DOP-C02 Amazon Web Services AWS Certified DevOps Engineer - Professional Free Practice Exam Questions (2025 Updated)

Prepare effectively for your Amazon Web Services DOP-C02 AWS Certified DevOps Engineer - Professional certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

Amazon Web Services DOP-C02 Premium Access Download Demo

Page: 4 / 6
Total 392 questions

Question # 66

A company is deploying a new application that uses Amazon EC2 instances. The company needs a solution to query application logs and AWS account API activity Which solution will meet these requirements?

Use the Amazon CloudWatch agent to send logs from the EC2 instances to Amazon CloudWatch Logs Configure AWS CloudTrail to deliver the API logs to Amazon S3 Use CloudWatch to query both sets of logs.

Use the Amazon CloudWatch agent to send logs from the EC2 instances to Amazon CloudWatch Logs Configure AWS CloudTrail to deliver the API logs to CloudWatch Logs Use CloudWatch Logs Insights to query both sets of logs.

Use the Amazon CloudWatch agent to send logs from the EC2 instances to Amazon Kinesis Configure AWS CloudTrail to deliver the API logs to Kinesis Use Kinesis to load the data into Amazon Redshift Use Amazon Redshift to query both sets of logs.

Use the Amazon CloudWatch agent to send logs from the EC2 instances to Amazon S3 Use AWS CloudTrail to deliver the API togs to Amazon S3 Use Amazon Athena to query both sets of logs in Amazon S3.

Question # 67

A company has a stateless web application that is deployed on Amazon EC2 instances. The EC2 instances are in a target group behind an Application Load Balancer (ALB). Amazon Route 53 manages the application domain.

The company updates the application UI and develops a beta version of the application. The company wants to test the beta version on 10% of its traffic.

Which solution will meet these requirements with the LEAST number of configuration changes?

Deploy the beta version to new EC2 instances in a new target group. Associate the new target group with a new ALB. Update the existing Route 53 record to use a weighted routing policy. Add a new Route 53 record that points to the new ALB with the same routing policy. Assign a weight of 90 to the existing record. Assign a weight of 10 to the new record.

Deploy the beta version to new EC2 instances in a new target group. Associate the new target group with the same ALB listener rule. Assign a weight of 90 to the existing target group. Assign a weight of 10 to the new target group.

Refactor the application to implement a feature flag for the beta version by using AWS AppConfig. Use the feature flag to enable the beta version for 10% of the EC2 instances.

Containerize and deploy the application on Amazon Elastic Container Service (Amazon ECS). Use AWS CodeDeploy to deploy the beta version by using the CodeDeployDefault.ECSCanary10Percent15Minutes deployment configuration.

Question # 68

A company uses a pipeline in AWS CodePipeline to deploy an application. The company created an AWS Fault Injection Service (AWS FIS) experiment template to test the resiliency of the application. A DevOps engineer needs to integrate the experiment into the pipeline.

Which solution will meet this requirement?

Configure a new stage in the pipeline that includes an AWS FIS action. Configure the action to reference the AWS FIS experiment template. Grant the pipeline access to start the experiment.

Create an Amazon EventBridge scheduler. Grant the scheduler permission to start the AWS FIS experiment. Configure a new stage in the pipeline that includes an action to invoke the EventBridge scheduler.

Create an AWS Lambda function to start the AWS FIS experiment. Grant the Lambda function permission to start the experiment. Create a new stage in the pipeline that has a Lambda action. Set the action to invoke the Lambda function.

Export the AWS FIS experiment template to an Amazon S3 bucket. Create an AWS CodeBuild unit test project that has a buildspec that starts the AWS FIS experiment. Grant the CodeBuild project access to start the experiment. Configure a new stage in the pipeline that includes an action to run the CodeBuild unit test project.

Question # 69

An ecommerce company uses a large number of Amazon Elastic Block Store (Amazon EBS) backed Amazon EC2 instances. To decrease manual work across all the instances, a DevOps engineer is tasked with automating restart actions when EC2 instance retirement events are scheduled.

How can this be accomplished?

Create a scheduled Amazon EventBridge rule to run an AWS Systems Manager Automation runbook that checks if any EC2 instances are scheduled for retirement once a week If the instance is scheduled for retirement the runbook will hibernate the instance

Enable EC2Auto Recovery on all of the instances. Create an AWS Config rule to limit the recovery to occur during a maintenance window only

Reboot all EC2 instances during an approved maintenance window that is outside of standard business hours Set up Amazon CloudWatch alarms to send a notification in case any instance is failing EC2 instance status checks

Set up an AWS Health Amazon EventBridge rule to run AWS Systems Manager Automation runbooks that stop and start the EC2 instance when a retirement scheduled event occurs.

Question # 70

A DevOps team deploys an ECS app behind an ALB using CodeDeploy with all-at-once strategy. Recent deployment increased response times, requiring rollback. The team wants a deployment strategy to monitor new versions before full traffic shift and rollback quickly if issues occur.

Which steps meet these requirements? (Select TWO.)

Use CodeDeployDefault.ECSCanary10Percent5Minutes deployment configuration.

Use CodeDeployDefault.ECSLinear10PercentEvery3Minutes deployment configuration.

Create a CloudWatch alarm on ALB UnHealthyHostCount and associate it with the deployment group for rollback.

Create a CloudWatch alarm on ALB TargetResponseTime and associate it with the deployment group for rollback.

Create a CloudWatch alarm on ALB TargetConnectionErrorCount and associate it with the deployment group for rollback.

Question # 71

A company's production environment uses an AWS CodeDeploy blue/green deployment to deploy an application. The deployment incudes Amazon EC2 Auto Scaling groups that launch instances that run Amazon Linux 2.

A working appspec. ymi file exists in the code repository and contains the following text.

A DevOps engineer needs to ensure that a script downloads and installs a license file onto the instances before the replacement instances start to handle request traffic. The DevOps engineer adds a hooks section to the appspec. yml file.

Which hook should the DevOps engineer use to run the script that downloads and installs the license file?

AfterBlockTraffic

BeforeBlockTraffic

Beforelnstall

Down load Bundle

Question # 72

A company has deployed a critical application in two AWS Regions. The application uses an Application Load Balancer (ALB) in both Regions. The company has Amazon Route 53 alias DNS records for both ALBs.

The company uses Amazon Route 53 Application Recovery Controller to ensure that the application can fail over between the two Regions. The Route 53 ARC configuration includes a routing control for both Regions. The company uses Route 53 ARC to perform quarterly disaster recovery (DR) tests.

During the most recent DR test, a DevOps engineer accidentally turned off both routing controls. The company needs to ensure that at least one routing control is turned on at all times.

Which solution will meet these requirements?

In Route 53 ARC. create a new assertion safety rule. Apply the assertion safety rule to the two routing controls. Configure the rule with the ATLEAST type with a threshold of 1.

In Route 53 ARC, create a new gating safety rule. Apply the assertion safety rule to the two routing controls. Configure the rule with the OR type with a threshold of 1.

In Route 53 ARC, create a new resource set. Configure the resource set with an AWS: Route53: HealthCheck resource type. Specify the ARNs of the two routing controls as the target resource. Create a new readiness check for the resource set.

In Route 53 ARC, create a new resource set. Configure the resource set with an AWS: Route53RecoveryReadiness: DNSTargetResource resource type. Add the domain names of the two Route 53 alias DNS records as the target resource. Create a new readiness check for the resource set.

Question # 73

A company is divided into teams Each team has an AWS account and all the accounts are in an organization in AWS Organizations. Each team must retain full administrative rights to its AWS account. Each team also must be allowed to access only AWS services that the company approves for use AWS services must gam approval through a request and approval process.

How should a DevOps engineer configure the accounts to meet these requirements?

Use AWS CloudFormation StackSets to provision IAM policies in each account to deny access to restricted AWS services. In each account configure AWS Config rules that ensure that the policies are attached to IAM principals in the account.

Use AWS Control Tower to provision the accounts into OUs within the organization Configure AWS Control Tower to enable AWS IAM identity Center (AWS Single Sign-On). Configure 1AM Identity Center to provide administrative access Include deny policies on user roles for restricted AWS services.

Place all the accounts under a new top-level OU within the organization Create an SCP that denies access to restricted AWS services Attach the SCP to the OU.

Create an SCP that allows access to only approved AWS services. Attach the SCP to the root OU of the organization. Remove the FullAWSAccess SCP from the root OU of the organization.

Question # 74

A company streams logs to CloudWatch Logs. Logs must be searchable for 30 days, low-latency accessible for 90 days, and occasionally retrieved after 180 days.

Which solution is MOST cost-effective?

Configure log retention of 30 days and export to S3 via Kinesis Data Streams. Use S3 Lifecycle policies.

Configure retention of 30 days and stream to S3 via Kinesis Data Firehose. Transition to S3 One Zone-IA and Glacier Flexible Retrieval.

Configure retention of 30 days and stream via Kinesis Data Streams, then store in S3 Standard-IA and Glacier Instant Retrieval.

Configure retention of 30 days and stream via Kinesis Data Firehose to S3. Transition to S3 Standard-IA (90 days) and Glacier Deep Archive (180 days).

Question # 75

A DevOps team manages infrastructure for an application. The application uses long-running processes to process items from an Amazon Simple Queue Service (Amazon SQS) queue. The application is deployed to an Auto Scaling group.

The application recently experienced an issue where items were taking significantly longer to process. The queue exceeded the expected size, which prevented various business processes from functioning properly. The application records all logs to a third-party tool.

The team is currently subscribed to an Amazon Simple Notification Service (Amazon SNS) topic that the team uses for alerts. The team needs to be alerted if the queue exceeds the expected size.

Which solution will meet these requirements with the MOST operational efficiency?

Create an Amazon CloudWatch metric alarm with a period of 1 hour and a static threshold to alarm if the average of the ApproximateNumberOfMessagesDelayed metric is greater than the expected value. Configure the alarm to notify the SNS topic.

Create an Amazon CloudWatch metric alarm with a period of 1 hour and a static threshold to alarm if the sum of the ApproximateNumberOfMessagesVisible metric is greater than the expected value. Configure the alarm to notify the SNS topic.

Create an AWS Lambda function that retrieves the ApproximateNumberOfMessages SQS queue attribute value and publishes it as a new CloudWatch custom metric. Create an Amazon EventBridge rule that is scheduled to run every 5 minutes and that invokes the Lambda function. Configure a CloudWatch metrics alarm with a period of 1 hour and a static threshold to alarm if the sum of the new custom metric is greater than the expected value.

Create an AWS Lambda function that checks the ApproximateNumberOfMessagesDelayed SQS queue attribute and compares the value to a defined expected size in the function. Create an Amazon EventBridge rule that is scheduled to run every 5 minutes and that invokes the Lambda function. When the ApproximateNumberOfMessagesDelayed SQS queue attribute exceeds the expected size, send a notification the SNS topic.

Explanation:

Comprehensive and Detailed Explanation From Exact Extract:

The Amazon SQS service publishes several standard CloudWatch metrics by default, including ApproximateNumberOfMessagesVisible, which represents the number of messages available for retrieval from the queue (i.e., the number of messages waiting to be processed). This is the primary metric to monitor queue backlog and processing delays.

Using ApproximateNumberOfMessagesVisible to monitor the visible messages in the queue gives a direct and near real-time indication of processing delays or backlog.

CloudWatch metrics are automatically collected and available without the need to create custom metrics or Lambda functions, which increases operational efficiency by reducing complexity and maintenance overhead.

Setting a CloudWatch alarm on this metric with a static threshold and a reasonable evaluation period (such as 1 hour) is sufficient to alert the team when the queue grows beyond an expected size.

The alarm can be directly configured to send notifications to an existing SNS topic, maintaining seamless integration with the team’s alerting mechanisms.

The ApproximateNumberOfMessagesDelayed metric refers to messages that are delayed and not available for processing yet due to delay settings, which is not the direct backlog that causes business process delays.

Options C and D introduce unnecessary complexity by requiring Lambda functions and custom metrics or scheduled invocations, which reduce operational efficiency compared to using built-in CloudWatch metrics and alarms.

Reference from AWS Official Documentation and Study Guide:

Amazon SQS Monitoring with CloudWatch Metrics:"Amazon SQS automatically sends metrics to CloudWatch, including ApproximateNumberOfMessagesVisible, which shows the number of messages available for retrieval."(Source: Amazon SQS Monitoring - AWS Documentation)

Setting CloudWatch Alarms for SQS Queues:"You can create CloudWatch alarms on SQS metrics such as ApproximateNumberOfMessagesVisible to receive notifications when the queue size exceeds a threshold."(Source: Amazon CloudWatch Alarms - AWS Documentation)

AWS DevOps Engineer Professional Exam Guide:"Efficient alerting for queue backlogs should leverage native CloudWatch metrics to minimize operational overhead."(Source: Official AWS Certified DevOps Engineer Professional Study Guide)

Question # 76

A company has developed a static website hosted on an Amazon S3 bucket. The website is deployed using AWS CloudFormation. The CloudFormation template defines an S3 bucket and a custom resource that copies content into the bucket from a source location.

The company has decided that it needs to move the website to a new location, so the existing CloudFormation stack must be deleted and re-created. However, CloudFormation reports that the stack could not be deleted cleanly.

What is the MOST likely cause and how can the DevOps engineer mitigate this problem for this and future versions of the website?

Deletion has failed because the S3 bucket has an active website configuration. Modify the Cloud Formation template to remove the WebsiteConfiguration properly from the S3 bucket resource.

Deletion has failed because the S3 bucket is not empty. Modify the custom resource's AWS Lambda function code to recursively empty the bucket when RequestType is Delete.

Deletion has failed because the custom resource does not define a deletion policy. Add a DeletionPolicy property to the custom resource definition with a value of RemoveOnDeletion.

Deletion has failed because the S3 bucket is not empty. Modify the S3 bucket resource in the CloudFormation template to add a DeletionPolicy property with a value of Empty.

Question # 77

A development team uses AWS CodeCommit, AWS CodePipeline, and AWS CodeBuild to develop and deploy an application. Changes to the code are submitted by pull requests. The development team reviews and merges the pull requests, and then the pipeline builds and tests the application.

Over time, the number of pull requests has increased. The pipeline is frequently blocked because of failing tests. To prevent this blockage, the development team wants to run the unit and integration tests on each pull request before it is merged.

Which solution will meet these requirements?

Create a CodeBuild project to run the unit and integration tests. Create a CodeCommit approval rule template. Configure the template to require the successful invocation of the CodeBuild project. Attach the approval rule to the project's CodeCommit repository.

Create an Amazon EventBridge rule to match pullRequestCreated events from CodeCommit Create a CodeBuild project to run the unit and integration tests. Configure the CodeBuild project as a target of the EventBridge rule that includes a custom event payload with the CodeCommit repository and branch information from the event.

Create an Amazon EventBridge rule to match pullRequestCreated events from CodeCommit. Modify the existing CodePipeline pipeline to not run the deploy steps if the build is started from a pull request. Configure the EventBridge rule to run the pipeline with a custom payload that contains the CodeCommit repository and branch information from the event.

Create a CodeBuild project to run the unit and integration tests. Create a CodeCommit notification rule that matches when a pull request is created or updated. Configure the notification rule to invoke the CodeBuild project.

Question # 78

A company is migrating its on-premises Windows applications and Linux applications to AWS. The company will use automation to launch Amazon EC2 instances to mirror the on-premises configurations. The migrated applications require access to shared storage that uses SMB for Windows and NFS for Linux.

The company is also creating a pilot light disaster recovery (DR) environment in another AWS Region. The company will use automation to launch and configure the EC2 instances in the DR Region. The company needs to replicate the storage to the DR Region.

Which storage solution will meet these requirements?

Use Amazon S3 for the application storage. Create an S3 bucket in the primary Region and an S3 bucket in the DR Region. Configure S3 Cross-Region Replication (CRR) from the primary Region to the DR Region.

Use Amazon Elastic Block Store (Amazon EBS) for the application storage. Create a backup plan in AWS Backup that creates snapshots of the EBS volumes that are in the primary Region and replicates the snapshots to the DR Region.

Use a Volume Gateway in AWS Storage Gateway for the application storage. Configure Cross-Region Replication (CRR) of the Volume Gateway from the primary Region to the DR Region.

Use Amazon FSx for NetApp ONTAP for the application storage. Create an FSx for ONTAP instance in the DR Region. Configure NetApp SnapMirror replication from the primary Region to the DR Region.

Explanation:

To meet the requirements of migrating its on-premises Windows and Linux applications to AWS and creating a pilot light DR environment in another AWS Region, the company should use Amazon FSx for NetApp ONTAP for the application storage. Amazon FSx for NetApp ONTAP is a fully managed service that provides highly reliable, scalable, high-performing, and feature-rich file storage built on NetApp’s popular ONTAP file system. FSx for ONTAP supports multiple protocols, including SMB for Windows and NFS for Linux, so the company can access the shared storage from both types of applications. FSx for ONTAP also supports NetApp SnapMirror replication, which enables the company to replicate the storage to the DR Region. NetApp SnapMirror replication is efficient, secure, and incremental, and it preserves the data deduplication and compression benefits of FSx for ONTAP. The company can use automation to launch and configure the EC2 instances in the DR Region and then use NetApp SnapMirror to restore the data from the primary Region.

The other options are not correct because they do not meet the requirements or follow best practices. Using Amazon S3 for the application storage is not a good option because S3 is an object storage service that does not support SMB or NFS protocols natively. The company would need to use additional services or software to mount S3 buckets as file systems, which would add complexity and cost. Using Amazon EBS for the application storage is also not a good option because EBS is a block storage service that does not support SMB or NFS protocols natively. The company would need to set up and manage file servers on EC2 instances to provide shared access to the EBS volumes, which would add overhead and maintenance. Using a Volume Gateway in AWS Storage Gateway for the application storage is not a valid option because Volume Gateway does not support SMB protocol. Volume Gateway only supports iSCSI protocol, which means that only Linux applications can access the shared storage.

1: What is Amazon FSx for NetApp ONTAP? - FSx for ONTAP

2: Amazon FSx for NetApp ONTAP

3: Amazon FSx for NetApp ONTAP | NetApp

4: AWS Announces General Availability of Amazon FSx for NetApp ONTAP

Replicating Data with NetApp SnapMirror - FSx for ONTAP

What Is Amazon S3? - Amazon Simple Storage Service

What Is Amazon Elastic Block Store (Amazon EBS)? - Amazon Elastic Compute Cloud

What Is AWS Storage Gateway? - AWS Storage Gateway

Question # 79

A DevOps engineer wants to find a solution to migrate an application from on premises to AWS The application is running on Linux and needs to run on specific versions of Apache Tomcat HAProxy and Varnish Cache to function properly. The application's operating system-level parameters require tuning The solution must include a way to automate the deployment of new application versions. The infrastructure should be scalable and faulty servers should be replaced automatically.

Which solution should the DevOps engineer use?

Upload the application as a Docker image that contains all the necessary software to Amazon ECR Create an Amazon ECS cluster using an AWS Fargate launch type and an Auto Scaling group. Create an AWS CodePipeline pipeline that uses Amazon ECR as a source and Amazon ECS as a deployment provider

Upload the application code to an AWS CodeCommit repository with a saved configuration file to configure and install the software Create an AWS Elastic Beanstalk web server tier and a load balanced-type environment that uses the Tomcat solution stack Create an AWS CodePipeline pipeline that uses CodeCommit as a source and Elastic Beanstalk as a deployment provider

Upload the application code to an AWS CodeCommit repository with a set of ebextensions files to configure and install the software. Create an AWS Elastic Beanstalk worker tier environment that uses the Tomcat solution stack Create an AWS CodePipeline pipeline that uses CodeCommit as a source and Elastic Beanstalk as a deployment provider

Upload the application code to an AWS CodeCommit repository with an appspec.yml file to configure and install the necessary software. Create an AWS CodeDeploy deployment group associated with an Amazon EC2 Auto Scaling group Create an AWS CodePipeline pipeline that uses CodeCommit as a source and CodeDeploy as a deployment provider

Explanation:

The correct answer is D. The scenario requires a solution that can migrate an application from on premises to AWS, run on specific versions of Apache Tomcat, HAProxy, and Varnish Cache, tune the operating system-level parameters, automate the deployment of new application versions, and scale and replace faulty servers automatically. Option D meets all these requirements by using AWS CodeCommit, AWS CodeDeploy, AWS CodePipeline, and Amazon EC2 Auto Scaling. AWS CodeCommit is a fully managed source control service that hosts Git repositories and works with Git-based tools. AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services, including Amazon EC2, AWS Fargate, AWS Lambda, and on-premises servers. AWS CodePipeline is a fully managed continuous delivery service that helps automate the release pipelines for fast and reliable application updates. Amazon EC2 Auto Scaling helps maintain application availability and allows scaling of Amazon EC2 capacity up or down automatically according to the defined conditions. By using these services together, the DevOps engineer can migrate the application code to AWS, configure and install the necessary software using the appspec.yml file, automate the deployment process using the pipeline, and scale and replace the servers using the Auto Scaling group.

Option A is incorrect because AWS Fargate is a serverless compute engine for containers that works with Amazon ECS and Amazon EKS. Fargate removes the need to provision and manage servers, but it also limits the ability to tune the operating system-level parameters, which is a requirement in the scenario. Moreover, Fargate does not support HAProxy and Varnish Cache as sidecar containers, which are needed to run the application properly.

Option B is incorrect because AWS Elastic Beanstalk is a fully managed service that automates the deployment and scaling of web applications and services using familiar servers such as Apache, Nginx, Passenger, and IIS. However, Elastic Beanstalk does not support HAProxy and Varnish Cache as part of the Tomcat solution stack, which are needed to run the application properly. Moreover, Elastic Beanstalk web server tier environments are designed to serve HTTP requests, not to process background tasks, which is the purpose of worker tier environments.

Option C is incorrect because AWS Elastic Beanstalk worker tier environments are designed to process background tasks using a daemon process that runs on each Amazon EC2 instance in the environment. Worker tier environments are not suitable for running web applications that serve HTTP requests, which is the case in the scenario. Moreover, Elastic Beanstalk does not support HAProxy and Varnish Cache as part of the Tomcat solution stack, which are needed to run the application properly.

AWS CodeCommit

AWS CodeDeploy

AWS CodePipeline

Amazon EC2 Auto Scaling

AWS Fargate

AWS Elastic Beanstalk

Question # 80

A company runs an application on Amazon EKS. The company needs comprehensive logging for control plane and nodes, analyze API requests, and monitor container performance with minimal operational overhead.

Which solution meets these requirements?

Enable CloudTrail for control plane logging; deploy Logstash as a ReplicaSet on nodes; use OpenSearch to store and analyze logs.

Enable control plane logging for EKS and send logs to CloudWatch; use CloudWatch Container Insights for node and container logs; use CloudWatch Logs Insights to query logs.

Enable API server control plane logging and send to S3; deploy Kubernetes Event Exporter on nodes; send logs to S3; use Athena and QuickSight for analysis.

Use AWS Distro for OpenTelemetry; stream logs to Firehose; analyze data in Redshift.

Question # 81

A company uses AWS CloudFormation stacks to deploy updates to its application. The stacks consist of different resources. The resources include AWS Auto Scaling groups, Amazon EC2 instances, Application Load Balancers (ALBs), and other resources that are necessary to launch and maintain independent stacks. Changes to application resources outside of CloudFormation stack updates are not allowed.

The company recently attempted to update the application stack by using the AWS CLI. The stack failed to update and produced the following error message: "ERROR: both the deployment and the CloudFormation stack rollback failed. The deployment failed because the following resource(s) failed to update: [AutoScalingGroup]."

The stack remains in a status of UPDATE_ROLLBACK_FAILED. *

Which solution will resolve this issue?

Update the subnet mappings that are configured for the ALBs. Run the aws cloudformation update-stack-set AWS CLI command.

Update the 1AM role by providing the necessary permissions to update the stack. Run the aws cloudformation continue-update-rollback AWS CLI command.

Submit a request for a quota increase for the number of EC2 instances for the account. Run the aws cloudformation cancel-update-stack AWS CLI command.

Delete the Auto Scaling group resource. Run the aws cloudformation rollback-stack AWS CLI command.

Question # 82

A company has multiple member accounts that are part of an organization in AWS Organizations. The security team needs to review every Amazon EC2 security group and their inbound and outbound rules. The security team wants to programmatically retrieve this information from the member accounts using an AWS Lambda function in the management account of the organization.

Which combination of access changes will meet these requirements? (Choose three.)

Create a trust relationship that allows users in the member accounts to assume the management account IAM role.

Create a trust relationship that allows users in the management account to assume the IAM roles of the member accounts.

Create an IAM role in each member account that has access to the AmazonEC2ReadOnlyAccess managed policy.

Create an I AM role in each member account to allow the sts:AssumeRole action against the management account IAM role's ARN.

Create an I AM role in the management account that allows the sts:AssumeRole action against the member account IAM role's ARN.

Create an IAM role in the management account that has access to the AmazonEC2ReadOnlyAccess managed policy.

Question # 83

A company is using the AWS Cloud Development Kit (AWS CDK) to develop a microservices-based application. The company needs to create reusable infrastructure components for three environments: development, staging, and production. The components must include networking resources, database resources, and serverless compute resources.

The company must implement a solution that provides consistent infrastructure across environments while offering the option for environment-specific customizations. The solution also must minimize code duplication.

Which solution will meet these requirements with the LEAST development overhead?

Create custom Level 1 (L1) constructs out of Level 2 (L2) constructs where repeatable patterns exist. Create a single set of deployment stacks that takes the environment name as an argument upon instantiation. Deploy CDK applications for each environment.

Create custom Level 1 (L1) constructs out of Level 2 (L2) constructs where repeatable patterns exist. Create separate deployment stacks for each environment. Use the CDK context command to determine which stacks to run when deploying to each environment.

Create custom Level 3 (L3) constructs out of Level 2 (L2) constructs where repeatable patterns exist. Create a single set of deployment stacks that takes the environment name as an argument upon instantiation. Deploy CDK applications for each environment.

Create custom Level 3 (L3) constructs out of Level 2 (L2) constructs where repeatable patterns exist. Create separate deployment stacks for each environment. Use the CDK context command to determine which stacks to run when deploying to each environment.

Question # 84

A company deploys its corporate infrastructure on AWS across multiple AWS Regions and Availability Zones. The infrastructure is deployed on Amazon EC2 instances and connects with AWS loT Greengrass devices. The company deploys additional resources on on-premises servers that are located in the corporate headquarters.

The company wants to reduce the overhead involved in maintaining and updating its resources. The company's DevOps team plans to use AWS Systems Manager to implement automated management and application of patches. The DevOps team confirms that Systems Manager is available in the Regions that the resources are deployed m Systems Manager also is available in a Region near the corporate headquarters.

Which combination of steps must the DevOps team take to implement automated patch and configuration management across the company's EC2 instances loT devices and on-premises infrastructure? (Select THREE.)

Apply tags lo all the EC2 instances. AWS loT Greengrass devices, and on-premises servers. Use Systems Manager Session Manager to push patches to all the tagged devices.

Use Systems Manager Run Command to schedule patching for the EC2 instances AWS loT Greengrass devices and on-premises servers.

Use Systems Manager Patch Manager to schedule patching loT the EC2 instances AWS loT Greengrass devices and on-premises servers as a Systems Manager maintenance window task.

Configure Amazon EventBridge to monitor Systems Manager Patch Manager for updates to patch baselines. Associate Systems Manager Run Command with the event lo initiate a patch action for all EC2 instances AWS loT Greengrass devices and on-premises servers.

Create an IAM instance profile for Systems Manager Attach the instance profile to all the EC2 instances in the AWS account. For the AWS loT Greengrass devices and on-premises servers create an IAM service role for Systems Manager.

Generate a managed-instance activation Use the Activation Code and Activation ID to install Systems Manager Agent (SSM Agent) on each server in the on-premises environment Update the AWS loT Greengrass IAM token exchange role Use the role to deploy SSM Agent on all the loT devices.

Question # 85

A growing company manages more than 50 accounts in an organization in AWS Organizations. The company has configured its applications to send logs to Amazon CloudWatch Logs.

A DevOps engineer needs to aggregate logs so that the company can quickly search the logs to respond to future security incidents. The DevOps engineer has created a new AWS account for centralized monitoring.

Which combination of steps should the DevOps engineer take to make the application logs searchable from the monitoring account? (Select THREE.)

In the monitoring account, download an AWS CloudFormation template from CloudWatch to use in Organizations. Use CloudFormation StackSets in the organization's management account to deploy the CloudFormation template to the entire organization.

Create an AWS CloudFormation template that defines an IAM role. Configure the role to allow logs-amazonaws.com to perform the logs:Link action if the aws:ResourceAccount property is equal to the monitoring account ID. Use CloudFormation StackSets in the organization's management account to deploy the CloudFormation template to the entire organization.

Create an IAM role in the monitoring account. Attach a trust policy that allows logs.amazonaws.com to perform the iam:CreateSink action if the aws:PrincipalOrgld property is equal to the organization ID.

In the organization's management account, enable the logging policies for the organization.

use CloudWatch Observability Access Manager in the monitoring account to create a sink. Allow logs to be shared with the monitoring account. Configure the monitoring account data selection to view the Observability data from the organization ID.

In the monitoring account, attach the CloudWatchLogsReadOnlyAccess AWS managed policy to an IAM role that can be assumed to search the logs.

Amazon Web Services DOP-C02 Premium Access Download Demo

Page: 4 / 6
Total 392 questions

New Year Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmaspas7

DOP-C02 Amazon Web Services AWS Certified DevOps Engineer - Professional Free Practice Exam Questions (2025 Updated)

The Answer Is:

Explanation:

The Answer Is:

Explanation:

The Answer Is:

The Answer Is:

Explanation:

The Answer Is:

Explanation:

The Answer Is:

Explanation:

The Answer Is:

Explanation:

The Answer Is:

Explanation:

The Answer Is:

Explanation:

The Answer Is:

Explanation:

The Answer Is:

Explanation:

The Answer Is:

Explanation:

The Answer Is:

Explanation:

The Answer Is:

Explanation:

The Answer Is:

Explanation:

The Answer Is:

Explanation:

The Answer Is:

Explanation:

The Answer Is:

Explanation:

The Answer Is:

Explanation:

The Answer Is:

Explanation: