Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

DOP-C02 Exam Dumps - Amazon Web Services AWS Certified Professional Questions and Answers

Question # 54

A company deploys an API by using an Application Load Balancer (ALB) that targets an AWS Lambda function. The API takes a list of tasks as an input and typically processes the tasks in 40 seconds. The API is CPU intensive and performs writes to an Amazon Aurora PostgreSQL DB cluster. The API also performs frequent large-scale Amazon S3 object PUT requests to the same prefix of an S3 bucket.

The API usage and the number of input tasks is increasing significantly. The increased demand is causing the API response time to increase, and some API requests fail because the database connection quota is being exceeded. A DevOps engineer must improve the performance of the API.

Which combination of solutions will meet this requirement? (Select THREE.)

Options:

A.

Deploy a Network Load Balancer (NLB) and set the ALB as the target group for the NLB.

B.

Refactor the API to use Amazon API Gateway instead of the ALB.

C.

Create an Amazon RDS Proxy and configure the Lambda function to use it to perform database operations.

D.

Increase the amount of memory for the Lambda function.

E.

Add a read replica for the Aurora DB cluster.

F.

Update the Lambda function to distribute S3 object PUT requests to multiple prefixes.

Buy Now
Question # 55

A company is refactoring applications to use AWS. The company identifies an internal web application that needs to make Amazon S3 API calls in a specific AWS account.

The company wants to use its existing identity provider (IdP) auth.company.com for authentication. The IdP supports only OpenID Connect (OIDC). A DevOps engineer needs to secure the web application ' s access to the AWS account.

Which combination of steps will meet these requirements? (Select THREE.)

Options:

A.

Configure AWS 1AM Identity Center. Configure an IdP. Upload the IdP metadata from the existing IdP.

B.

Create an 1AM IdP by using the provider URL, audience, and signature from the existing IdP.

C.

Create an 1AM role that has a policy that allows the necessary S3 actions. Configure the role ' s trust policy to allow the OIDC IdP to assume the role if the sts.amazon.conraud context key is appid from idp.

D.

Create an 1AM role that has a policy that allows the necessary S3 actions. Configure the role ' s trust policy to allow the OIDC IdP to assume the role if the auth.company.com:aud context key is appid_from_idp.

E.

Configure the web application lo use the AssumeRoleWith Web Identity API operation to retrieve temporary credentials. Use the temporary credentials to make the S3 API calls.

F.

Configure the web application to use the GetFederationToken API operation to retrieve temporary credentials Use the temporary credentials to make the S3 API calls.

Buy Now
Question # 56

A company is building a new pipeline by using AWS CodePipeline and AWS CodeBuild in a build account. The pipeline consists of two stages. The first stage is a CodeBuild job to build and package an AWS Lambda function. The second stage consists of deployment actions that operate on two different AWS accounts a development environment account and a production environment account. The deployment stages use the AWS Cloud Format ion action that CodePipeline invokes to deploy the infrastructure that the Lambda function requires.

A DevOps engineer creates the CodePipeline pipeline and configures the pipeline to encrypt build artifacts by using the AWS Key Management Service (AWS KMS) AWS managed key for Amazon S3 (the aws/s3 key). The artifacts are stored in an S3 bucket When the pipeline runs, the Cloud Formation actions fail with an access denied error.

Which combination of actions must the DevOps engineer perform to resolve this error? (Select TWO.)

Options:

A.

Create an S3 bucket in each AWS account for the artifacts Allow the pipeline to write to the S3 buckets. Create a CodePipeline S3 action to copy the artifacts to the S3 bucket in each AWS account Update the CloudFormation actions to reference the artifacts S3 bucket in the production account.

B.

Create a customer managed KMS key Configure the KMS key policy to allow the IAM roles used by the CloudFormation action to perform decrypt operations Modify the pipeline to use the customer managed KMS key to encrypt artifacts.

C.

Create an AWS managed KMS key Configure the KMS key policy to allow the development account and the production account to perform decrypt operations. Modify the pipeline to use the KMS key to encrypt artifacts.

D.

In the development account and in the production account create an IAM role for CodePipeline. Configure the roles with permissions to perform CloudFormation operations and with permissions to retrieve and decrypt objects from the artifacts S3 bucket. In the CodePipeline account configure the CodePipeline CloudFormation action to use the roles.

E.

In the development account and in the production account create an IAM role for CodePipeline Configure the roles with permissions to perform CloudFormationoperations and with permissions to retrieve and decrypt objects from the artifacts S3 bucket. In the CodePipelme account modify the artifacts S3 bucket policy to allow the roles access Configure the CodePipeline CloudFormation action to use the roles.

Buy Now
Question # 57

A company is using AWS CodeDeploy to deploy an application to Amazon EC2 instances in an Auto Scaling group. The company configures the Auto Scaling group by using an EC2 launch template that references a custom AMI that has the CodeDeploy agent installed. The company updates the AMI weekly, and all EC2 instances are replaced with new instances that are launched from the updated AMI. The company requires each EC2 instance to be tagged with an application tag that identifies the application that is deployed on the instance. Currently, the company manually tags the EC2 instances.

To deploy the application, the company creates a CodeDeploy application and a deployment group. The company sets a custom resource tag in the deployment group and configures the deployment group to target the Auto Scaling group. The company must ensure that each instance in the Auto Scaling group is tagged with the appropriate application tag.

Which solution will meet this requirement?

Options:

A.

Create a tag specification in the EC2 launch template and set the resource type to applications. Configure the tag specification to apply the custom resource tag. Update the Auto Scaling group to use the most recent version of the EC2 launch template. Perform an instance refresh in the Auto Scaling group.

B.

Configure the process that creates the custom AMI to tag the AMI with the custom resource tag. Create a new version of the AMI. Update the Auto Scaling group to use the new version of the AMI. Perform an instance refresh in the Auto Scaling group.

C.

Configure the CodeDeploy deployment group to include a tag specification that applies the custom resource tag. Configure the Auto Scaling group to propagate the tag when instances are launched. Create a new deployment in the deployment group that specifies the EC2 instance IDs as target instances.

D.

Create a tag specification in the EC2 launch template and set the resource type to instances. Configure the tag specification to apply the custom resource tag. Update the Auto Scaling group to use the most recent version of the EC2 launch template. Perform an instance refresh in the Auto Scaling group.

Buy Now
Question # 58

A company runs an application in an Auto Scaling group of Amazon EC2 instances behind an Application Load Balancer (ALB). The EC2 instances run Docker containers that make requests to a MySQL database that runs on separate EC2 instances. A DevOps engineer needs to update the application to use a serverless architecture. Which solution will meet this requirement with the FEWEST changes?

Options:

A.

Replace the containers that run on EC2 instances and the ALB with AWS Lambda functions. Replace the MySQL database with an Amazon Aurora Serverless v2 database that is compatible with MySQL.

B.

Replace the containers that run on EC2 instances with AWS Fargate. Replace the MySQL database with an Amazon Aurora Serverless v2 database that is compatible with MySQL.

C.

Replace the containers that run on EC2 instances and the ALB with AWS Lambda functions. Replace the MySQL database with Amazon DynamoDB tables.

D.

Replace the containers that run on EC2 instances with AWS Fargate. Replace the MySQL database with Amazon DynamoDB tables.

Buy Now
Question # 59

An Amazon EC2 instance is running in a VPC and needs to download an object from a restricted Amazon S3 bucket. When the DevOps engineer tries to download the object, an AccessDenied error is received,

What are the possible causes tor this error? (Select TWO,)

Options:

A.

The 53 bucket default encryption is enabled.

B.

There is an error in the S3 bucket policy.

C.

The object has been moved to S3 Glacier.

D.

There is an error in the IAM role configuration.

E.

S3 Versioning is enabled.

Buy Now
Question # 60

The security team depends on AWS CloudTrail to detect sensitive security issues in the company ' s AWS account. The DevOps engineer needs a solution to auto-remediate CloudTrail being turned off in an AWS account.

What solution ensures the LEAST amount of downtime for the CloudTrail log deliveries?

Options:

A.

Create an Amazon EventBridge rule for the CloudTrail StopLogging event. Create an AWS Lambda (unction that uses the AWS SDK to call StartLogging on the ARN of the resource in which StopLogging was called. Add the Lambda function ARN as a target to the EventBridge rule.

B.

Deploy the AWS-managed CloudTrail-enabled AWS Config rule set with a periodic interval to 1 hour. Create an Amazon EventBridge rule tor AWS Config rules compliance change. Create an AWS Lambda function that uses the AWS SDK to call StartLogging on the ARN of the resource in which StopLoggmg was called. Add the Lambda function ARN as a target to the EventBridge rule.

C.

Create an Amazon EventBridge rule for a scheduled event every 5 minutes. Create an AWS Lambda function that uses the AWS SDK to call StartLogging on a CloudTrail trail in the AWS account. Add the Lambda function ARN as a target to the EventBridge rule.

D.

Launch a t2 nano instance with a script running every 5 minutes that uses the AWS SDK to query CloudTrail in the current account. If the CloudTrail trail is disabled have the script re-enable the trail.

Buy Now
Question # 61

A DevOps engineer has created an AWS CloudFormation template that deploys an application on Amazon EC2 instances The EC2 instances run Amazon Linux The application is deployed to the EC2 instances by using shell scripts that contain user data. The EC2 instances have an 1AM instance profile that has an 1AM role with the AmazonSSMManagedlnstanceCore managed policy attached

The DevOps engineer has modified the user data in the CloudFormation template to install a new version of the application. The engineer has also applied the stack update. However, the application was not updated on the running EC2 instances. The engineer needs to ensure that the changes to the application are installed on the running EC2 instances.

Which combination of steps will meet these requirements? (Select TWO.)

Options:

A.

Configure the user data content to use the Multipurpose Internet Mail Extensions (MIME) multipart format. Set the scripts-user parameter to always in the text/cloud-config section.

B.

Refactor the user data commands to use the cfn-init helper script. Update the user data to install and configure the cfn-hup and cfn-mit helper scripts to monitor and apply the metadata changes

C.

Configure an EC2 launch template for the EC2 instances. Create a new EC2 Auto Scaling group. Associate the Auto Scaling group with the EC2 launch template Use the AutoScalingScheduledAction update policy for the Auto Scaling group.

D.

Refactor the user data commands to use an AWS Systems Manager document (SSM document). Add an AWS CLI command in the user data to use Systems Manager Run Command to apply the SSM document to the EC2 instances

E.

Refactor the user data command to use an AWS Systems Manager document (SSM document) Use Systems Manager State Manager to create an association between the SSM document and the EC2 instances.

Buy Now
Question # 62

A company has a single developer writing code for an automated deployment pipeline. The developer is storing source code in an Amazon S3 bucket for each project. The company wants to add more developers to the team but is concerned about code conflicts and lost work The company also wants to build a test environment to deploy newer versions of code for testing and allow developers to automatically deploy to both environments when code is changed in the repository.

What is the MOST efficient way to meet these requirements?

Options:

A.

Create an AWS CodeCommit repository tor each project, use the mam branch for production code: and create a testing branch for code deployed to testing Use feature branches to develop new features and pull requests to merge code to testing and main branches.

B.

Create another S3 bucket for each project for testing code, and use an AWS Lambda function to promote code changes between testing and production buckets Enable versioning on all buckets to prevent code conflicts.

C.

Create an AWS CodeCommit repository for each project, and use the main branch for production and test code with different deployment pipelines for each environment Use feature branches to develop new features.

D.

Enable versioning and branching on each S3 bucket, use the main branch for production code, and create a testing branch for code deployed to testing. Have developers use each branch for developing in each environment.

Buy Now
Question # 63

A DevOps engineer needs to apply a core set of security controls to an existing set of AWS accounts. The accounts are in an organization in AWS Organizations. Individual teams will administer individual accounts by using the AdministratorAccess AWS managed policy. For all accounts. AWS CloudTrail and AWS Config must be turned on in all available AWS Regions. Individual account administrators must not be able to edit or delete any of the baseline resources. However, individual account administrators must be able to edit or delete their own CloudTrail trails and AWS Config rules.

Which solution will meet these requirements in the MOST operationally efficient way?

Options:

A.

Create an AWS CloudFormation template that defines the standard account resources. Deploy the template to all accounts from the organization ' s management account by using CloudFormation StackSets. Set the stack policy to deny Update:Delete actions.

B.

Enable AWS Control Tower. Enroll the existing accounts in AWS Control Tower. Grant the individual account administrators access to CloudTrail and AWS Config.

C.

Designate an AWS Config management account. Create AWS Config recorders in all accounts by using AWS CloudFormation StackSets. Deploy AWS Config rules to the organization by using the AWS Config management account. Create a CloudTrail organization trail in the organization’s management account. Deny modification or deletion of the AWS Config recorders by using an SCP.

D.

Create an AWS CloudFormation template that defines the standard account resources. Deploy the template to all accounts from the organization ' s management account by using Cloud Formation StackSets Create an SCP that prevents updates or deletions to CloudTrail resources or AWS Config resources unless the principal is an administrator of the organization ' s management account.

Buy Now
Exam Code: DOP-C02
Exam Name: AWS Certified DevOps Engineer - Professional
Last Update: Jul 8, 2026
Questions: 449
DOP-C02 pdf

DOP-C02 PDF

$25.5  $84.99
DOP-C02 Engine

DOP-C02 Testing Engine

$28.5  $94.99
DOP-C02 PDF + Engine

DOP-C02 PDF + Testing Engine

$40.5  $134.99