DOP-C02 Exam Dumps - Amazon Web Services AWS Certified Professional Questions and Answers

 For deploying a Ruby-based application with requirements for interaction with an Amazon RDS for MySQL database, automatic scaling, high availability, and data persistence, the following steps will meet the requirements:

B. Deploy the application on AWS Elastic Beanstalk. Deploy a separate Amazon RDS for MySQL DB instance outside of Elastic Beanstalk. This approach ensures that the database persists independently of the Elastic Beanstalk environment, which can be torn down and recreated without affecting the database123.

E. Use the immutable deployment method to deploy new application versions. Immutable deployments provide a zero-downtime deployment method that ensures that if any part of the deployment process fails, the environment is rolled back to the original state automatically4.

D. Configure an Amazon EventBridge rule to monitor AWS Health events. Use an Amazon Simple Notification Service (Amazon SNS) topic as a target to alert the application team. This setup allows for automated monitoring and alerting of the application team in case of deployment failures or other health events56.

AWS Elastic Beanstalk documentation on deploying Ruby applications1.

AWS documentation on application auto-scaling7.

AWS documentation on automated deployment strategies with automatic rollbacks and alerts456.

The requirements clearly indicate the need for modern CodePipeline capabilities , strict execution ordering, Git tag–based triggers, and loose coupling between pipelines. CodePipeline V2 introduces execution modes such as QUEUED and SUPERSEDED , along with native support for advanced trigger filtering when using AWS CodeConnections.

The requirement that the pipeline must wait for the previous run to finish directly maps to QUEUED mode , which ensures that pipeline executions run sequentially rather than replacing in-progress executions. SUPERSEDED mode would cancel the running execution, which violates the requirement.

Triggering the pipeline when new Git tags are pushed is supported through CodePipeline V2 trigger filters using refs/tags/*. Branch-based triggers would not satisfy this condition.

Finally, the requirement that an existing deployment pipeline runs in response to new container images is best met using Amazon EventBridge , which natively emits events for ECR image push actions . EventBridge allows decoupled, event-driven orchestration between pipelines without tight dependencies or custom scripting. This is the AWS-recommended approach for pipeline-to-pipeline coordination.

Options C and D rely on CodePipeline V1 , which lacks modern trigger filtering and execution control. Option B incorrectly uses SUPERSEDED mode and branch-based triggers.

Therefore, Option A correctly combines CodePipeline V2 , QUEUED execution mode , tag-based triggers , and EventBridge-driven pipeline chaining , meeting all requirements with best practices and minimal operational complexity.

Systems Manager State Manager with Automation documents allows running scripts sequentially and reliably with built-in retry and status tracking.

Using EventBridge with SNS for notifications leverages managed services with minimal custom development.

Using SES (Options B, D) requires more setup and custom logic for email formatting and sending.

Lambda (Options C, D) can run scripts but might have limitations on execution time and complexity compared to Systems Manager Automation.

The following are the steps that the company can take to change the log level dynamically when the deployment occurs:

Create a script that uses the CodeDeploy environment variable DEPLOYMENT_GROUP_NAME to identify which deployment group the instance is part of.

Use this information to configure the log level settings.

Reference this script as part of the BeforeInstall lifecycle hook in the appspec.yml file.

The DEPLOYMENT_GROUP_NAME environment variable is automatically set by CodeDeploy when the deployment is triggered. This means that the script does not need to call the metadata service or the EC2 API to identify the deployment group.

This solution is the least complex and requires the least management overhead. It also does not require different script versions for each deployment group.

The following are the reasons why the other options are not correct:

Option A is incorrect because it would require tagging the Amazon EC2 instances, which would be a manual and time-consuming process.

Option C is incorrect because it would require creating a custom environment variable for each environment. This would be a complex and error-prone process.

Option D is incorrect because it would use the DEPLOYMENT_GROUP_ID environment variable. However, this variable is not automatically set by CodeDeploy, so the script would need to call the metadata service or the EC2 API to get the deployment group ID. This would add complexity and overhead to the solution.

This hook runs before the new application version is installed on the replacement instances. This is the best place to run the script because it ensures that the license file is downloaded and installed before the replacement instances start to handle request traffic. If you use any other hook, you may encounter errors or inconsistencies in your application.

For automatic failover to a secondary Region, several conditions must be met. Amazon Keyspaces multi-Region replication provides continuous, near-real-time data replication across Regions, ensuring data is available in the secondary Region without manual intervention, unlike point-in-time recovery. ECR private image replication automatically keeps container images synchronized to the secondary Region registry. Setting the Fargate service desired count to 1 in the secondary Region creates a warm standby that can immediately accept traffic during failover, unlike desired count of 0 which would require scale-up time. Route 53 failover routing policy combined with ALB health checks automatically redirects DNS traffic to the secondary Region when the primary becomes unhealthy. A weighted routing policy does not support automatic failover behavior. Option C uses a manual image copy rather than automated replication, making it unsuitable for continuous DR.

================

The current design colocates the web tier, database, and cache on the same EC2 instances. This causes resource contention and makes it difficult to scale each layer independently. The correct solution is to separate these concerns into independently scalable managed services.

Option D uses an Application Load Balancer (ALB) in front of an Auto Scaling group for the web application. ALB is designed for HTTP/HTTPS traffic, supports path-based and host-based routing, and can spread load evenly across multiple instances and Availability Zones, eliminating the issue where one instance is overloaded.

The database is migrated to Amazon Aurora with Multi-AZ , which provides high availability, automated failover, and managed backups. Aurora offloads database management and ensures consistent performance.

For caching, Option D introduces Amazon ElastiCache for Redis , a managed in-memory cache that is purpose-built for low-latency reads, independent scaling, and high availability through replication and clustering.

Option A and C misuse NLB for HTTP traffic or for Redis exposure and introduce unnecessary complexity. Option B keeps Redis on EC2 (via NLB + ASG in a single AZ), which reduces availability and does not leverage managed caching.

Thus, Option D best separates tiers and improves performance and availability.

(A) When Docker communicates with an Amazon Elastic Container Registry (ECR) repository, it requires authentication. You can authenticate your Docker client to the Amazon ECR registry with the help of the AWS CLI (Command Line Interface). Specifically, you can use the " aws ecr get-login-password " command to get an authorization token and then use Docker ' s " docker login " command with that token to authenticate to the registry. You would need to perform these steps in your buildspec.yml file before attempting to push or pull images from/to the ECR repository.

Option A best matches the requirement in the simplest, most direct way:

Systems Manager State Manager is designed to apply and maintain a desired state on managed instances by running associations on a schedule or continuously across targets (for example, “all managed nodes”).

By using a Systems Manager document in the association that installs the antivirus package (and can be written to be idempotent: “install only if not present”), State Manager both detects drift (software missing) and remediates it automatically by reapplying the desired configuration.

This approach automatically covers all instances that are managed by Systems Manager (which is typically the standard requirement for fleet management on Amazon Linux).

Why the others are more overhead or not as direct:

B can work, but it requires building and operating a custom Config rule plus remediation wiring. That’s more components and maintenance than State Manager for a straightforward “ensure software is installed” task.

C Amazon Inspector is a vulnerability management service; it’s not the primary tool for “ensure a specific software package is installed everywhere” and “remediate via SSM doc” as a desired-state control.

D only detects new instances at launch time via CloudTrail RunInstances, and then you still need Inventory correlation logic. It’s more complex and can miss already-running instances unless additional logic is added.