DOP-C02 Exam Questions
498 real DOP-C02 exam questions with expert-verified answers and explanations. Page 10 of 10.
- Question #455Configuration Management and Infrastructure as Code
A company is using the AWS Cloud Development Kit (AWS CDK) to develop a microservices- based application. The company needs to create reusable infrastructure components for three e...
AWS CDKInfrastructure as CodeMicroservicesReusability - Question #457Security and Compliance
A company deployed an Amazon CloudFront distribution that accepts requests and routes to an Amazon API Gateway HTTP API. During a recent security audit, the company discovered that...
CloudFrontAPI GatewaySecurity HardeningAccess Control - Question #458SDLC Automation
A company uses a trunk-based development branching strategy. The company has two AWS CodePipeline pipelines that are integrated with a Git provider. The pull_request pipeline has a...
AWS CodePipelineCI/CDBranching StrategyParallel execution - Question #460Configuration Management and Infrastructure as Code
A company uses AWS Lambda functions in the primary operating AWS Region of its AWS account. The company manually created the Lambda functions. The company needs to use a Python-bas...
AWS CDKInfrastructure as CodeResource ImportLambda - Question #461Security and Compliance
A company uses AWS Organizations, AWS Control Tower, AWS Config, and Terraform to manage its AWS accounts and resources. The company must ensure that users deploy only AWS Lambda f...
AWS Control TowerSCPsLambdaVPC integration - Question #462Security and Compliance
A company uses Amazon ECS with the Amazon EC2 launch type. The company requires all log data to be centralized on Amazon CloudWatch. The company's ECS tasks failed to deploy. An er...
ECSIAM RolesCloudWatch LogsTrust Policies - Question #463Configuration Management and Infrastructure as Code
A DevOps engineer needs to install antivirus software on all Amazon EC2 instances in an AWS account. The EC2 instances run the most recent Amazon Linux version. The solution must d...
Systems ManagerPatch ManagementAWS ConfigEC2 Security - Question #464Monitoring and Logging
A company runs an Amazon EKS cluster and must implement comprehensive logging for the control plane and nodes. The company must analyze API requests and monitor container performan...
EKSCloudWatch LogsContainer InsightsControl Plane Logging - Question #465Monitoring and Logging
A company streams logs to CloudWatch Logs. Logs must be searchable for 30 days, low-latency accessible for 90 days, and occasionally retrieved after 180 days. Which solution is MOS...
CloudWatch LogsS3 Lifecycle PoliciesLog RetentionCost Optimization - Question #466Configuration Management and Infrastructure as Code
A company uses AWS Control Tower to deploy multiple AWS accounts. A security team must automate Control Tower guardrails applied to all accounts in an OU, with version control and...
AWS Control TowerAWS OrganizationsIaCGuardrails - Question #467Security and Compliance
A company wants governance where only specific Regions and services can be used, with centralized AD authentication and job-function-based roles. Which solution meets these require...
AWS OrganizationsSCPsIAMMulti-account Governance - Question #468Security and Compliance
A company requires all employees to access secrets via Systems Manager Parameter Store with rotation every 60 days. The company must add a new secret for an Amazon ElastiCache Redi...
AWS Secrets ManagerParameter StoreSecret RotationElastiCache - Question #469SDLC Automation
A SaaS company uses ECS (Fargate) behind an ALB and CodePipeline + CodeDeploy for blue/green deployments. They need automatic, incremental traffic shifting over time with no downti...
ECS FargateCodeDeployBlue/Green DeploymentTraffic Shifting - Question #470Reliability & Resilience
A company uses Amazon RDS for Microsoft SQL Server as its primary database and must ensure cross-Region high availability with RPO < 1 min and RTO < 10 min. Which solution meets th...
RDSHigh AvailabilityDisaster RecoveryRPO/RTO - Question #471Monitoring and Logging
A company uses AWS Organizations with CloudTrail trusted access. All events across accounts and Regions must be logged and retained in an audit account, and failed login attempts s...
CloudTrailAWS OrganizationsEventBridgeSecurity Monitoring - Question #472Configuration Management and Infrastructure as Code
A company uses AWS Control Tower and Organizations for a multi-account environment. It needs to create new accounts and ensure they receive a consistent baseline configuration. Whi...
AWS Control TowerAccount FactoryMulti-account ManagementBaseline Configuration - Question #473Configuration Management and Infrastructure as Code
A company's EC2 fleet must maintain up-to-date security patches and compliance reporting. Which solution meets these requirements?
Systems Manager Patch ManagerAWS ConfigEC2 SecurityCompliance Reporting - Question #474SDLC Automation
A company frequently creates Docker images stored in Amazon ECR, with both tagged and untagged versions. The company wants to delete stale or unused images while keeping a minimum...
Amazon ECRDocker ImagesImage LifecycleCost Optimization - Question #475Incident & Event Response
A DevOps engineer must implement a solution that immediately terminates Amazon EC2 instances in Auto Scaling groups when cryptocurrency mining activity is detected. Which solution...
Security AutomationThreat DetectionDNS LoggingAutomated Remediation - Question #476Monitoring and Logging
A DevOps engineer is supporting early-stage development for a developer platform that runs on Amazon Elastic Kubernetes Service (Amazon EKS). Recently, the platform has experienced...
Amazon EKSCloudWatch Container InsightsContainer MonitoringTroubleshooting - Question #477Resilient Cloud Solutions
A company has a public application that uses an Amazon API Gateway REST API, an AWS Lambda function, and an Amazon RDS for PostgreSQL DB cluster. Users have recently received error...
API Gateway cachingdatabase scalingRDS connection limitsserverless optimization - Question #478Security and Compliance
A company uses Amazon Elastic Container Registry (Amazon ECR) for all images of the company's containerized infrastructure. The company uses the pull through cache functionality wi...
ECR encryptionKMS integrationpull-through cachesecurity compliance - Question #479Monitoring and Logging
An ecommerce company hosts a web application on Amazon EC2 instances that are in an Auto Scaling group. The company deploys the application across multiple Availability Zones. Appl...
CloudWatch MonitoringEC2 MonitoringCustom MetricsPerformance Alerting - Question #480Configuration Management and IaC
A company uses Amazon Elastic Kubernetes Services (Amazon EKS) to host containerized applications that are available in Amazon Elastic Container Registry (Amazon ECR). The company...
EKS UpgradesOperational OverheadAWS FargateEKS Automation - Question #481Security & Compliance
A company in a highly regulated industry is building an artifact by using AWS CodeBuild and AWS CodePipeline. The company must connect to an external authenticated API during the b...
AWS Secrets ManagerAWS CodeBuildAWS KMSIAM Policies - Question #482Monitoring and Logging
A company uses Amazon Elastic Container Service (Amazon ECS) with an Amazon EC2 launch type. The company requires all log data to be centralized on Amazon CloudWatch. The company's...
ECSIAM RolesCloudWatch LogsTrust Policies - Question #483Monitoring and Logging
A video-sharing company stores its videos in an Amazon S3 bucket. The company needs to analyze user access patterns such as the number of users who access a specific video each mon...
S3 Server Access LoggingAmazon AthenaLog analysisOperational efficiency - Question #484Security & Compliance
A company built its serverless infrastructure on AWS. The infrastructure consists of an Amazon API Gateway REST API, multiple AWS Lambda functions, and Amazon EventBridge. The comp...
Threat DetectionServerless SecurityRuntime SecurityAWS GuardDuty - Question #485Monitoring and Logging
A company uses AWS CodePipeline and AWS CodeDeploy to deploy application code to Amazon EC2 instances. The EC2 instances send application logs and CodeDeploy logs to Amazon CloudWa...
CloudWatchCodeDeployAutomated RollbackMonitoring - Question #486Security and Compliance
A company uses AWS Organizations, AWS Control Tower, AWS Config, and Terraform to manage its AWS accounts and resources. The company must ensure that users deploy only AWS Lambda f...
AWS OrganizationsService Control PoliciesLambda VPCsecurity compliance - Question #488Resilient Cloud Solutions
A company runs an application that uses an Amazon S3 bucket to store images. A DevOps engineer needs to implement a multi-Region disaster recover (DR) strategy for the S3 objects....
S3 multi-Region DRS3 Replication Time ControlS3 Multi-Region Access Pointactive-passive failover - Question #490Monitoring and Logging
A company has an application that streams logs to an Amazon CloudWatch Logs log group. The logs must be available for the team to search in CloudWatch for at least 30 days. Logs mu...
CloudWatch Logs retentionS3 storage classeslog archivalcost optimization - Question #491Security and Compliance
A company has an organization in AWS Organizations. The organization has all features enabled and has AWS CloudTrail trusted access configured for the management account. An Amazon...
CloudTrail organization trailcentralized loggingsecurity auditingreal-time alerts - Question #493SDLC Automation
A company uses a pipeline in AWS CodePipeline to upload AWS CloudFormation templates to an Amazon S3 bucket. The pipeline uses the templates to deploy CloudFormation stacks that ma...
CloudFormation templatesCodePipelineGit integrationversion control - Question #494SDLC Automation
A company uses a trunk-based development branching strategy. The company has two AWS CodePipeline pipelines that are integrated with a Git provider. The pull_request pipeline has a...
CodePipeline execution modestrunk-based developmentCI/CD branching strategypipeline optimization - Question #495SDLC Automation
A DevOps engineer needs to configure an AWS CodePipeline pipeline that publishes container images to an Amazon Elastic Container Registry (Amazon ECR) repository. The pipeline must...
CodePipelineCI/CDECRGit integration - Question #496Monitoring and Logging
A company is running an application on Amazon Elastic Kubernetes Service (Amazon EKS). The company needs to implement comprehensive logging for the control plane and the nodes. The...
EKS loggingCloudWatch LogsControl plane logsContainer monitoring - Question #497Security and Compliance
A company wants to improve its security practices by enforcing least privilege across all projects. Developers must be able to access Amazon EC2 resources but not Amazon RDS resour...
IAM policiesLeast privilegeResource taggingCross-account access - Question #498Resilient Cloud Solutions
A company runs a development environment website and database on an Amazon EC2 instance that uses Amazon Elastic Block Store (Amazon EBS) storage. The company wants to make the ins...
EC2 recoveryCloudWatch AlarmsSystem healthResilience - Question #499Security and Compliance
A company operates a fleet of Amazon EC2 instances that host critical applications and handle sensitive data. The EC2 instances must have up-to-date security patches to protect aga...
Patch ManagerAWS ConfigSecurity patchingCompliance - Question #500SDLC Automation
A company has implemented a new microservices-based application on an Amazon Elastic Container Service (Amazon ECS) cluster. After each deployment, the company wants to validate th...
ECS deploymentsDeployment validationCloudWatch SyntheticsAutomated rollback - Question #501Monitoring and Logging
A company's applications run on Amazon EC2 instances and use AWS Lambda functions in multiple AWS accounts. All EC2 instances have the Amazon CloudWatch agent installed. All accoun...
Centralized loggingCloudWatch LogsAWS OrganizationsKMS encryption - Question #502Security and Compliance
A DevOps engineer needs to implement a CI/CD pipeline in an AWS account. The pipeline must consume sensitive database credentials that are stored in an AWS Systems Manager Paramete...
Parameter StoreKMS encryptionCross-account accessSecret management - Question #505Resilient Cloud Solutions
A global company uses Amazon S3 to host its product catalog website in the us-east-1 Region. The company must improve website performance for users across different geographical re...
CloudFrontCDNS3 hostingGlobal performanceOrigin Shield - Question #509Configuration Management and IaC
A company frequently creates Docker images of an application. The company stores the images in Amazon Elastic Container Registry (Amazon ECR). The company creates both tagged image...
ECRImage lifecycleContainer imagesCost optimization - Question #511Configuration Management and IaC
A company uses AWS Lambda functions in the primary operating AWS Region of its AWS account. The company manually created the Lambda functions. The company needs to use a Python-bas...
AWS CDKIaC importCloudFormationLambda management - Question #512Configuration Management and IaC
A company uses Amazon Elastic Kubernetes Services (Amazon EKS) to host containerized applications that are available in Amazon Elastic Container Registry (Amazon ECR). The company...
EKS cluster upgradeAWS CLIManaged node groupsKubernetes versions - Question #513SDLC Automation
A company produces builds for an open source project every day. The company hosts the open source project in a public code repository that the company supports. The company manuall...
CodePipelineBuild artifactsS3 website hostingPublic access