| PDF + Test Engine |
|
||
| Test Engine |
|
||
|
|
Here are Amazon DOP-C02 PDF available features:
| 449 questions with answers | Updation Date : 16 Jul, 2026 |
| 1 day study required to pass exam | 100% Passing Assurance |
| 100% Money Back Guarantee | Free 3 Months Updates |
A company uses AWS CloudFormation stacks to deploy updates to its application. The stacks consist of different resources. The resources include AWS Auto Scaling groups
A company uses AWS CloudFormation stacks to deploy updates to its application. The stacks consist of different resources. The resources include AWS Auto Scaling groups
A. Update the subnet mappings that are configured for the ALBs. Run the awscloudformation update-stack-set AWS CLI command.
B. Update the 1AM role by providing the necessary permissions to update the stack. Runthe aws cloudformation continue-update-rollback AWS CLI command.
C. Submit a request for a quota increase for the number of EC2 instances for the account.Run the aws cloudformation cancel-update-stack AWS CLI command.
D. Delete the Auto Scaling group resource. Run the aws cloudformation rollback-stackAWS CLI command.
A company is using an AWS CodeBuild project to build and package an application. The packages are copied to a shared Amazon S3 bucket before being deployed across multiple AWS accounts. The buildspec.yml file contains the following:
The DevOps engineer has noticed that anybody with an AWS account is able to download the artifacts. What steps should the DevOps engineer take to stop this?
A. Modify the post_build command to use --acl public-read and configure a bucket policythat grants read access to the relevant AWS accounts only.
B. Configure a default ACL for the S3 bucket that defines the set of authenticated users asthe relevant AWS accounts only and grants read-only access.
C. Create an S3 bucket policy that grants read access to the relevant AWS accounts anddenies read access to the principal “*”.
D. Modify the post_build command to remove --acl authenticated-read and configure abucket policy that allows read access to the relevant AWS accounts only
A company has an organization in AWS Organizations. A DevOps engineer needs to maintain multiple AWS accounts that belong to different OUs in the organization. All resources, including 1AM policies and Amazon S3 policies within an account, are deployed through AWS CloudFormation. All templates and code are maintained in an AWS CodeCommit repository Recently, some developers have not been able to access an S3 bucket from some accounts in the organization. The following policy is attached to the S3 bucket.
What should the DevOps engineer do to resolve this access issue?
A. Modify the S3 bucket policy Turn off the S3 Block Public Access setting on the S3bucket In the S3 policy, add the awsSourceAccount condition. Add the AWS account IDs ofall developers who are experiencing the issue
B. Verify that no 1AM permissions boundaries are denying developers access to the S3bucket Make the necessary changes to IAM permissions boundaries. Use an AWS Configrecorder in the individual developer accounts that are experiencing the issue to revert anychanges that are blocking access. Commit the fix back into the CodeCommit repository.Invoke deployment through Cloud Formation to apply the changes.
C. Configure an SCP that stops anyone from modifying 1AM resources in developer OUs.In the S3 policy, add the awsSourceAccount condition. Add the AWS account IDs of alldevelopers who are experiencing the issue Commit the fix back into the CodeCommitrepository Invoke deployment through CloudFormation to apply the changes
D. Ensure that no SCP is blocking access for developers to the S3 bucket Ensure that no1AM policy permissions boundaries are denying access to developer 1AM users Make thenecessary changes to the SCP and 1AM policy permissions boundaries in theCodeCommit repository Invoke deployment through CloudFormation to apply the changes
A company is using AWS Organizations to centrally manage its AWS accounts. The company has turned on AWS Config in each member account by using AWS Cloud Formation StackSets The company has configured trusted access in Organizations for AWS Config and has configured a member account as a delegated administrator account for AWS Config A DevOps engineer needs to implement a new security policy The policy must require all current and future AWS member accounts to use a common baseline of AWS Config rules that contain remediation actions that are managed from a central account Nonadministrator users who can access member accounts must not be able to modify this common baseline of AWS Config rules that are deployed into each member account Which solution will meet these requirements?
A. Create a CloudFormation template that contains the AWS Config rules and remediationactions. Deploy the template from the Organizations management account by usingCloudFormation StackSets
B. Create an AWS Config conformance pack that contains the AWS Config rules andremediation actions Deploy the pack from the Organizations management account by usingCloudFormation StackSets.
C. Create a CloudFormation template that contains the AWS Config rules and remediationactions Deploy the template from the delegated administrator account by using AWSConfig.
D. Create an AWS Config conformance pack that contains the AWS Config rules andremediation actions. Deploy the pack from the delegated administrator account by usingAWS Config.
A company needs a strategy for failover and disaster recovery of its data and application. The application uses a MySQL database and Amazon EC2 instances. The company requires a maximum RPO of 2 hours and a maximum RTO of 10 minutes for its data and application at all times. Which combination of deployment strategies will meet these requirements? (Select TWO.)
A. Create an Amazon Aurora Single-AZ cluster in multiple AWS Regions as the data store.Use Aurora's automatic recovery capabilities in the event of a disaster.
B. Create an Amazon Aurora global database in two AWS Regions as the data store. In theevent of a failure, promote the secondary Region to the primary for the application. Updatethe application to use the Aurora cluster endpoint in the secondary Region
C. Create an Amazon Aurora cluster in multiple AWS Regions as the data store. Use aNetwork Load Balancer to balance the database traffic in different Regions.
D. Set up the application in two AWS Regions. Use Amazon Route 53 failover routing thatpoints to Application Load Balancers in both Regions. Use health checks and Auto Scalinggroups in each Region.
E. Set up the application in two AWS Regions. Configure AWS Global Accelerator to pointto Application Load Balancers (ALBs) in both Regions. Add both ALBs to a single endpointgroup. Use health checks and Auto Scaling groups in each Region.
A company's application has an API that retrieves workload metrics. The company needs to audit, analyze, and visualize these metrics from the application to detect issues at scale. Which combination of steps will meet these requirements? (Select THREE).
A. Configure an Amazon EventBridge schedule to invoke an AWS Lambda function thatcalls the API to retrieve workload metrics. Store the workload metric data in an Amazon S3bucket.
B. Configure an Amazon EventBridge schedule to invoke an AWS Lambda function thatcalls the API to retrieve workload metrics. Store the workload metric data in an AmazonDynamoDB table that has a DynamoDB stream enabled.
C. Create an AWS Glue crawler to catalog the workload metric data in the Amazon S3bucket. Create views in Amazon Athena for the cataloged data.
D. Connect an AWS Glue crawler to the Amazon DynamoDB stream to catalog theworkload metric data. Create views in Amazon Athena for the cataloged data.
E. Create Amazon QuickSight datasets from the Amazon Athena views. Create aQuickSight analysis to visualize the workload metric data as a dashboard.
F. Create an Amazon CloudWatch dashboard that has custom widgets that invoke AWSLambda functions. Configure the Lambda functions to query the workload metrics datafrom the Amazon Athena views.
A software team is using AWS CodePipeline to automate its Java application release pipeline The pipeline consists of a source stage, then a build stage, and then a deploy stage. Each stage contains a single action that has a runOrder value of 1. The team wants to integrate unit tests into the existing release pipeline. The team needs a solution that deploys only the code changes that pass all unit tests. Which solution will meet these requirements?
A. Modify the build stage. Add a test action that has a runOrder value of 1. Use AWSCodeDeploy as the action provider to run unit tests.
B. Modify the build stage Add a test action that has a runOrder value of 2 Use AWSCodeBuild as the action provider to run unit tests
C. Modify the deploy stage Add a test action that has a runOrder value of 1 Use AWSCodeDeploy as the action provider to run unit tests
D. Modify the deploy stage Add a test action that has a runOrder value of 2 Use AWSCodeBuild as the action provider to run unit tests
A company is developing a web application and is using AWS CodeBuild for its CI/CD pipeline. The company must generate multiple artifacts from a single build process. The company also needs the ability to determine which build generated each artifact. The artifacts must be stored in an Amazon S3 bucket for further processing and deployment. Builds occur frequently and are based on a large Git repository. The company needs to optimize build times. Which solution will meet these requirements with the MOST operational efficiency?
A. Configure the buildspec.yml file to specify multiple artifacts with different file sets.Enable local caching for the build process by using source cache mode. Use environmentvariables to dynamically name artifacts based on the build ID.
B. Configure the buildspec.yml file to output all files as a single artifact. Enable localcaching for the build process by using custom cache mode. Create an AWS Lambdafunction that is invoked by CodeBuild completion. Program the Lambda function to split theartifact into multiple files and to upload the files to the S3 bucket with dynamic namesbased on build ID
C. Create separate CodeBuild projects for each artifact type. Enable local caching for thebuild process by using Docker layer cache mode. Configure each project to output a singleartifact to the S3 bucket with a dynamic name based on build ID. Use AWS Step Functionsto orchestrate the projects in parallel.
D. Set up CodeBuild to generate a single ZIP artifact that contains all files. Enable S3caching for the build process. Use AWS CodePipeline with a custom action to extract thefiles and reorganize the files into multiple artifacts in the S3 bucket. Configure the customaction to dynamically name the files based on the time of the build.
A company has an application and a CI/CD pipeline. The CI/CD pipeline consists of an AWS CodePipeline pipeline and an AWS CodeBuild project. The CodeBuild project runs tests against the application as part of the build process and outputs a test report. The company must keep the test reports for 90 days. Which solution will meet these requirements?
A. Add a new stage in the CodePipeline pipeline after the stage that contains theCodeBuild project. Create an Amazon S3 bucket to store the reports. Configure an S3deploy action type in the new CodePipeline stage with the appropriate path and format forthe reports.
B. Add a report group in the CodeBuild project buildspec file with the appropriate path andformat for the reports. Create an Amazon S3 bucket to store the reports. Configure anAmazon EventBridge rule that invokes an AWS Lambda function to copy the reports to theS3 bucket when a build is completed. Create an S3 Lifecycle rule to expire the objects after90 days.
C. Add a new stage in the CodePipeline pipeline. Configure a test action type with theappropriate path and format for the reports. Configure the report expiration time to be 90days in the CodeBuild project buildspec file.
D. Add a report group in the CodeBuild project buildspec file with the appropriate path andformat for the reports. Create an Amazon S3 bucket to store the reports. Configure thereport group as an artifact in the CodeBuild project buildspec file. Configure the S3 bucketas the artifact destination. Set the object expiration to 90 days.
A company uses a series of individual Amazon Cloud Formation templates to deploy its multi-Region Applications. These templates must be deployed in a specific order. The company is making more changes to the templates than previously expected and wants to deploy new templates more efficiently. Additionally, the data engineering team must be notified of all changes to the templates. What should the company do to accomplish these goals?
A. Create an AWS Lambda function to deploy the Cloud Formation templates m therequired order Use stack policies to alert the data engineering team.
B. Host the Cloud Formation templates in Amazon S3 Use Amazon S3 events to directlytrigger CloudFormation updates and Amazon SNS notifications.
C. Implement CloudFormation StackSets and use drift detection to trigger update alerts tothe data engineering team.
D. Leverage CloudFormation nested stacks and stack sets (or deployments Use AmazonSNS to notify the data engineering team.