DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Pass the AWS Exam Easily with Updated DOP-C02 Practice Questions

Prepare effectively for the SPOTO AWS DOP-C02 exam with our comprehensive collection of exam questions and answers tailored for success. Our test questions cover essential topics for AWS Certified DevOps Engineer - Professional certification, ensuring thorough preparation and confidence during the exam. Access our extensive library of test questions, exam resources, and study materials designed to enhance your understanding of provisioning, operating, and managing distributed application systems on the AWS platform. Our focus is on providing you with the tools and knowledge needed to pass successfully, demonstrating your technical expertise to peers, stakeholders, and customers. Utilize our professional mock exams to simulate the exam environment, identify areas for improvement, and refine your exam strategy. With SPOTO's AWS DOP-C02 exam preparation content, you'll be well-equipped to excel and achieve your certification goals in AWS Certified DevOps Engineer - Professional.
Take other online exams

Question #1
A company wants to use AWS development tools to replace its current bash deployment scripts. The company currently deploys a LAMP application to a group of Amazon EC2 instances behind an Application Load Balancer (ALB). During the deployments, the company unit tests the committed application, stops and starts services, unregisters and re-registers instances with the load balancer, and updates file permissions. The company wants to maintain the same deployment functionality through the shift to using AWS ser
A. se AWS CodeBuild to test the application
B. se AWS CodePipeline to move the application from the AWS CodeCommit repository to AWS CodeDeploy
C. se AWS CodePipeline to move the application source code from the AWS CodeCommit repository to AWS CodeDeploy
D. se AWS CodePipeline to trigger AWS CodeBuild to test the application
View answer
Correct Answer: D
Question #2
An online retail company based in the United States plans to expand its operations to Europe and Asia in the next six months. Its product currently runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. All data is stored in an Amazon Aurora database instance.When the product is deployed in multiple regions, the company wants a single product catalog across all regions, but for compliance purposes, its custo
A. se Amazon Redshift for the product catalog and Amazon DynamoDB tables for the customer information and purchases
B. se Amazon DynamoDB global tables for the product catalog and regional tables for the customer information and purchases
C. se Aurora with read replicas for the product catalog and additional local Aurora instances in each region for the customer information and purchases
D. se Aurora for the product catalog and Amazon DynamoDB global tables for the customer information and purchases
View answer
Correct Answer: C
Question #3
A development team uses AWS CodeCommit for version control for applications. The development team uses AWS CodePipeline, AWS CodeBuild. and AWS CodeDeploy for CI/CD infrastructure. In CodeCommit, the development team recently merged pull requests that did not pass long-running tests in the code base. The development team needed to perform rollbacks to branches in the codebase, resulting in lost time and wasted effort.A DevOps engineer must automate testing of pull requests in CodeCommit to ensure that revie
A. reate a log group in Amazon CloudWatch Logs
B. reate an Amazon S3 bucket for log files
C. reate an Amazon S3 bucket for log files
D. reate a log group in Amazon CloudWatch Logs
View answer
Correct Answer: D
Question #4
A company has multiple accounts in an organization in AWS Organizations. The company's SecOps team needs to receive an Amazon Simple Notification Service (Amazon SNS) notification if any account in the organization turns off the Block Public Access feature on an Amazon S3 bucket. A DevOps engineer must implement this change without affecting the operation of any AWS accounts. The implementation must ensure that individual member accounts in the organization cannot turn off the notification.Which solution wi
A. nable Amazon CloudWatch Logs to log the EKS components
B. nable Amazon CloudWatch Logs to log the EKS components
C. nable Amazon S3 logging for the EKS components
D. nable Amazon S3 logging for the EKS components
View answer
Correct Answer: B
Question #5
A rapidly growing company wants to scale for Developer demand for AWS development environments. Development environments are created manually in the AWS Management Console. The Networking team uses AWS CloudFormation to manage the networking infrastructure, exporting stack output values for the Amazon VPC and all subnets. The development environments have common standards, such as Application Load Balancers, Amazon EC2 Auto Scaling groups, security groups, and Amazon DynamoDB tables.To keep up with the dema
A. se Fn:ImportValue intrinsic functions in the Resources section of the template to retrieve Virtual Private Cloud (VPC) and subnet values
B. se nested stacks to define common infrastructure components
C. se nested stacks to define common infrastructure components
D. se Fn:ImportValue intrinsic functions in the Parameters section of the master template to retrieve Virtual Private Cloud (VPC) and subnet values
View answer
Correct Answer: C
Question #6
A company’s application development team uses Linux-based Amazon EC2 instances as bastion hosts. Inbound SSH access to the bastion hosts is restricted to specific IP addresses, as defined in the associated security groups. The company’s security team wants to receive a notification if the security group rules are modified to allow SSH access from any IP address.What should a DevOps engineer do to meet this requirement?
A. reate an Amazon EventBridge (Amazon CloudWatch Events) rule with a source of aws
B. nable Amazon GuardDuty and check the findings for security group in AWS Security Hub
C. reate an AWS Config rule by using the restricted-ssh managed rule to check whether security groups disallow unrestricted incoming SSH traffic
D. nable Amazon Inspector
View answer
Correct Answer: C
Question #7
A developer is maintaining a fleet of 50 Amazon EC2 Linux servers. The servers are part of an Amazon EC2 Auto Scaling group, and also use Elastic Load Balancing for load balancing.Occasionally, some application servers are being terminated after failing ELB HTTP health checks. The developer would like to perform a root cause analysis on the issue, but before being able to access application logs, the server is terminated.How can log collection be automated?
A. se Auto Scaling lifecycle hooks to put instances in a Pending:Wait state
B. se Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state
C. se Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state
D. se Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state
View answer
Correct Answer: D
Question #8
A company has containerized all of its in-house quality control applications. The company is running Jenkins on Amazon EC2 instances, which require patching and upgrading. The compliance officer has requested a DevOps engineer begin encrypting build artifacts since they contain company intellectual property.What should the DevOps engineer do to accomplish this in the MOST maintainable manner?
A. utomate patching and upgrading using AWS Systems Manager on EC2 instances and encrypt Amazon EBS volumes by default
B. eploy Jenkins to an Amazon ECS cluster and copy build artifacts to an Amazon S3 bucket with default encryption enabled
C. everage AWS CodePipeline with a build action and encrypt the artifacts using AWS Secrets Manager
D. se AWS CodeBuild with artifact encryption to replace the Jenkins instance running on EC2 instances
View answer
Correct Answer: D
Question #9
A company runs an application with an Amazon EC2 and on-premises configuration. A DevOps Engineer needs to standardize patching across both environments. Company policy dictates that patching only happens during non-business hours.Which combination of actions will meet these requirements? (Choose three.)
A. se AWS Service Catalog with AWS Control Tower
B. eploy CloudFormation stack sets by using the required templates
C. reate an Amazon EventBridge rule to detect the CreateManagedAccount event
D. eploy the Customizations for AWS Control Tower (CfCT) solution
View answer
Correct Answer: ABF
Question #10
A company hosts its staging website using an Amazon EC2 instance backed with Amazon EBS storage. The company wants to recover quickly with minimal data losses in the event of network connectivity issues or power failures on the EC2 instance.Which solution will meet these requirements?
A. dd the instance to an EC2 Auto Scaling group with the minimum, maximum, and desired capacity set to 1
B. dd the instance to an EC2 Auto Scaling group with a lifecycle hook to detach the EBS volume when the EC2 instance shuts down or terminates
C. reate an Amazon CloudWatch alarm for the StatusCheckFailed_System metric and select the EC2 action to recover the instance
D. reate an Amazon CloudWatch alarm for the StatusCheckFailed_Instance metric and select the EC2 action to reboot the instance
View answer
Correct Answer: A
Question #11
A company has enabled all features for its organization in AWS Organizations. The organization contains 10 AWS accounts. The company has turned on AWS CloudTrail in all the accounts. The company expects the number of AWS accounts in the organization to increase to 500 during the next year. The company plans to use multiple OUs for these accounts.The company has enabled AWS Config in each existing AWS account in the organization. A DevOps engineer must implement a solution that enables AWS Config automatical
A. n the organization's management account, create an Amazon EventBridge rule that reacts to a CreateAccount API call
B. n the organization's management account, create an AWS CloudFormation stack set to enable AWS Config
C. n the organization's management account, create an SCP that allows the appropriate AWS Config API calls to enable AWS Config
D. n the organization's management account, create an Amazon EventBridge rule that reacts to a CreateAccount API call
View answer
Correct Answer: B
Question #12
A company has a mobile application that makes HTTP API calls to an Application Load Balancer (ALB). The ALB routes requests to an AWS Lambda function. Many different versions of the application are in use at any given time, including versions that are in testing by a subset of users. The version of the application is defined in the user-agent header that is sent with all requests to the API.After a series of recent changes to the API, the company has observed issues with the application. The company needs t
A. odify the Lambda function to write the API operation name, response code, and version number as a log line to an Amazon CloudWatch Logs log group
B. odify the Lambda function to write the API operation name, response code, and version number as a log line to an Amazon CloudWatch Logs log group
C. onfigure the ALB access logs to write to an Amazon CloudWatch Logs log group
D. onfigure AWS X-Ray integration on the Lambda function
View answer
Correct Answer: B
Question #13
A production account has a requirement that any Amazon EC2 instance that has been logged in to manually must be terminated within 24 hours. All applications in the production account are using Auto Scaling groups with the Amazon CloudWatch Logs agent configured.How can this process be automated?
A. reate a CloudWatch Logs subscription to an AWS Step Functions application
B. reate an Amazon CloudWatch alarm that will be invoked by the login event
C. reate an Amazon CloudWatch alarm that will be invoked by the login event
D. reate a CloudWatch Logs subscription in an AWS Lambda function
View answer
Correct Answer: D
Question #14
A development team is using AWS CodeCommit to version control application code and AWS CodePipeline to orchestrate software deployments. The team has decided to use a remote main branch as the trigger for the pipeline to integrate code changes. A developer has pushed code changes to the CodeCommit repository, but noticed that the pipeline had no reaction, even after 10 minutes.Which of the following actions should be taken to troubleshoot this issue?
A. heck that an Amazon EventBridge rule has been created for the main branch to trigger the pipeline
B. heck that the CodePipeline service role has permission to access the CodeCommit repository
C. heck that the developer’s IAM role has permission to push to the CodeCommit repository
D. heck to see if the pipeline failed to start because of CodeCommit errors in Amazon CloudWatch Logs
View answer
Correct Answer: A
Question #15
A DevOps team manages an API running on-premises that serves as a backend for an Amazon API Gateway endpoint. Customers have been complaining about high response latencies, which the development team has verified using the API Gateway latency metrics in Amazon CloudWatch. To identify the cause, the team needs to collect relevant data without introducing additional latency.Which actions should be taken to accomplish this? (Choose two.)
A. onfigure a latency-based Amazon Route 53 CNAME with health checks so it points to both the primary and replica endpoints
B. reate an Aurora custom endpoint to point to the primary database instance
C. reate an AWS Lambda function to modify the application’s AWS Cloud Formation template to promote the replica, apply the template to update the stack, and point the application to the newly promoted instance
D. tore the Aurora endpoint in AWS Systems Manager Parameter Store
View answer
Correct Answer: AC
Question #16
A company has an AWS CodePipeline pipeline that is configured with an Amazon S3 bucket in the eu-west-1 Region. The pipeline deploys an AWS Lambda application to the same Region. The pipeline consists of an AWS CodeBuild project build action and an AWS CloudFormation deploy action.The CodeBuild project uses the aws cloudformation package AWS CLI command to build an artifact that contains the Lambda function code’s .zip file and the CloudFormation template. The CloudFormation deploy action references the Clo
A. reate an Amazon CloudWatch alarm for the StatusCheckFailed metric
B. onfigure AWS OpsWorks, and use the auto healing feature to stop and start the instance
C. se EC2 Auto Recovery to automatically stop and start the instance in case of a failure
D. se AWS CloudFormation to create an EC2 instance that includes the UserData property for the EC2 resource
View answer
Correct Answer: AB
Question #17
A company uses AWS Key Management Service (AWS KMS) keys and manual key rotation to meet regulatory compliance requirements. The security team wants to be notified when any keys have not been rotated after 90 days.Which solution will accomplish this?
A. onfigure AWS KMS to publish to an Amazon Simple Notification Service (Amazon SNS) topic when keys are more than 90 days old
B. onfigure an Amazon EventBridge event to launch an AWS Lambda function to call the AWS Trusted Advisor API and publish to an Amazon Simple Notification Service (Amazon SNS) topic
C. evelop an AWS Config custom rule that publishes to an Amazon Simple Notification Service (Amazon SNS) topic when keys are more than 90 days old
D. onfigure AWS Security Hub to publish to an Amazon Simple Notification Service (Amazon SNS) topic when keys are more than 90 days old
View answer
Correct Answer: C
Question #18
A DevOps Engineer manages a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an EC2 Auto Scaling group across multiple Availability Zones. The engineer needs to implement a deployment strategy that:•Launches a second fleet of instances with the same capacity as the original fleet.•Maintains the original fleet unchanged while the second fleet is launched.•Transitions traffic to the second fleet when the second fleet is fully deployed.•Terminate
A. ctivate S3 server access logging
B. ctivate S3 server access logging
C. nvoke an AWS Lambda function for every S3 object access event
D. ecord an Amazon CloudWatch Logs log message for every S3 object access event
View answer
Correct Answer: C
Question #19
A company wants to use AWS development tools to replace its current bash deployment scripts. The company currently deploys a LAMP application to a group of Amazon EC2 instances behind an Application Load Balancer (ALB). During the deployments, the company unit tests the committed application, stops and starts services, unregisters and re-registers instances with the load balancer, and updates file permissions. The company wants to maintain the same deployment functionality through the shift to using AWS ser
A. se AWS CodeBuild to test the application
B. se AWS CodePipeline to move the application from the AWS CodeCommit repository to AWS CodeDeploy
C. se AWS CodePipeline to move the application source code from the AWS CodeCommit repository to AWS CodeDeploy
D. se AWS CodePipeline to trigger AWS CodeBuild to test the application
View answer
Correct Answer: D
Question #20
A company is performing vulnerability scanning for all Amazon EC2 instances across many accounts. The accounts are in an organization in AWS Organizations. Each account's VPCs are attached to a shared transit gateway. The VPCs send traffic to the internet through a central egress VPC. The company has enabled Amazon Inspector in a delegated administrator account and has enabled scanning for all member accounts.A DevOps engineer discovers that some EC2 instances are listed in the "not scanning" tab in Amazon
A. reate an Amazon EventBridge rule that reacts to the pullRequestStatusChanged event
B. reate an Amazon EventBridge rule that reacts to the pullRequestCreated event
C. reate an Amazon EventBridge rule that reacts to pullRequestCreated and pullRequestSourceBranchUpdated events
D. reate an Amazon EventBridge rule that reacts to the pullRequestStatusChanged event
View answer
Correct Answer: ABC
Question #21
A security review has identified that an AWS CodeBuild project is downloading a database population script from an Amazon S3 bucket using an unauthenticated request. The security team does not allow unauthenticated requests to S3 buckets for this project.How can this issue be corrected in the MOST secure manner?
A. dd the bucket name to the AllowedBuckets section of the CodeBuild project settings
B. odify the S3 bucket settings to enable HTTPS basic authentication and specify a token
C. emove unauthenticated access from the S3 bucket with a bucket policy
D. emove unauthenticated access from the S3 bucket with a bucket policy
View answer
Correct Answer: C
Question #22
A company uses AWS Organizations and AWS Control Tower to manage all the company's AWS accounts. The company uses the Enterprise Support plan.A DevOps engineer is using Account Factory for Terraform (AFT) to provision new accounts. When new accounts are provisioned, the DevOps engineer notices that the support plan for the new accounts is set to the Basic Support plan. The DevOps engineer needs to implement a solution to provision the new accounts with the Enterprise Support plan.Which solution will meet th
A. se an AWS Config conformance pack to deploy the account-part-of-organizations AWS Config rule and to automatically remediate any noncompliant accounts
B. reate an AWS Lambda function to create a ticket for AWS Support to add the account to the Enterprise Support plan
C. dd an additional value to the control_tower_parameters input to set the AWSEnterpriseSupport parameter as the organization's management account number
D. et the aft_feature_enterprise_support feature flag to True in the AFT deployment input configuration
View answer
Correct Answer: D
Question #23
A company is using AWS CodePipeline to automate its release pipeline. AWS CodeDeploy is being used in the pipeline to deploy an application to Amazon ECS using the blue/green deployment model. The company wants to implement scripts to test the green version of the application before shifting traffic. These scripts will complete in 5 minutes or less. If errors are discovered during these tests, the application must be rolled back.Which strategy will meet these requirements?
A. dd a stage to the CodePipeline pipeline between the source and deploy stages
B. dd a stage to the CodePipeline pipeline between the source and deploy stages
C. dd a hooks section to the CodeDeploy AppSpec file
D. dd a hooks section to the CodeDeploy AppSpec file
View answer
Correct Answer: C
Question #24
A DevOps engineer is building a multistage pipeline with AWS CodePipeline to build, verify, stage, test, and deploy an application. A manual approval stage is required between the test stage and the deploy stage. The development team uses a custom chat tool with webhook support that requires near-real-time notifications.How should the DevOps engineer configure status updates for pipeline activity and approval requests to post to the chat tool?
A. reate an Amazon CloudWatch Logs subscription that filters on CodePipeline Pipeline Execution State Change
B. reate an AWS Lambda function that is invoked by AWS CloudTrail events
C. reate an Amazon EventBridge (Amazon CloudWatch Events) rule that filters on CodePipeline Pipeline Execution State Change
D. odify the pipeline code to send the event details to the chat webhook URL at the end of each stage
View answer
Correct Answer: C
Question #25
A company has an on-premises application that is written in Go. A DevOps engineer must move the application to AWS. The company's development team wants to enable blue/green deployments and perform A/B testing.Which solution will meet these requirements?
A. eploy the application on an Amazon EC2 instance, and create an AMI of the instance
B. se Amazon Lightsail to deploy the application
C. se AWS CodeArtifact to store the application code
D. se AWS Elastic Beanstalk to host the application
View answer
Correct Answer: D
Question #26
A company uses AWS Storage Gateway in file gateway mode in front of an Amazon S3 bucket that is used by multiple resources. In the morning when business begins, users do not see the objects processed by a third party the previous evening. When a DevOps engineer looks directly at the S3 bucket, the data is there, but it is missing in Storage Gateway.Which solution ensures that all the updated third-party files are available in the morning?
A. onfigure a nightly Amazon EventBridge (Amazon CloudWatch Events) event to trigger an AWS Lambda function to run the RefreshCache command for Storage Gateway
B. nstruct the third party to put data into the S3 bucket using AWS Transfer for SFTP
C. odify Storage Gateway to run in volume gateway mode
D. se S3 same-Region replication to replicate any changes made directly in the S3 bucket to Storage Gateway
View answer
Correct Answer: A
Question #27
A company is using an Amazon Aurora cluster as the data store for its application. The Aurora cluster is configured with a single DB instance. The application performs read and write operations on the database by using the cluster's instance endpoint.The company has scheduled an update to be applied to the cluster during an upcoming maintenance window. The cluster must remain available with the least possible interruption during the maintenance window.What should a DevOps engineer do to meet these requireme
A. dd a reader instance to the Aurora cluster
B. dd a reader instance to the Aurora cluster
C. urn on the Multi-AZ option on the Aurora cluster
D. urn on the Multi-AZ option on the Aurora cluster
View answer
Correct Answer: C
Question #28
A company is hosting a web application in an AWS Region. For disaster recovery purposes, a second region is being used as a standby. Disaster recovery requirements state that session data must be replicated between regions in near-real time and 1% of requests should route to the secondary region to continuously verify system functionality. Additionally, if there is a disruption in service in the main region, traffic should be automatically routed to the secondary region, and the secondary region must be abl
A. n both regions, deploy the application on AWS Elastic Beanstalk and use Amazon DynamoDB global tables for session data
B. n both regions, launch the application in Auto Scaling groups and use DynamoDB for session data
C. n both regions, deploy the application in AWS Lambda, exposed by Amazon API Gateway, and use Amazon RDS PostgreSQL with cross-region replication for session data
D. n both regions, launch the application in Auto Scaling groups and use DynamoDB global tables for session data
View answer
Correct Answer: A
Question #29
An online retail company based in the United States plans to expand its operations to Europe and Asia in the next six months. Its product currently runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. All data is stored in an Amazon Aurora database instance.When the product is deployed in multiple regions, the company wants a single product catalog across all regions, but for compliance purposes, its custo
A. se Amazon Redshift for the product catalog and Amazon DynamoDB tables for the customer information and purchases
B. se Amazon DynamoDB global tables for the product catalog and regional tables for the customer information and purchases
C. se Aurora with read replicas for the product catalog and additional local Aurora instances in each region for the customer information and purchases
D. se Aurora for the product catalog and Amazon DynamoDB global tables for the customer information and purchases
View answer
Correct Answer: C
Question #30
A company runs an application on Amazon EC2 instances. The company uses a series of AWS CloudFormation stacks to define the application resources. A developer performs updates by building and testing the application on a laptop and then uploading the build output and CloudFormation stack templates to Amazon S3. The developer’s peers review the changes before the developer performs the CloudFormation stack update and installs a new version of the application onto the EC2 instances.The deployment process is p
A. se an AWS CloudFormation template with a retention policy for the ALB set to 1 hour
B. se two AWS Elastic Beanstalk environments to perform a blue/green deployment from the original environment to the new one
C. se AWS CodeDeploy with a deployment group configured with a blue/green deployment configuration
D. se AWS Elastic Beanstalk with the configuration set to Immutable
View answer
Correct Answer: BD
Question #31
An IT team has built an AWS CloudFormation template so others in the company can quickly and reliably deploy and terminate an application. The template creates an Amazon EC2 instance with a user data script to install the application and an Amazon S3 bucket that the application uses to serve static webpages while it is running.All resources should be removed when the CloudFormation stack is deleted. However, the team observes that CloudFormation reports an error during stack deletion, and the S3 bucket crea
A. dd a DeletionPolicy attribute to the S3 bucket resource, with the value Delete forcing the bucket to be removed when the stack is deleted
B. dd a custom resource with an AWS Lambda function with the DependsOn attribute specifying the S3 bucket, and an IAM role
C. dentify the resource that was not deleted
D. eplace the EC2 and S3 bucket resources with a single AWS OpsWorks Stacks resource
View answer
Correct Answer: B
Question #32
A DevOps engineer is building a multistage pipeline with AWS CodePipeline to build, verify, stage, test, and deploy an application. A manual approval stage is required between the test stage and the deploy stage. The development team uses a custom chat tool with webhook support that requires near-real-time notifications.How should the DevOps engineer configure status updates for pipeline activity and approval requests to post to the chat tool?
A. reate an Amazon CloudWatch Logs subscription that filters on CodePipeline Pipeline Execution State Change
B. reate an AWS Lambda function that is invoked by AWS CloudTrail events
C. reate an Amazon EventBridge (Amazon CloudWatch Events) rule that filters on CodePipeline Pipeline Execution State Change
D. odify the pipeline code to send the event details to the chat webhook URL at the end of each stage
View answer
Correct Answer: C
Question #33
A development team wants to use AWS CloudFormation stacks to deploy an application. However, the developer IAM role does not have the required permissions to provision the resources that are specified in the AWS CloudFormation template. A DevOps engineer needs to implement a solution that allows the developers to deploy the stacks. The solution must follow the principle of least privilege.Which solution will meet these requirements?
A. reate an IAM policy that allows the developers to provision the required resources
B. reate an IAM policy that allows full access to AWS CloudFormation
C. reate an AWS CloudFormation service role that has the required permissions
D. reate an AWS CloudFormation service role that has the required permissions
View answer
Correct Answer: B
Question #34
A company uses AWS Key Management Service (AWS KMS) keys and manual key rotation to meet regulatory compliance requirements. The security team wants to be notified when any keys have not been rotated after 90 days.Which solution will accomplish this?
A. onfigure AWS KMS to publish to an Amazon Simple Notification Service (Amazon SNS) topic when keys are more than 90 days old
B. onfigure an Amazon EventBridge event to launch an AWS Lambda function to call the AWS Trusted Advisor API and publish to an Amazon Simple Notification Service (Amazon SNS) topic
C. evelop an AWS Config custom rule that publishes to an Amazon Simple Notification Service (Amazon SNS) topic when keys are more than 90 days old
D. onfigure AWS Security Hub to publish to an Amazon Simple Notification Service (Amazon SNS) topic when keys are more than 90 days old
View answer
Correct Answer: C
Question #35
A company provides an application to customers. The application has an Amazon API Gateway REST API that invokes an AWS Lambda function. On initialization, the Lambda function loads a large amount of data from an Amazon DynamoDB table. The data load process results in long cold-start times of 8-10 seconds. The DynamoDB table has DynamoDB Accelerator (DAX) configured.Customers report that the application intermittently takes a long time to respond to requests. The application receives thousands of requests th
A. onfigure provisioned concurrency on the Lambda function with a concurrency value of 1
B. onfigure reserved concurrency on the Lambda function with a concurrency value of 0
C. onfigure provisioned concurrency on the Lambda function
D. onfigure reserved concurrency on the Lambda function
View answer
Correct Answer: C
Question #36
A company hosts a security auditing application in an AWS account. The auditing application uses an IAM role to access other AWS accounts. All the accounts are in the same organization in AWS Organizations.A recent security audit revealed that users in the audited AWS accounts could modify or delete the auditing application's IAM role. The company needs to prevent any modification to the auditing application's IAM role by any entity other than a trusted administrator IAM role.Which solution will meet these
A. reate an SCP that includes a Deny statement for changes to the auditing application's IAM role
B. reate an SCP that includes an Allow statement for changes to the auditing application's IAM role by the trusted administrator IAM role
C. reate an IAM permissions boundary that includes a Deny statement for changes to the auditing application's IAM role
D. reate an IAM permissions boundary that includes a Deny statement for changes to the auditing application’s IAM role
View answer
Correct Answer: C
Question #37
A company has an AWS CodePipeline pipeline that is configured with an Amazon S3 bucket in the eu-west-1 Region. The pipeline deploys an AWS Lambda application to the same Region. The pipeline consists of an AWS CodeBuild project build action and an AWS CloudFormation deploy action.The CodeBuild project uses the aws cloudformation package AWS CLI command to build an artifact that contains the Lambda function code’s .zip file and the CloudFormation template. The CloudFormation deploy action references the Clo
A. reate an Amazon CloudWatch alarm for the StatusCheckFailed metric
B. onfigure AWS OpsWorks, and use the auto healing feature to stop and start the instance
C. se EC2 Auto Recovery to automatically stop and start the instance in case of a failure
D. se AWS CloudFormation to create an EC2 instance that includes the UserData property for the EC2 resource
View answer
Correct Answer: AB
Question #38
A development team uses AWS CodeCommit for version control for applications. The development team uses AWS CodePipeline, AWS CodeBuild. and AWS CodeDeploy for CI/CD infrastructure. In CodeCommit, the development team recently merged pull requests that did not pass long-running tests in the code base. The development team needed to perform rollbacks to branches in the codebase, resulting in lost time and wasted effort.A DevOps engineer must automate testing of pull requests in CodeCommit to ensure that revie
A. reate a log group in Amazon CloudWatch Logs
B. reate an Amazon S3 bucket for log files
C. reate an Amazon S3 bucket for log files
D. reate a log group in Amazon CloudWatch Logs
View answer
Correct Answer: D
Question #39
A company uses AWS Storage Gateway in file gateway mode in front of an Amazon S3 bucket that is used by multiple resources. In the morning when business begins, users do not see the objects processed by a third party the previous evening. When a DevOps engineer looks directly at the S3 bucket, the data is there, but it is missing in Storage Gateway.Which solution ensures that all the updated third-party files are available in the morning?
A. onfigure a nightly Amazon EventBridge (Amazon CloudWatch Events) event to trigger an AWS Lambda function to run the RefreshCache command for Storage Gateway
B. nstruct the third party to put data into the S3 bucket using AWS Transfer for SFTP
C. odify Storage Gateway to run in volume gateway mode
D. se S3 same-Region replication to replicate any changes made directly in the S3 bucket to Storage Gateway
View answer
Correct Answer: A
Question #40
A company's application is currently deployed to a single AWS Region. Recently, the company opened a new office on a different continent. The users in the new office are experiencing high latency. The company's application runs on Amazon EC2 instances behind an Application Load Balancer (ALB) and uses Amazon DynamoDB as the database layer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. A DevOps Engineer is tasked with minimizing application response times and improving av
A. reate an AWS CloudFormation template that defines the standard account resources
B. nable AWS Control Tower
C. esignate an AWS Config management account
D. reate an AWS CloudFormation template that defines the standard account resources
View answer
Correct Answer: CDF
Question #41
A developer is maintaining a fleet of 50 Amazon EC2 Linux servers. The servers are part of an Amazon EC2 Auto Scaling group, and also use Elastic Load Balancing for load balancing.Occasionally, some application servers are being terminated after failing ELB HTTP health checks. The developer would like to perform a root cause analysis on the issue, but before being able to access application logs, the server is terminated.How can log collection be automated?
A. se Auto Scaling lifecycle hooks to put instances in a Pending:Wait state
B. se Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state
C. se Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state
D. se Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state
View answer
Correct Answer: D
Question #42
A company has many applications. Different teams in the company developed the applications by using multiple languages and frameworks. The applications run on premises and on different servers with different operating systems. Each team has its own release protocol and process. The company wants to reduce the complexity of the release and maintenance of these applications.The company is migrating its technology stacks, including these applications, to AWS. The company wants centralized control of source cod
A. reate one AWS CodeCommit repository for all applications
B. reate one AWS CodeCommit repository for each of the applications Use AWS CodeBuild to build the applications one at a time
C. reate one AWS CodeCommit repository for each of the applications
D. reate one AWS CodeCommit repository for each of the applications
View answer
Correct Answer: D
Question #43
A company's application is currently deployed to a single AWS Region. Recently, the company opened a new office on a different continent. The users in the new office are experiencing high latency. The company's application runs on Amazon EC2 instances behind an Application Load Balancer (ALB) and uses Amazon DynamoDB as the database layer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. A DevOps Engineer is tasked with minimizing application response times and improving av
A. reate an AWS CloudFormation template that defines the standard account resources
B. nable AWS Control Tower
C. esignate an AWS Config management account
D. reate an AWS CloudFormation template that defines the standard account resources
View answer
Correct Answer: CDF
Question #44
A company requires its developers to tag all Amazon Elastic Block Store (Amazon EBS) volumes in an account to indicate a desired backup frequency. This requirement Includes EBS volumes that do not require backups. The company uses custom tags named Backup_Frequency that have values of none, dally, or weekly that correspond to the desired backup frequency. An audit finds that developers are occasionally not tagging the EBS volumes.A DevOps engineer needs to ensure that all EBS volumes always have the Backup_
A. et up AWS Config in the account
B. et up AWS Config in the account
C. urn on AWS CloudTrail in the account
D. urn on AWS CloudTrail in the account
View answer
Correct Answer: B
Question #45
A company that uses electronic health records is running a fleet of Amazon EC2 instances with an Amazon Linux operating system. As part of patient privacy requirements, the company must ensure continuous compliance for patches for operating system and applications running on the EC2 instances.How can the deployments of the operating system and application patches be automated using a default and custom repository?
A. se AWS Systems Manager to create a new patch baseline including the custom repository
B. se AWS Direct Connect to integrate the corporate repository and deploy the patches using Amazon CloudWatch scheduled events, then use the CloudWatch dashboard to create reports
C. se yum-config-manager to add the custom repository under /etc/yum
D. se AWS Systems Manager to create a new patch baseline including the corporate repository
View answer
Correct Answer: A
Question #46
A space exploration company receives telemetry data from multiple satellites. Small packets of data are received through Amazon API Gateway and are placed directly into an Amazon Simple Queue Service (Amazon SOS) standard queue. A custom application is subscribed to the queue and transforms the data into a standard format.Because of inconsistencies in the data that the satellites produce, the application is occasionally unable to transform the data. In these cases, the messages remain in the SQS queue. A De
A. reate AWS Trusted Advisor checks to find and remediate unapproved CloudFormation StackSets
B. reate a CloudFormation drift detection operation to find and remediate unapproved CloudFormation StackSets
C. reate CloudFormation StackSets with approved CloudFormation templates
D. reate AWS Service Catalog products with approved CloudFormation templates
View answer
Correct Answer: A
Question #47
An IT team has built an AWS CloudFormation template so others in the company can quickly and reliably deploy and terminate an application. The template creates an Amazon EC2 instance with a user data script to install the application and an Amazon S3 bucket that the application uses to serve static webpages while it is running.All resources should be removed when the CloudFormation stack is deleted. However, the team observes that CloudFormation reports an error during stack deletion, and the S3 bucket crea
A. dd a DeletionPolicy attribute to the S3 bucket resource, with the value Delete forcing the bucket to be removed when the stack is deleted
B. dd a custom resource with an AWS Lambda function with the DependsOn attribute specifying the S3 bucket, and an IAM role
C. dentify the resource that was not deleted
D. eplace the EC2 and S3 bucket resources with a single AWS OpsWorks Stacks resource
View answer
Correct Answer: B
Question #48
A company manages a multi-tenant environment in its VPC and has configured Amazon GuardDuty for the corresponding AWS account. The company sends all GuardDuty findings to AWS Security Hub.Traffic from suspicious sources is generating a large number of findings. A DevOps engineer needs to implement a solution to automatically deny traffic across the entire VPC when GuardDuty discovers a new suspicious source.Which solution will meet these requirements?
A. reate a GuardDuty threat list
B. onfigure an AWS WAF web ACL that includes a custom rule group
C. onfigure a firewall in AWS Network Firewall
D. reate an AWS Lambda function that will create a GuardDuty suppression rule
View answer
Correct Answer: C
Question #49
A development team is using AWS CodeCommit to version control application code and AWS CodePipeline to orchestrate software deployments. The team has decided to use a remote main branch as the trigger for the pipeline to integrate code changes. A developer has pushed code changes to the CodeCommit repository, but noticed that the pipeline had no reaction, even after 10 minutes.Which of the following actions should be taken to troubleshoot this issue?
A. heck that an Amazon EventBridge rule has been created for the main branch to trigger the pipeline
B. heck that the CodePipeline service role has permission to access the CodeCommit repository
C. heck that the developer’s IAM role has permission to push to the CodeCommit repository
D. heck to see if the pipeline failed to start because of CodeCommit errors in Amazon CloudWatch Logs
View answer
Correct Answer: A
Question #50
A DevOps engineer notices that all Amazon EC2 instances running behind an Application Load Balancer in an Auto Scaling group are failing to respond to user requests. The EC2 instances are also failing target group HTTP health checksUpon inspection, the engineer notices the application process was not running in any EC2 instances. There are a significant number of out of memory messages in the system logs. The engineer needs to improve the resilience of the application to cope with a potential application me
A. hange the Auto Scaling configuration to replace the instances when they fail the load balancer's health checks
B. hange the target group health check HealthChecklntervalSeconds parameter to reduce the interval between health checks
C. hange the target group health checks from HTTP to TCP to check if the port where the application is listening is reachable
D. nable the available memory consumption metric within the Amazon CloudWatch dashboard for the entire Auto Scaling group Create an alarm when the memory utilization is high Associate an Amazon SNS topic to the alarm to receive notifications when the alarm goes off
E. se the Amazon CloudWatch agent to collect the memory utilization of the EC2 instances in the Auto Scaling group Create an alarm when the memory utilization is high and associate an Amazon SNS topic to receive a notification
View answer
Correct Answer: AE
Question #51
A company has many applications. Different teams in the company developed the applications by using multiple languages and frameworks. The applications run on premises and on different servers with different operating systems. Each team has its own release protocol and process. The company wants to reduce the complexity of the release and maintenance of these applications.The company is migrating its technology stacks, including these applications, to AWS. The company wants centralized control of source cod
A. reate one AWS CodeCommit repository for all applications
B. reate one AWS CodeCommit repository for each of the applications Use AWS CodeBuild to build the applications one at a time
C. reate one AWS CodeCommit repository for each of the applications
D. reate one AWS CodeCommit repository for each of the applications
View answer
Correct Answer: D
Question #52
A security review has identified that an AWS CodeBuild project is downloading a database population script from an Amazon S3 bucket using an unauthenticated request. The security team does not allow unauthenticated requests to S3 buckets for this project.How can this issue be corrected in the MOST secure manner?
A. dd the bucket name to the AllowedBuckets section of the CodeBuild project settings
B. odify the S3 bucket settings to enable HTTPS basic authentication and specify a token
C. emove unauthenticated access from the S3 bucket with a bucket policy
D. emove unauthenticated access from the S3 bucket with a bucket policy
View answer
Correct Answer: C
Question #53
A company runs an application on Amazon EC2 instances. The company uses a series of AWS CloudFormation stacks to define the application resources. A developer performs updates by building and testing the application on a laptop and then uploading the build output and CloudFormation stack templates to Amazon S3. The developer’s peers review the changes before the developer performs the CloudFormation stack update and installs a new version of the application onto the EC2 instances.The deployment process is p
A. se an AWS CloudFormation template with a retention policy for the ALB set to 1 hour
B. se two AWS Elastic Beanstalk environments to perform a blue/green deployment from the original environment to the new one
C. se AWS CodeDeploy with a deployment group configured with a blue/green deployment configuration
D. se AWS Elastic Beanstalk with the configuration set to Immutable
View answer
Correct Answer: BD
Question #54
A company has containerized all of its in-house quality control applications. The company is running Jenkins on Amazon EC2 instances, which require patching and upgrading. The compliance officer has requested a DevOps engineer begin encrypting build artifacts since they contain company intellectual property.What should the DevOps engineer do to accomplish this in the MOST maintainable manner?
A. utomate patching and upgrading using AWS Systems Manager on EC2 instances and encrypt Amazon EBS volumes by default
B. eploy Jenkins to an Amazon ECS cluster and copy build artifacts to an Amazon S3 bucket with default encryption enabled
C. everage AWS CodePipeline with a build action and encrypt the artifacts using AWS Secrets Manager
D. se AWS CodeBuild with artifact encryption to replace the Jenkins instance running on EC2 instances
View answer
Correct Answer: D
Question #55
To run an application, a DevOps engineer launches an Amazon EC2 instance with public IP addresses in a public subnet. A user data script obtains the application artifacts and installs them on the instances upon launch. A change to the security classification of the application now requires the instances to run with no access to the internet. While the instances launch successfully and show as healthy, the application does not seem to be installed.Which of the following should successfully install the applic
A. aunch the instances in a public subnet with Elastic IP addresses attached
B. et up a NAT gateway
C. ublish the application artifacts to an Amazon S3 bucket and create a VPC endpoint for S3
D. reate a security group for the application instances and allow only outbound traffic to the artifact repository
View answer
Correct Answer: C
Question #56
A company is using an Amazon Aurora cluster as the data store for its application. The Aurora cluster is configured with a single DB instance. The application performs read and write operations on the database by using the cluster's instance endpoint.The company has scheduled an update to be applied to the cluster during an upcoming maintenance window. The cluster must remain available with the least possible interruption during the maintenance window.What should a DevOps engineer do to meet these requireme
A. dd a reader instance to the Aurora cluster
B. dd a reader instance to the Aurora cluster
C. urn on the Multi-AZ option on the Aurora cluster
D. urn on the Multi-AZ option on the Aurora cluster
View answer
Correct Answer: C

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: