DOP-C02 Exam Dumps - Amazon Web Services AWS Certified Professional Questions and Answers

Verified Answer: A, C, and E.

Short Explanation: To improve the performance of the application, the DevOps engineer should use Amazon RDS Proxy, implement the database connection opening outside the Lambda event handler code, and connect to the proxy endpoint from the Lambda function.

Amazon RDS Proxy is a fully managed, highly available database proxy for Amazon Relational Database Service (RDS) that makes applications more scalable, more resilient to database failures, and more secure1. By using Amazon RDS Proxy, the DevOps engineer can reduce the overhead of opening and closing connections to the database, which can improve latency and throughput2.

The DevOps engineer should connect the proxy to the Aurora cluster reader endpoint, which allows read-only connections to one of the Aurora Replicas in the DB cluster3. This can help balance the load across multiple read replicas and improve performance for read-intensive workloads4.

The DevOps engineer should implement the database connection opening outside the Lambda event handler code, which means using a global variable to store the database connection object5. This can enable connection reuse across multiple invocations of the Lambda function, which can reduce latency and improve performance.

The DevOps engineer should connect to the proxy endpoint from the Lambda function, which is a unique URL that represents the proxy. This can allow the Lambda function to access the database through the proxy, which can provide benefits such as connection pooling, load balancing, failover handling, and enhanced security.

The other options are incorrect because:

Implementing database connection pooling inside the Lambda code is unnecessary and redundant when using Amazon RDS Proxy, which already provides connection pooling as a service.

Implementing the database connection opening and closing inside the Lambda event handler code is inefficient and costly, as it can increase latency and consume more resources for each invocation of the Lambda function.

Connecting to the Aurora cluster endpoint from the Lambda function is not optimal for read-only queries, as it can direct traffic to either the primary instance or one of the Aurora Replicas in the DB cluster. This can result in inconsistent performance and potential conflicts with write operations on the primary instance.

The CfCT solution is designed for the exact purpose stated in the question. It extends the capabilities of AWS Control Tower by providing you with a way to automate resource provisioning and apply custom configurations across all AWS accounts created in the Control Tower environment. This enables the company to implement additional account customizations when new accounts are provisioned via the Control Tower Account Factory. The CloudFormation templates and SCPs can be added to a CodeCommit repository and will be automatically deployed to new accounts when they are created. This provides a highly automated solution that does not require manual intervention to deploy resources and SCPs to new accounts.

The company needs fast, proactive alerts for future performance issues, beyond basic EC2 metrics. Option A provides a complete, AWS-native monitoring pattern aligned with best practices:

Enable detailed monitoring on EC2 instances to increase metric resolution (from 5-minute to 1-minute intervals), improving the responsiveness of alarms.

Define custom CloudWatch metrics for application-level indicators such as request latency, error rate, queue depth, or throughput. These metrics can be published from the application or sidecar agents.

Create CloudWatch alarms on both infrastructure (CPU, network, disk) and custom application metrics with thresholds that reflect performance SLOs. Alarms can notify teams via SNS or incident management tools.

Use CloudWatch Logs Insights to analyze logs for recurring error patterns, slow requests, or exceptions when alarms fire.

Option B focuses on tracing and frontend RUM; while useful, it is more complex and not necessary just to get quick alerts. Option C uses services (CloudTrail, GuardDuty, Trusted Advisor) that are not focused on real-time performance detection. Option D with VPC Flow Logs is network-level and would not detect general application performance issues.

Thus, Option A offers a direct, efficient way to detect and alert on performance degradations quickly.

Step A: Using a tool like CloudFormation resource import or IaC generator to scan and create a template from existing resources is efficient to bring current infrastructure under management.

Step C: Using CodeConnections (AWS ' s solution to connect Git repositories) with AWS CodePipeline ensures any changes to CloudFormation templates in the Git repo automatically deploy infrastructure changes, enforcing infrastructure as code workflows.

Step E: Creating an IAM role with CloudFormation as the principal ensures CloudFormation has permissions to manage resources. Using an SCP to deny all actions except by this role enforces strict control, preventing manual changes outside the pipeline. Option B uses AWS Config which is more for compliance and auditing, not direct resource import. Option D is invalid because CloudFormation does not natively sync with Git; CodePipeline does. Option F is less secure than denying all except the IAM role.

S3 RTC ensures ≤15-min replication SLA.

Multi-Region Access Point (MRAP) simplifies active-passive replication access.

SubmitMultiRegionAccessPointRoutes API manages routing changes during failover. This configuration follows AWS DR best practices for S3 active/passive architectures.

Amazon CloudWatch metric filters are the least-overhead method for converting log data into actionable metrics and alarms. By defining a metric filter on the CloudWatch Logs log group with a regex pattern that matches external system error log entries, CloudWatch automatically increments a custom metric each time a matching event appears. A CloudWatch alarm configured with a period of 5 minutes and a threshold of 10 will trigger and publish directly to the SNS topic without requiring any additional compute resources. Option B adds an unnecessary Lambda invocation between the alarm and the SNS notification. Option C uses anomaly detection, which is probabilistic and not suited for a hard threshold requirement. Option D requires a subscription filter plus a Lambda function to publish the custom metric, which introduces additional components, Lambda costs, and higher operational complexity than a native metric filter.

================

The correct answer is A.

Option A is correct because it meets the requirements with the most operational efficiency. Updating the ecommerce application to emit a JSON object to a CloudWatch log group for each processed transaction is a simple and cost-effective way to collect the data needed for the dashboard. Using CloudWatch Logs Insights to query the log group and to visualize the results in a pie chart format is also a convenient and integrated solution that leverages the existing CloudWatch dashboards. Attaching the results to the desired CloudWatch dashboard is straightforward and does not require any additional steps or services.

Option B is incorrect because it introduces unnecessary complexity and cost. Updating the ecommerce application to emit a JSON object to an Amazon S3 bucket for each processed transaction is a valid way to store the data, but it requires creating and managing an S3 bucket and its permissions. Using Amazon Athena to query the S3 bucket and to visualize the results in a pie chart format is also a valid way to analyze the data, but it incurs charges based on the amount of data scanned by each query. Exporting the results from Athena and attaching them to the desired CloudWatch dashboard is also an extra step that adds more overhead and latency.

Option C is incorrect because it uses AWS X-Ray for an inappropriate purpose. Updating the ecommerce application to use AWS X-Ray for instrumentation is a good practice for monitoring and tracing distributed applications, but it is not designed for aggregating product transaction details. Creating a new X-Ray subsegment and adding an annotation for each processed transaction is possible, but it would clutter the X-Ray service map and make it harder to debug performance issues. Using X-Ray traces to query the data and to visualize the results in a pie chart format is also possible, but it would require custom code and logic that are not supported by X-Ray natively. Attaching the results to the desired CloudWatch dashboard is also not supported by X-Ray directly, and would require additional steps or services.

Option D is incorrect because it introduces unnecessary complexity and cost. Updating the ecommerce application to emit a JSON object to a CloudWatch log group for each processed transaction is a simple and cost-effective way to collect the data needed for the dashboard, as in option A. However, creating an AWS Lambda function to aggregate and write the results to Amazon DynamoDB is redundant, as CloudWatch Logs Insights can already perform aggregation queries on log data. Creating a Lambda subscription filter for the log file is also redundant, as CloudWatch Logs Insights can already access log data directly. Attaching the results to the desired CloudWatch dashboard would also require additional steps or services, as DynamoDB does not support native integration with CloudWatch dashboards.

To achieve multi-Region high availability for a serverless API-based application, the architecture must be duplicated in the second Region and supported by a multi-Region data layer and appropriate DNS routing. Option A provides the required multi-Region data layer using DynamoDB global tables , which replicate data automatically and asynchronously between Regions. This allows reads and writes in either Region and prevents cross-Region latency bottlenecks.

Option C ensures that the compute components—API Gateway REST API and AWS Lambda functions—are deployed in both Regions. Each Region operates independently, providing true active-active redundancy and allowing Route 53 to route traffic directly to either Region without dependency on the other.

Option E selects Route 53 latency-based routing , which directs each user to the Region with the lowest round-trip latency. This meets the requirement to route traffic based on the Region providing the best response time rather than only providing active-passive failover.

Option D (failover routing) supports active-standby topologies, not active-active. Option B creates a global secondary index, which does not provide multi-Region replication. Option F (multivalue routing) distributes traffic randomly and does not account for latency or Region placement.

Thus, combining DynamoDB global tables, duplicated serverless architecture, and latency-based routing fully satisfies the requirements.