Amazon DOP-C02 Online Practice
Questions and Exam Preparation
DOP-C02 Exam Details
Exam Code
:DOP-C02
Exam Name
:AWS Certified DevOps Engineer - Professional (DOP-C02)
Certification
:Amazon Certifications
Vendor
:Amazon
Total Questions
:461 Q&As
Last Updated
:Jul 11, 2026
Amazon DOP-C02 Online Questions &
Answers
Question 91:
A company discovers that its production environment and disaster recovery (DR) environment are deployed to the same AWS Region. All the production applications run on Amazon EC2 instances and are deployed by AWS CloudFormation. The applications use an Amazon FSx for NetApp ONTAP volume for application storage. No application data resides on the EC2 instances. A DevOps engineer copies the required AMIs to a new DR Region. The DevOps engineer also updates the CloudFormation code to accept a Region as a parameter. The storage needs to have an RPO of 10 minutes in the DR Region.
Which solution will meet these requirements?
A. Create an Amazon S3 bucket in both Regions. Configure S3 Cross-Region Replication (CRR) for the S3 buckets. Create a scheduled AWS Lambda function to copy any new content from the FSx for ONTAP volume to the S3 bucket in the production Region. B. Use AWS Backup to create a backup vault and a custom backup plan that has a 10- minute frequency. Specify the DR Region as the target Region. Assign the EC2 instances in the production Region to the backup plan. C. Create an AWS Lambda function to create snapshots of the instance store volumes that are attached to the EC2 instances. Configure the Lambda function to copy the snapshots to the DR Region and to remove the previous copies. Create an Amazon EventBridge scheduled rule that invokes the Lambda function every 10 minutes. D. Create an FSx for ONTAP instance in the DR Region. Configure a 5-minute schedule for a volume-level NetApp SnapMirror to replicate the volume from the production Region to the DR Region.
D. Create an FSx for ONTAP instance in the DR Region. Configure a 5-minute schedule for a volume-level NetApp SnapMirror to replicate the volume from the production Region to the DR Region.
Question 92:
A company runs a fleet of Amazon EC2 instances in a VPC. The company's employees remotely access the EC2 instances by using the Remote Desktop Protocol (RDP). The company wants to collect metrics about how many RDP sessions the employees initiate every day.
Which combination of steps will meet this requirement? (Select THREE.)
A. Create an Amazon EventBridge rule that reacts to EC2 Instance State-change Notification events. B. Create an Amazon CloudWatch Logs log group. Specify the log group as a target for the EventBridge rule. C. Create a flow log in VPC Flow Logs. D. Create an Amazon CloudWatch Logs log group. Specify the log group as a destination for the flow log. E. Create a log group metric filter. F. Create a log group subscription filter. Use EventBridge as the destination.
C. Create a flow log in VPC Flow Logs. D. Create an Amazon CloudWatch Logs log group. Specify the log group as a destination for the flow log. E. Create a log group metric filter.
Question 93:
A company has an organization in AWS Organizations. The organization includes workload accounts that contain enterprise applications. The company centrally manages users from an operations account. No users can be created in the workload accounts. The company recently added an operations team and must provide the operations team members with administrator access to each workload account.
Which combination of actions will provide this access? (Choose three.)
A. Create a SysAdmin role in the operations account. Attach the AdministratorAccess policy to the role. Modify the trust relationship to allow the sts:AssumeRole action from the workload accounts. B. Create a SysAdmin role in each workload account. Attach the AdministratorAccess policy to the role. Modify the trust relationship to allow the sts:AssumeRole action from the operations account. C. Create an Amazon Cognito identity pool in the operations account. Attach the SysAdmin role as an authenticated role. D. In the operations account, create an IAM user for each operations team member. E. In the operations account, create an IAM user group that is named SysAdmins. Add an IAM policy that allows the sts:AssumeRole action for the SysAdmin role in each workload account. Add all operations team members to the group. F. Create an Amazon Cognito user pool in the operations account. Create an Amazon Cognito user for each operations team member.
B. Create a SysAdmin role in each workload account. Attach the AdministratorAccess policy to the role. Modify the trust relationship to allow the sts:AssumeRole action from the operations account. D. In the operations account, create an IAM user for each operations team member. E. In the operations account, create an IAM user group that is named SysAdmins. Add an IAM policy that allows the sts:AssumeRole action for the SysAdmin role in each workload account. Add all operations team members to the group. https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html
Question 94:
A company wants to use AWS CloudFormation for infrastructure deployment. The company has strict tagging and resource requirements and wants to limit the deployment to two Regions. Developers will need to deploy multiple versions of the same application.
Which solution ensures resources are deployed in accordance with company policy?
A. Create AWS Trusted Advisor checks to find and remediate unapproved CloudFormation StackSets. B. Create a Cloud Formation drift detection operation to find and remediate unapproved CloudFormation StackSets. C. Create CloudFormation StackSets with approved CloudFormation templates. D. Create AWS Service Catalog products with approved CloudFormation templates.
D. Create AWS Service Catalog products with approved CloudFormation templates. service catalog uses stacksets and can enforce tag and restrict resources AWS Customer case with tag enforcement https://aws.amazon.com/ko/blogs/apn/enforce-centralized-tag-compliance-using-aws-service-catalog-amazon-dynamodb-aws-lambda-and-amazon-cloudwatch-events/ And Youtube video showing how to restrict resources per user with portfolio https://www.youtube.com/watch?v=LzvhTcqqyog
Question 95:
A company has deployed a complex container-based workload on AWS. The workload uses Amazon Managed Service for Prometheus for monitoring. The workload runs in an Amazon Elastic Kubernetes Service (Amazon EKS) cluster in an AWS account.
The company's DevOps team wants to receive workload alerts by using the company's Amazon Simple Notification Service (Amazon SNS) topic. The SNS topic is in the same AWS account as the EKS cluster.
Which combination of steps will meet these requirements? (Choose three.)
A. Use the Amazon Managed Service for Prometheus remote write URL to send alerts to the SNS topic B. Create an alerting rule that checks the availability of each of the workload's containers. C. Create an alert manager configuration for the SNS topic. D. Modify the access policy of the SNS topic. Grant the aps.amazonaws.com service principal the sns:Publish permission and the sns:GetTopicAttributes permission for the SNS topic. E. Modify the IAM role that Amazon Managed Service for Prometheus uses. Grant the role the sns:Publish permission and the sns:GetTopicAttributes permission for the SNS topic. F. Create an OpenID Connect (OIDC) provider for the EKS cluster. Create a cluster service account. Grant the account the sns:Publish permission and the sns:GetTopicAttributes permission by using an IAM role.
B. Create an alerting rule that checks the availability of each of the workload's containers. C. Create an alert manager configuration for the SNS topic. D. Modify the access policy of the SNS topic. Grant the aps.amazonaws.com service principal the sns:Publish permission and the sns:GetTopicAttributes permission for the SNS topic.
Question 96:
When building a Docker image, you are searching through a persistent data volume's logs to provide parameters for the next build. You execute the following command. Which of the operations will cause a failure of the Docker RUNcommand? RUN cat ./data/log/*.error | grep service_status | grep ERROR
A. the first grep command B. any one of them C. the second grep command D. the cat command
C. the second grep command Some RUN commands depend on the ability to pipe the output of one command into another, using the pipe character (|), as in the following example: RUN wget -O - https://some.site | wc -l > /number Docker executes these commands using the /bin/sh -c interpreter, which only evaluates the exit code of the last operation in the pipe to determine success. In the example above this build step succeeds and produces a new image so long as the wc -lcommand succeeds, even if the wget command fails. https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#run
Question 97:
Which statement is true about configuring proxy support for Amazon Inspector agent on a Windows-based system?
A. Amazon Inspector agent supports proxy usage on Windows-based systems through the use of the WinHTTP proxy. B. Amazon Inspector agent supports proxy usage on Linux-based systems but not on Windows. C. Amazon Inspector proxy support on Windows-based systems is achieved through installing proxy-enabled version of the agent which comes with preconfigured files that you need to edit to match your environment. D. Amazon Inspector agent supports proxy usage on Windows-based systems through awsagent.env configuration file.
A. Amazon Inspector agent supports proxy usage on Windows-based systems through the use of the WinHTTP proxy. Proxy support for AWS agents is achieved through the use of the WinHTTP proxy. https://docs.aws.amazon.com/inspector/latest/userguide/inspector_agents-on-win.html#inspectoragent-proxy
Question 98:
A company uses AWS CodePipeline pipelines to automate releases of its application A typical pipeline consists of three stages build, test, and deployment. The company has been using a separate AWS CodeBuild project to run scripts for each stage. However, the company now wants to use AWS CodeDeploy to handle the deployment stage of the pipelines.
The company has packaged the application as an RPM package and must deploy the application to a fleet of Amazon EC2 instances. The EC2 instances are in an EC2 Auto Scaling group and are launched from a common AMI.
Which combination of steps should a DevOps engineer perform to meet these requirements? (Choose two.)
A. Create a new version of the common AMI with the CodeDeploy agent installed. Update the IAM role of the EC2 instances to allow access to CodeDeploy. B. Create a new version of the common AMI with the CodeDeploy agent installed. Create an AppSpec file that contains application deployment scripts and grants access to CodeDeploy. C. Create an application in CodeDeploy. Configure an in-place deployment type. Specify the Auto Scaling group as the deployment target. Add a step to the CodePipeline pipeline to use EC2 Image Builder to create a new AMI. Configure CodeDeploy to deploy the newly created AMI. D. Create an application in CodeDeploy. Configure an in-place deployment type. Specify the Auto Scaling group as the deployment target. Update the CodePipeline pipeline to use the CodeDeploy action to deploy the application. E. Create an application in CodeDeploy. Configure an in-place deployment type. Specify the EC2 instances that are launched from the common AMI as the deployment target. Update the CodePipeline pipeline to use the CodeDeploy action to deploy the application.
A. Create a new version of the common AMI with the CodeDeploy agent installed. Update the IAM role of the EC2 instances to allow access to CodeDeploy. D. Create an application in CodeDeploy. Configure an in-place deployment type. Specify the Auto Scaling group as the deployment target. Update the CodePipeline pipeline to use the CodeDeploy action to deploy the application. https://docs.aws.amazon.com/codedeploy/latest/userguide/integrations-aws-auto-scaling.html
Question 99:
A company runs an application with an Amazon EC2 and on-premises configuration. A DevOps engineer needs to standardize patching across both environments. Company policy dictates that patching only happens during non-business hours.
Which combination of actions will meet these requirements? (Choose three.)
A. Add the physical machines into AWS Systems Manager using Systems Manager Hybrid Activations. B. Attach an IAM role to the EC2 instances, allowing them to be managed by AWS Systems Manager. C. Create IAM access keys for the on-premises machines to interact with AWS Systems Manager. D. Run an AWS Systems Manager Automation document to patch the systems every hour. E. Use Amazon EventBridge scheduled events to schedule a patch window. F. Use AWS Systems Manager Maintenance Windows to schedule a patch window.
A. Add the physical machines into AWS Systems Manager using Systems Manager Hybrid Activations. B. Attach an IAM role to the EC2 instances, allowing them to be managed by AWS Systems Manager. F. Use AWS Systems Manager Maintenance Windows to schedule a patch window. https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-managed-instance-activation.html
Question 100:
A company has proprietary data available by using an Amazon CloudFront distribution. The company needs to ensure that the distribution is accessible by only users from the corporate office that have a known set of IP address ranges. An AWS WAF web ACL is associated with the distribution and has a default action set to Count.
Which solution will meet these requirements with the LEAST operational overhead?
A. Create a new regex pattern set. Add the regex pattern set to a new rule group. Create a new web ACL that has a default action set to Block. Associate the web ACL with the CloudFront distribution. Add a rule that allows traffic based on the new rule group. B. Create an AWS WAF IP address set that matches the corporate office IP address range. Create a new web ACL that has a default action set to Allow. Associate the web ACL with the CloudFront distribution. Add a rule that allows traffic from the IP address set. C. Create a new regex pattern set. Add the regex pattern set to a new rule group. Set the default action on the existing web ACL to Allow. Add a rule that has priority 0 that allows traffic based on the regex pattern set. D. Create a WAF IP address set that matches the corporate office IP address range. Set the default action on the existing web ACL to Block. Add a rule that has priority 0 that allows traffic from the IP address set.
D. Create a WAF IP address set that matches the corporate office IP address range. Set the default action on the existing web ACL to Block. Add a rule that has priority 0 that allows traffic from the IP address set.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your DOP-C02 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.