to the cluster during an upcoming maintenance window. The cluster must remain available with the least possible interruption during the maintenance window.What should a DevOps engineer do to meet these requireme
A. dd a reader instance to the Aurora cluster
B. dd a reader instance to the Aurora cluster
C. urn on the Multi-AZ option on the Aurora cluster
D. urn on the Multi-AZ option on the Aurora cluster
View answer
Correct Answer: C
Question #15
A company has multiple child accounts that are part of an organization in AWS Organizations. The security team needs to review every Amazon EC2 security group and their inbound and outbound rules. The security team wants to programmatically retrieve this information from the child accounts using an AWS Lambda function in the management account of the organization.Which combination of access changes will meet these requirements? (Choose three.)
A. onfigure AWS Lambda to poll the SOS queue and invoke a Lambda function to check whether the queue messages are valid
B. onvert the SQS standard queue to an SQS FIFO queue
C. reate an SOS dead-letter queue
D. onfigure API Gateway to send messages to different SOS virtual queues that are named for each of the satellites
View answer
Correct Answer: BCE
Question #16
A company has a mobile application that makes HTTP API calls to an Application Load Balancer (ALB). The ALB routes requests to an AWS Lambda function. Many different versions of the application are in use at any given time, including versions that are in testing by a subset of users. The version of the application is defined in the user-agent header that is sent with all requests to the API.After a series of recent changes to the API, the company has observed issues with the application. The company needs t
A. odify the Lambda function to write the API operation name, response code, and version number as a log line to an Amazon CloudWatch Logs log group
B. odify the Lambda function to write the API operation name, response code, and version number as a log line to an Amazon CloudWatch Logs log group
C. onfigure the ALB access logs to write to an Amazon CloudWatch Logs log group
D. onfigure AWS X-Ray integration on the Lambda function
View answer
Correct Answer: B
Question #17
A company has a single AWS account that runs hundreds of Amazon EC2 instances in a single AWS Region. New EC2 instances are launched and terminated each hour in the account. The account also includes existing EC2 instances that have been running for longer than a week.The company's security policy requires all running EC2 instances to use an EC2 instance profile. If an EC2 instance does not have an instance profile attached, the EC2 instance must use a default instance profile that has no IAM permissions as
A. onfigure an Amazon EventBridge rule that reacts to EC2 RunInstances API calls
B. onfigure the ec2-instance-profile-attached AWS Config managed rule with a trigger type of configuration changes
C. onfigure an Amazon EventBridge rule that reacts to EC2 StartInstances API calls
D. onfigure the iam-role-managed-policy-check AWS Config managed rule with a trigger type of configuration changes
View answer
Correct Answer: B
Question #18
A DevOps team manages an API running on-premises that serves as a backend for an Amazon API Gateway endpoint. Customers have been complaining about high response latencies, which the development team has verified using the API Gateway latency metrics in Amazon CloudWatch. To identify the cause, the team needs to collect relevant data without introducing additional latency.Which actions should be taken to accomplish this? (Choose two.)
A. onfigure a latency-based Amazon Route 53 CNAME with health checks so it points to both the primary and replica endpoints
B. reate an Aurora custom endpoint to point to the primary database instance
C. reate an AWS Lambda function to modify the application’s AWS Cloud Formation template to promote the replica, apply the template to update the stack, and point the application to the newly promoted instance
D. tore the Aurora endpoint in AWS Systems Manager Parameter Store
View answer
Correct Answer: AC
Question #19
A company has multiple child accounts that are part of an organization in AWS Organizations. The security team needs to review every Amazon EC2 security group and their inbound and outbound rules. The security team wants to programmatically retrieve this information from the child accounts using an AWS Lambda function in the management account of the organization.Which combination of access changes will meet these requirements? (Choose three.)
A. onfigure AWS Lambda to poll the SOS queue and invoke a Lambda function to check whether the queue messages are valid
B. onvert the SQS standard queue to an SQS FIFO queue
C. reate an SOS dead-letter queue
D. onfigure API Gateway to send messages to different SOS virtual queues that are named for each of the satellites
View answer
Correct Answer: BCE
Question #20
A company's DevOps engineer uses AWS Systems Manager to perform maintenance tasks during maintenance windows. The company has a few Amazon EC2 instances that require a restart after notifications from AWS Health. The DevOps engineer needs to implement an automated solution to remediate these notifications. The DevOps engineer creates an Amazon EventBridge rule.How should the DevOps engineer configure the EventBridge rule to meet these requirements?
A. onfigure an event source of AWS Health, a service of EC2
B. onfigure an event source of Systems Manager and an event type that indicates a maintenance window
C. onfigure an event source of AWS Health, a service of EC2, and an event type that indicates instance maintenance
D. onfigure an event source of EC2 and an event type that indicates instance maintenance
View answer
Correct Answer: A
Question #21
A company has a mobile application that makes HTTP API calls to an Application Load Balancer (ALB). The ALB routes requests to an AWS Lambda function. Many different versions of the application are in use at any given time, including versions that are in testing by a subset of users. The version of the application is defined in the user-agent header that is sent with all requests to the API.After a series of recent changes to the API, the company has observed issues with the application. The company needs t
A. odify the Lambda function to write the API operation name, response code, and version number as a log line to an Amazon CloudWatch Logs log group
B. odify the Lambda function to write the API operation name, response code, and version number as a log line to an Amazon CloudWatch Logs log group
C. onfigure the ALB access logs to write to an Amazon CloudWatch Logs log group
D. onfigure AWS X-Ray integration on the Lambda function
View answer
Correct Answer: B
Question #22
A company is performing vulnerability scanning for all Amazon EC2 instances across many accounts. The accounts are in an organization in AWS Organizations. Each account's VPCs are attached to a shared transit gateway. The VPCs send traffic to the internet through a central egress VPC. The company has enabled Amazon Inspector in a delegated administrator account and has enabled scanning for all member accounts.A DevOps engineer discovers that some EC2 instances are listed in the "not scanning" tab in Amazon
A. reate an Amazon EventBridge rule that reacts to the pullRequestStatusChanged event
B. reate an Amazon EventBridge rule that reacts to the pullRequestCreated event
C. reate an Amazon EventBridge rule that reacts to pullRequestCreated and pullRequestSourceBranchUpdated events
D. reate an Amazon EventBridge rule that reacts to the pullRequestStatusChanged event
View answer
Correct Answer: ABC
Question #23
A company has multiple accounts in an organization in AWS Organizations. The company's SecOps team needs to receive an Amazon Simple Notification Service (Amazon SNS) notification if any account in the organization turns off the Block Public Access feature on an Amazon S3 bucket. A DevOps engineer must implement this change without affecting the operation of any AWS accounts. The implementation must ensure that individual member accounts in the organization cannot turn off the notification.Which solution wi
A. nable Amazon CloudWatch Logs to log the EKS components
B. nable Amazon CloudWatch Logs to log the EKS components
C. nable Amazon S3 logging for the EKS components
D. nable Amazon S3 logging for the EKS components
View answer
Correct Answer: B
Question #24
A company provides an application to customers. The application has an Amazon API Gateway REST API that invokes an AWS Lambda function. On initialization, the Lambda function loads a large amount of data from an Amazon DynamoDB table. The data load process results in long cold-start times of 8-10 seconds. The DynamoDB table has DynamoDB Accelerator (DAX) configured.Customers report that the application intermittently takes a long time to respond to requests. The application receives thousands of requests th
A. onfigure provisioned concurrency on the Lambda function with a concurrency value of 1
B. onfigure reserved concurrency on the Lambda function with a concurrency value of 0
C. onfigure provisioned concurrency on the Lambda function
D. onfigure reserved concurrency on the Lambda function
View answer
Correct Answer: C
Question #25
A company is implementing a well-architected design for its globally accessible API stack. The design needs to ensure both high reliability and fast response times for users located in North America and Europe.The API stack contains the following three tiers: •Amazon API Gateway•AWS Lambda •Amazon DynamoDBWhich solution will meet the requirements?
A. onfigure Amazon Route 53 to point to API Gateway APIs in North America and Europe using health checks
B. onfigure Amazon Route 53 to point to API Gateway APIs in North America and Europe using latency- based routing and health checks
C. onfigure Amazon Route 53 to point to API Gateway in North America, create a disaster recovery API in Europe, and configure both APIs to forward requests to the Lambda functions in that Region
D. onfigure Amazon Route 53 to point to API Gateway API in North America using latency-based routing
View answer
Correct Answer: B
Question #26
A company hosts a security auditing application in an AWS account. The auditing application uses an IAM role to access other AWS accounts. All the accounts are in the same organization in AWS Organizations.A recent security audit revealed that users in the audited AWS accounts could modify or delete the auditing application's IAM role. The company needs to prevent any modification to the auditing application's IAM role by any entity other than a trusted administrator IAM role.Which solution will meet these
A. reate an SCP that includes a Deny statement for changes to the auditing application's IAM role
B. reate an SCP that includes an Allow statement for changes to the auditing application's IAM role by the trusted administrator IAM role
C. reate an IAM permissions boundary that includes a Deny statement for changes to the auditing application's IAM role
D. reate an IAM permissions boundary that includes a Deny statement for changes to the auditing application’s IAM role
View answer
Correct Answer: C
Question #27
A production account has a requirement that any Amazon EC2 instance that has been logged in to manually must be terminated within 24 hours. All applications in the production account are using Auto Scaling groups with the Amazon CloudWatch Logs agent configured.How can this process be automated?
A. reate a CloudWatch Logs subscription to an AWS Step Functions application
B. reate an Amazon CloudWatch alarm that will be invoked by the login event
C. reate an Amazon CloudWatch alarm that will be invoked by the login event
D. reate a CloudWatch Logs subscription in an AWS Lambda function
View answer
Correct Answer: D
Question #28
A space exploration company receives telemetry data from multiple satellites. Small packets of data are received through Amazon API Gateway and are placed directly into an Amazon Simple Queue Service (Amazon SOS) standard queue. A custom application is subscribed to the queue and transforms the data into a standard format.Because of inconsistencies in the data that the satellites produce, the application is occasionally unable to transform the data. In these cases, the messages remain in the SQS queue. A De
A. reate AWS Trusted Advisor checks to find and remediate unapproved CloudFormation StackSets
B. reate a CloudFormation drift detection operation to find and remediate unapproved CloudFormation StackSets
C. reate CloudFormation StackSets with approved CloudFormation templates
D. reate AWS Service Catalog products with approved CloudFormation templates
View answer
Correct Answer: A
Question #29
To run an application, a DevOps engineer launches an Amazon EC2 instance with public IP addresses in a public subnet. A user data script obtains the application artifacts and installs them on the instances upon launch. A change to the security classification of the application now requires the instances to run with no access to the internet. While the instances launch successfully and show as healthy, the application does not seem to be installed.Which of the following should successfully install the applic
A. aunch the instances in a public subnet with Elastic IP addresses attached
B. et up a NAT gateway
C. ublish the application artifacts to an Amazon S3 bucket and create a VPC endpoint for S3
D. reate a security group for the application instances and allow only outbound traffic to the artifact repository
View answer
Correct Answer: C
Question #30
A company has a single AWS account that runs hundreds of Amazon EC2 instances in a single AWS Region. New EC2 instances are launched and terminated each hour in the account. The account also includes existing EC2 instances that have been running for longer than a week.The company's security policy requires all running EC2 instances to use an EC2 instance profile. If an EC2 instance does not have an instance profile attached, the EC2 instance must use a default instance profile that has no IAM permissions as
A. onfigure an Amazon EventBridge rule that reacts to EC2 RunInstances API calls
B. onfigure the ec2-instance-profile-attached AWS Config managed rule with a trigger type of configuration changes
C. onfigure an Amazon EventBridge rule that reacts to EC2 StartInstances API calls
D. onfigure the iam-role-managed-policy-check AWS Config managed rule with a trigger type of configuration changes
View answer
Correct Answer: B
Question #31
A company is adopting AWS CodeDeploy to automate its application deployments for a Java-Apache Tomcat application with an Apache webserver. The development team started with a proof of concept, created a deployment group for a developer environment, and performed functional tests within the application After completion, the team will create additional deployment groups for staging and production. The current log level is configured within the Apache settings, but the team wants to change this configuration
A. ag the Amazon EC2 instances depending on the deployment group
B. reate a script that uses the CodeDeploy environment variable DEPLOYMENT_GROUP_NAME to identify which deployment group the instance is part of
C. reate a CodeDeploy custom environment variable for each environment
D. reate a script that uses the CodeDeploy environment variable DEPLOYMENT_GROUP_ID to identify which deployment group the instance is part of to configure the log level settings
View answer
Correct Answer: B
Question #32
A DevOps engineer needs to apply a core set of security controls to an existing set of AWS accounts. The accounts are in an organization in AWS Organizations. Individual teams will administer individual accounts by using the AdministratorAccess AWS managed policy. For all accounts, AWS CloudTrail and AWS Config must be turned on in all available AWS Regions. Individual account administrators must not be able to edit or delete any of the baseline resources. However, individual account administrators must be
A. se AWS CDK to deploy API Gateway and Lambda functions
B. se AWS CloudFormation to deploy API Gateway and Lambda functions using Lambda function versions
C. se AWS Elastic Beanstalk to deploy API Gateway and Lambda functions
D. se AWS OpsWorks to deploy API Gateway in the service layer and Lambda functions in a custom layer
View answer
Correct Answer: C
Question #33
A DevOps engineer is building a continuous deployment pipeline for a serverless application that uses AWS Lambda functions. The company wants to reduce the customer impact of an unsuccessful deployment. The company also wants to monitor for issues.Which deploy stage configuration will meet these requirements?
A. se an AWS Serverless Application Model (AWS SAM) template to define the serverless application
B. se AWS CloudFormation to publish a new stack update, and include Amazon CloudWatch alarms on all resources
C. se AWS CloudFormation to publish a new version on every stack update, and include Amazon CloudWatch alarms on all resources
D. se AWS CodeBuild to add sample event payloads for testing to the Lambda functions
View answer
Correct Answer: A
Question #34
A company's DevOps engineer uses AWS Systems Manager to perform maintenance tasks during maintenance windows. The company has a few Amazon EC2 instances that require a restart after notifications from AWS Health. The DevOps engineer needs to implement an automated solution to remediate these notifications. The DevOps engineer creates an Amazon EventBridge rule.How should the DevOps engineer configure the EventBridge rule to meet these requirements?
A. onfigure an event source of AWS Health, a service of EC2
B. onfigure an event source of Systems Manager and an event type that indicates a maintenance window
C. onfigure an event source of AWS Health, a service of EC2, and an event type that indicates instance maintenance
D. onfigure an event source of EC2 and an event type that indicates instance maintenance
View answer
Correct Answer: A
Question #35
A company is implementing a well-architected design for its globally accessible API stack. The design needs to ensure both high reliability and fast response times for users located in North America and Europe.The API stack contains the following three tiers: •Amazon API Gateway•AWS Lambda •Amazon DynamoDBWhich solution will meet the requirements?
A. onfigure Amazon Route 53 to point to API Gateway APIs in North America and Europe using health checks
B. onfigure Amazon Route 53 to point to API Gateway APIs in North America and Europe using latency- based routing and health checks
C. onfigure Amazon Route 53 to point to API Gateway in North America, create a disaster recovery API in Europe, and configure both APIs to forward requests to the Lambda functions in that Region
D. onfigure Amazon Route 53 to point to API Gateway API in North America using latency-based routing
View answer
Correct Answer: B
Question #36
A DevOps engineer is creating an AWS CloudFormation template to deploy a web service. The web service will run on Amazon EC2 instances in a private subnet behind an Application Load Balancer (ALB). The DevOps engineer must ensure that the service can accept requests from clients that have IPv6 addresses.What should the DevOps engineer do with the CloudFormation template so that IPv6 clients can access the web service?
A. dd an IPv6 CIDR block to the VPC and the private subnet for the EC2 instances
B. ssign each EC2 instance an IPv6 Elastic IP address
C. eplace the ALB with a Network Load Balancer (NLB)
D. dd an IPv6 CIDR block to the VPC and subnets for the ALB
View answer
Correct Answer: B
Question #37
A DevOps engineer needs to apply a core set of security controls to an existing set of AWS accounts. The accounts are in an organization in AWS Organizations. Individual teams will administer individual accounts by using the AdministratorAccess AWS managed policy. For all accounts, AWS CloudTrail and AWS Config must be turned on in all available AWS Regions. Individual account administrators must not be able to edit or delete any of the baseline resources. However, individual account administrators must be
A. se AWS CDK to deploy API Gateway and Lambda functions
B. se AWS CloudFormation to deploy API Gateway and Lambda functions using Lambda function versions
C. se AWS Elastic Beanstalk to deploy API Gateway and Lambda functions
D. se AWS OpsWorks to deploy API Gateway in the service layer and Lambda functions in a custom layer
View answer
Correct Answer: C
Question #38
A company that uses electronic health records is running a fleet of Amazon EC2 instances with an Amazon Linux operating system. As part of patient privacy requirements, the company must ensure continuous compliance for patches for operating system and applications running on the EC2 instances.How can the deployments of the operating system and application patches be automated using a default and custom repository?
A. se AWS Systems Manager to create a new patch baseline including the custom repository
B. se AWS Direct Connect to integrate the corporate repository and deploy the patches using Amazon CloudWatch scheduled events, then use the CloudWatch dashboard to create reports
C. se yum-config-manager to add the custom repository under /etc/yum
D. se AWS Systems Manager to create a new patch baseline including the corporate repository
View answer
Correct Answer: A
Question #39
A company has a mission-critical application on AWS that uses automatic scaling The company wants the deployment lilecycle to meet the following parameters.* The application must be deployed one instance at a time to ensure the remaining fleet continues to serve traffic* The application is CPU intensive and must be closely monitored* The deployment must automatically roll back if the CPU utilization of the deployment instance exceeds 85%.Which solution will meet these requirements?
A. se AWS CloudFormalion to create an AWS Step Functions state machine and Auto Scaling hfecycle hooks to move to one instance at a time into a wait state Use AWS Systems Manager automation to deploy the update to each instance and move it back into the Auto Scaling group using the heartbeat timeout
B. se AWS CodeDeploy with Amazon EC2 Auto Scaling
C. se AWS Elastic Beanstalk for load balancing and AWS Auto Scaling Configure an alarm tied to the CPU utilization metric Configure rolling deployments with a fixed batch size of one instance Enable enhanced health to monitor the status of the deployment and roll back based on the alarm previously created
D. se AWS Systems Manager to perform a blue/green deployment with Amazon EC2 Auto Scaling Configure an alarm tied to the CPU utilization metric Deploy updates one at a time Configure automatic rollbacks within the Auto Scaling group to roll back the deployment if the alarm thresholds are breached
View answer
Correct Answer: B
Question #40
A company has an organization in AWS Organizations. The organization includes workload accounts that contain enterprise applications. The company centrally manages users from an operations account. No users can be created in the workload accounts. The company recently added an operations team and must provide the operations team members with administrator access to each workload account.Which combination of actions will provide this access? (Choose three.)
A. esignate an account to be the delegated Amazon GuardDuty administrator account
B. reate an AWS CloudFormation template that creates an SNS topic and subscribes the SecOps team’s email address to the SNS topic
C. urn on AWS Config across the organization
D. urn on Amazon Inspector across the organization
View answer
Correct Answer: ABE
Question #41
A company's developers use Amazon EC2 instances as remote workstations. The company is concerned that users can create or modify EC2 security groups to allow unrestricted inbound access.A DevOps engineer needs to develop a solution to detect when users create unrestricted security group rules. The solution must detect changes to security group rules in near real time, remove unrestricted rules, and send email notifications to the security team. The DevOps engineer has created an AWS Lambda function that che
A. onfigure the Lambda function to be invoked by the SNS topic
B. reate an Amazon EventBridge scheduled rule to invoke the Lambda function
C. reate an Amazon EventBridge event rule that has the default event bus as the source
D. reate an Amazon EventBridge custom event bus that subscribes to events from all AWS services
View answer
Correct Answer: C
Question #42
A company’s application development team uses Linux-based Amazon EC2 instances as bastion hosts. Inbound SSH access to the bastion hosts is restricted to specific IP addresses, as defined in the associated security groups. The company’s security team wants to receive a notification if the security group rules are modified to allow SSH access from any IP address.What should a DevOps engineer do to meet this requirement?
A. reate an Amazon EventBridge (Amazon CloudWatch Events) rule with a source of aws
B. nable Amazon GuardDuty and check the findings for security group in AWS Security Hub
C. reate an AWS Config rule by using the restricted-ssh managed rule to check whether security groups disallow unrestricted incoming SSH traffic
D. nable Amazon Inspector
View answer
Correct Answer: C
Question #43
A company has an on-premises application that is written in Go. A DevOps engineer must move the application to AWS. The company's development team wants to enable blue/green deployments and perform A/B testing.Which solution will meet these requirements?
A. eploy the application on an Amazon EC2 instance, and create an AMI of the instance
B. se Amazon Lightsail to deploy the application
C. se AWS CodeArtifact to store the application code
D. se AWS Elastic Beanstalk to host the application
View answer
Correct Answer: D
Question #44
A company requires its developers to tag all Amazon Elastic Block Store (Amazon EBS) volumes in an account to indicate a desired backup frequency. This requirement Includes EBS volumes that do not require backups. The company uses custom tags named Backup_Frequency that have values of none, dally, or weekly that correspond to the desired backup frequency. An audit finds that developers are occasionally not tagging the EBS volumes.A DevOps engineer needs to ensure that all EBS volumes always have the Backup_
A. et up AWS Config in the account
B. et up AWS Config in the account
C. urn on AWS CloudTrail in the account
D. urn on AWS CloudTrail in the account
View answer
Correct Answer: B
Question #45
A company requires its developers to tag all Amazon Elastic Block Store (Amazon EBS) volumes in an account to indicate a desired backup frequency. This requirement Includes EBS volumes that do not require backups. The company uses custom tags named Backup_Frequency that have values of none, dally, or weekly that correspond to the desired backup frequency. An audit finds that developers are occasionally not tagging the EBS volumes.A DevOps engineer needs to ensure that all EBS volumes always have the Backup_
A. et up AWS Config in the account
B. et up AWS Config in the account
C. urn on AWS CloudTrail in the account
D. urn on AWS CloudTrail in the account
View answer
Correct Answer: B
Question #46
A company uses AWS Organizations to manage multiple accounts. Information security policies require that all unencrypted Amazon EBS volumes be marked as non-compliant. A DevOps engineer needs to automatically deploy the solution and ensure that this compliance check is always present.With solution will accomplish this?
A. reate an AWS CloudFormation template that defines an AWS Inspector rule to check whether EBS encryption is enabled
B. reate an AWS Config organizational rule to check whether EBS encryption is enabled and deploy the rule using the AWS CLI
C. reate an SCP in Organizations
D. eploy an IAM role to all accounts from a single trusted account
View answer
Correct Answer: B
Question #47
A company is using AWS CodePipeline to automate its release pipeline. AWS CodeDeploy is being used in the pipeline to deploy an application to Amazon ECS using the blue/green deployment model. The company wants to implement scripts to test the green version of the application before shifting traffic. These scripts will complete in 5 minutes or less. If errors are discovered during these tests, the application must be rolled back.Which strategy will meet these requirements?
A. dd a stage to the CodePipeline pipeline between the source and deploy stages
B. dd a stage to the CodePipeline pipeline between the source and deploy stages
C. dd a hooks section to the CodeDeploy AppSpec file
D. dd a hooks section to the CodeDeploy AppSpec file
View answer
Correct Answer: C
Question #48
A rapidly growing company wants to scale for Developer demand for AWS development environments. Development environments are created manually in the AWS Management Console. The Networking team uses AWS CloudFormation to manage the networking infrastructure, exporting stack output values for the Amazon VPC and all subnets. The development environments have common standards, such as Application Load Balancers, Amazon EC2 Auto Scaling groups, security groups, and Amazon DynamoDB tables.To keep up with the dema
A. se Fn:ImportValue intrinsic functions in the Resources section of the template to retrieve Virtual Private Cloud (VPC) and subnet values
B. se nested stacks to define common infrastructure components
C. se nested stacks to define common infrastructure components
D. se Fn:ImportValue intrinsic functions in the Parameters section of the master template to retrieve Virtual Private Cloud (VPC) and subnet values
View answer
Correct Answer: C
Question #49
A development team wants to use AWS CloudFormation stacks to deploy an application. However, the developer IAM role does not have the required permissions to provision the resources that are specified in the AWS CloudFormation template. A DevOps engineer needs to implement a solution that allows the developers to deploy the stacks. The solution must follow the principle of least privilege.Which solution will meet these requirements?
A. reate an IAM policy that allows the developers to provision the required resources
B. reate an IAM policy that allows full access to AWS CloudFormation
C. reate an AWS CloudFormation service role that has the required permissions
D. reate an AWS CloudFormation service role that has the required permissions
View answer
Correct Answer: B
Question #50
A DevOps Engineer manages a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an EC2 Auto Scaling group across multiple Availability Zones. The engineer needs to implement a deployment strategy that:•Launches a second fleet of instances with the same capacity as the original fleet.•Maintains the original fleet unchanged while the second fleet is launched.•Transitions traffic to the second fleet when the second fleet is fully deployed.•Terminate
A. ctivate S3 server access logging
B. ctivate S3 server access logging
C. nvoke an AWS Lambda function for every S3 object access event
D. ecord an Amazon CloudWatch Logs log message for every S3 object access event
View answer
Correct Answer: C
Question #51
A company uses AWS Organizations and AWS Control Tower to manage all the company's AWS accounts. The company uses the Enterprise Support plan.A DevOps engineer is using Account Factory for Terraform (AFT) to provision new accounts. When new accounts are provisioned, the DevOps engineer notices that the support plan for the new accounts is set to the Basic Support plan. The DevOps engineer needs to implement a solution to provision the new accounts with the Enterprise Support plan.Which solution will meet th
A. se an AWS Config conformance pack to deploy the account-part-of-organizations AWS Config rule and to automatically remediate any noncompliant accounts
B. reate an AWS Lambda function to create a ticket for AWS Support to add the account to the Enterprise Support plan
C. dd an additional value to the control_tower_parameters input to set the AWSEnterpriseSupport parameter as the organization's management account number
D. et the aft_feature_enterprise_support feature flag to True in the AFT deployment input configuration
View answer
Correct Answer: D
Question #52
A company has enabled all features for its organization in AWS Organizations. The organization contains 10 AWS accounts. The company has turned on AWS CloudTrail in all the accounts. The company expects the number of AWS accounts in the organization to increase to 500 during the next year. The company plans to use multiple OUs for these accounts.The company has enabled AWS Config in each existing AWS account in the organization. A DevOps engineer must implement a solution that enables AWS Config automatical
A. n the organization's management account, create an Amazon EventBridge rule that reacts to a CreateAccount API call
B. n the organization's management account, create an AWS CloudFormation stack set to enable AWS Config
C. n the organization's management account, create an SCP that allows the appropriate AWS Config API calls to enable AWS Config
D. n the organization's management account, create an Amazon EventBridge rule that reacts to a CreateAccount API call
View answer
Correct Answer: B

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: