1. Home
  2. Amazon
  3. DOP-C02

Amazon DOP-C02 Online Practice Questions and Exam Preparation

DOP-C02 Exam Details

  • Exam Code
    :DOP-C02
  • Exam Name
    :AWS Certified DevOps Engineer - Professional (DOP-C02)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :461 Q&As
  • Last Updated
    :Jan 07, 2026

Amazon DOP-C02 Online Questions & Answers

  • Question 1:

    A company runs a website by using an Amazon Elastic Container Service (Amazon ECS) service that is connected to an Application Load Balancer (ALB). The service was in a steady state with tasks responding to requests successfully. A DevOps engineer updated the task definition with a new container image and deployed the new task definition to the service. The DevOps engineer noticed that the service is frequently stopping and starting new tasks because the ALB health checks are failing.

    What should the DevOps engineer do to troubleshoot the failed deployment?

    A. Ensure that a security group associated with the service allows traffic from the ALB.
    B. Increase the ALB health check grace period for the service.
    C. Increase the service minimum healthy percent setting.
    D. Decrease the ALB health check interval.

  • Question 2:

    A company uses AWS Organizations to manage multiple AWS accounts. The accounts are in an OU that has a policy attached to allow all actions. The company is migrating several Git repositories to a specified AWS CodeConnections supported Git provider. The Git repositories manage AWS CloudFormation stacks for application infrastructure that the company deploys across multiple AWS Regions. The company wants a DevOps team to integrate CodeConnections into the CloudFormation stacks. The DevOps team must ensure that company staff members can integrate only with the specified Git provider. The deployment process must be highly available across Regions.

    Which combination of steps will meet these requirements? (Select THREE.)

    A. Add a new SCP statement to the OU that denies the CodeConnections CreatingConnections action where the provider type is not the specified Git provider.
    B. Add a new SCP statement to the OU that allows the CodeConnections CreatingConnections action where the provider type is the specified Git provider.
    C. Use CodeConnections to configure a single CodeConnections connection to each Git repository.
    D. Use CodeConnections to create a CodeConnections connection from each Region where the company operates to each Git repository.
    E. Use CodeConnections to create a CodeConnections repository link. Update each CloudFormation stack to sync from the Git repository.
    F. For each Git repository, create a pipeline in AWS CodePipeline that has the Git repository set as the source and a CloudFormation deployment stage.

  • Question 3:

    A company's web app runs on EC2 with a relational database. The company wants highly available multi-Region architecture with latency-based routing for global customers.

    Which solution meets these requirements?

    A. ALB in each Region with Auto Scaling groups; Aurora global database with read replicas; Route 53 latency-based routing to ALBs.
    B. ALB in each Region with Auto Scaling groups; RDS primary in one Region with read replicas in others; Route 53 failover routing to ALBs.
    C. Elastic Beanstalk with ALB in each Region; Aurora global database with read replicas; CloudFront with custom origins for ALBs; Route 53 latency-based routing to CloudFront.
    D. Elastic Beanstalk with ALB in each Region; RDS primary in one Region with read replicas; CloudFront with custom origins for ALBs; Route 53 failover routing to CloudFront.

  • Question 4:

    A DevOps engineer needs to design a cloud-based solution to standardize deployment artifacts for AWS Cloud deployments and on-premises deployments. There is currently no routing traffic between the on-premises data center and the AWS environment.

    The solution must be able to consume downstream packages from public repositories and must be highly available. Data must be encrypted in transit and at rest. The solution must store the deployment artifacts in object storage and deploy the deployment artifacts into Amazon Elastic Container Service (Amazon ECS). The deployment artifacts must be encrypted in transit if the deployment artifacts travel across the public internet.

    The DevOps engineer needs to deploy this solution in less than two weeks.

    Which solution will meet these requirements?

    A. Use a third-party software VPN appliance to connect the on-premises data center and AWS. Use AWS CodeArtifact to store the deployment artifacts.
    B. Use an AWS Direct Connect connection and a VPN connection to connect the on- premises data center to AWS. Deploy third-party artifact management software on Amazon EC2 instances.
    C. Use two AWS VPN connections to connect the on-premises data center to AWS. Use AWS CodeArtifact to store the deployment artifacts.
    D. Use parallel AWS Direct Connect connections to connect the on-premises data center to AWS. Deploy third-party artifact management software on Amazon EC2 instances.

  • Question 5:

    A company's web app runs on EC2 Linux instances and needs to monitor custom metrics for API response and DB query latency across instances with least overhead.

    Which solution meets this?

    A. Install CloudWatch agent on instances, configure it to collect custom metrics, and instrument app to send metrics to agent.
    B. Use Amazon Managed Service for Prometheus to scrape metrics, use CloudWatch agent to forward metrics to CloudWatch.
    C. Create Lambda to poll app endpoints and DB, calculate metrics, send to CloudWatch via PutMetricData.
    D. Implement custom logging in app; use CloudWatch Logs Insights to extract and analyze metrics.

  • Question 6:

    A DevOps team deploys an ECS app behind an ALB using CodeDeploy with all-at-once strategy. Recent deployment increased response times, requiring rollback. The team wants a deployment strategy to monitor new versions before full traffic shift and rollback quickly if issues occur.

    Which steps meet these requirements? (Select TWO.)

    A. Use CodeDeployDefault.ECSCanary10Percent5Minutes deployment configuration.
    B. Use CodeDeployDefault.ECSLinear10PercentEvery3Minutes deployment configuration.
    C. Create a CloudWatch alarm on ALB UnHealthyHostCount and associate it with the deployment group for rollback.
    D. Create a CloudWatch alarm on ALB TargetResponseTime and associate it with the deployment group for rollback.
    E. Create a CloudWatch alarm on ALB TargetConnectionErrorCount and associate it with the deployment group for rollback.

  • Question 7:

    A company uses an organization in AWS Organizations to manage multiple AWS accounts. The company has enabled all features for the organization. The member accounts under one OU contain S3 buckets that store sensitive data.

    A DevOps engineer wants to ensure that only IAM principals from within the organization can access the S3 buckets in the OU.

    Which solution will meet this requirement?

    A. Create an SCP in the management account of the organization to restrict Amazon S3 actions by using the aws:PrincipalAccount condition. Apply the SCP to the OU.
    B. Create an IAM permissions boundary in the management account of the organization to restrict access to Amazon S3 actions by using the aws:PrincipalOrgID condition.
    C. Configure AWS Resource Access Manager (AWS RAM) to restrict access to S3 buckets in the OU so the S3 buckets cannot be shared outside the organization.
    D. Create a resource control policy (RCP) in the management account of the organization to restrict Amazon S3 actions by using the aws:PrincipalOrgID condition. Apply the RCP to the OU.

  • Question 8:

    A company has deployed a new REST API by using Amazon API Gateway. The company uses the API to access confidential data. The API must be accessed from only specific VPCs in the company.

    Which solution will meet these requirements?

    A. Create and attach a resource policy to the API Gateway API. Configure the resource policy to allow only the specific VPC IDs.
    B. Add a security group to the API Gateway API. Configure the inbound rules to allow only the specific VPC IP address ranges.
    C. Create and attach an IAM role to the API Gateway API. Configure the IAM role to allow only the specific VPC IDs.
    D. Add an ACL to the API Gateway API. Configure the outbound rules to allow only the specific VPC IP address ranges.

  • Question 9:

    A company has an application that runs on Amazon EC2 instances in an Auto Scaling group. The application processes a high volume of messages from an Amazon Simple Queue Service (Amazon SQS) queue.

    A DevOps engineer noticed that the application took several hours to process a group of messages from the SQS queue. The average CPU utilization of the Auto Scaling group did not cross the threshold of a target tracking scaling policy when processing the messages. The application that processes the SQS queue publishes logs to Amazon CloudWatch Logs.

    The DevOps engineer needs to ensure that the queue is processed quickly.

    Which solution meets these requirements with the LEAST operational overhead?

    A. Create an AWS Lambda function. Configure the Lambda function to publish a custom metric by using the ApproximateNumberOfMessagesVisible SQS queue attribute and the GroupIn-ServiceInstances Auto Scaling group attribute to publish the queue messages for each instance. Schedule an Amazon EventBridge rule to run the Lambda function every hour. Create a target tracking scaling policy for the Auto Scaling group that uses the custom metric to scale in and out.
    B. Create an AWS Lambda function. Configure the Lambda function to publish a custom metric by using the ApproximateNumberOfMessagesVisible SQS queue attribute and the GroupIn-ServiceInstances Auto Scaling group attribute to publish the queue messages for each instance. Create a CloudWatch subscription filter for the application logs with the Lambda function as the target. Create a target tracking scaling policy for the Auto Scaling group that uses the custom metric to scale in and out.
    C. Create a target tracking scaling policy for the Auto Scaling group. In the target tracking policy, use the ApproximateNumberOfMessagesVisible SQS queue attribute and the GroupIn-ServiceInstances Auto Scaling group attribute to calculate how many messages are in the queue for each number of instances by using metric math. Use the calculated attribute to scale in and out.
    D. Create an AWS Lambda function that logs the ApproximateNumberOfMessagesVisible attribute of the SQS queue to a CloudWatch Logs log group. Schedule an Amazon EventBridge rule to run the Lambda function every 5 minutes. Create a metric filter to count the number of log events from a CloudWatch logs group. Create a target tracking scaling policy for the Auto Scaling group that uses the custom metric to scale in and out.

  • Question 10:

    A DevOps engineer uses AWS CodeBuild to frequently produce software packages. The CodeBuild project builds large Docker images that the DevOps engineer can use across multiple builds. The DevOps engineer wants to improve build performance and minimize costs.

    Which solution will meet these requirements?

    A. Store the Docker images in an Amazon Elastic Container Registry (Amazon ECR) repository. Implement a local Docker layer cache for CodeBuild.
    B. Cache the Docker images in an Amazon S3 bucket that is available across multiple build hosts. Expire the cache by using an S3 Lifecycle policy.
    C. Store the Docker images in an Amazon Elastic Container Registry (Amazon ECR) repository. Modify the CodeBuild project runtime configuration to always use the most recent image version.
    D. Create custom AMIs that contain the cached Docker images. In the CodeBuild build, launch Amazon EC2 instances from the custom AMIs.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your DOP-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.