1. Home
  2. Amazon
  3. DOP-C02

Amazon DOP-C02 Online Practice Questions and Exam Preparation

DOP-C02 Exam Details

  • Exam Code
    :DOP-C02
  • Exam Name
    :AWS Certified DevOps Engineer - Professional (DOP-C02)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :461 Q&As
  • Last Updated
    :May 29, 2026

Amazon DOP-C02 Online Questions & Answers

  • Question 381:

    A company runs several applications across multiple AWS accounts in an organization in AWS Organizations. Some of the resources are not tagged properly and the company's finance team cannot determine which costs are associated with which applications. A DevOps engineer must remediate this issue and prevent this issue from happening in the future.

    Which combination of actions should the DevOps engineer take to meet these requirements? (Choose two.)

    A. Activate the user-defined cost allocation tags in each AWS account.
    B. Create and attach an SCP that requires a specific tag.
    C. Define each line of business (LOB) in AWS Budgets. Assign the required tag to each resource.
    D. Scan all accounts with Tag Editor. Assign the required tag to each resource.
    E. Use the budget report to find untagged resources. Assign the required tag to each resource.

  • Question 382:

    If Ansible encounters a resource that does not meet the requirements specified in the play it makes the necessary changes to the resource; however if the resource is already in the desired state Ansible will do nothing. This is an example of which methodology?

    A. Idempotency
    B. Immutability
    C. Convergence
    D. Infrastructure as Code

  • Question 383:

    A company containerized its Java app and uses CodePipeline. They want to scan images in ECR for vulnerabilities and reject images with critical vulnerabilities in a manual approval stage.

    Which solution meets these?

    A. Basic scanning with EventBridge for Inspector findings and Lambda to reject manual approval if critical vulnerabilities found.
    B. Enhanced scanning, Lambda invokes Inspector for SBOM, exports to S3, Athena queries SBOM, rejects manual approval on critical findings.
    C. Enhanced scanning, EventBridge listens to Detective scan findings, Lambda rejects manual approval on critical vulnerabilities.
    D. Enhanced scanning, EventBridge listens to Inspector scan findings, Lambda rejects manual approval on critical vulnerabilities.

  • Question 384:

    Ansible provides some methods for controlling how or when a task is ran. Which of the following is a valid method for controlling a task with a loop?

    A. - with:
    B. - with_items:
    C. - only_when:
    D. - items:

  • Question 385:

    A company uses Amazon RDS for Microsoft SQL Server as its primary database. They need high availability within and across AWS Regions, with an RPO <1 min and RTO <10 min. Route 53 CNAME is used for the DB endpoint and must redirect to standby during failover.

    Which solution meets these requirements?

    A. Deploy an Amazon RDS for SQL Server Multi-AZ DB cluster with cross-Region read replicas. Use automation to promote replica and update Route 53.
    B. Deploy RDS Multi-AZ with snapshots copied every 5 minutes; use Lambda to restore snapshot and update Route 53 on failover.
    C. Deploy Single-AZ RDS and use AWS DMS to continuously replicate to another Region. Use CloudWatch alarms for failover notification.
    D. Deploy Single-AZ RDS and use AWS Backup for cross-Region backups every 30 seconds. Use automation to restore and update Route 53 during failover.

  • Question 386:

    A company has configured an Amazon S3 event source on an AWS Lambda function The company needs the Lambda function to run when a new object is created or an existing object IS modified In a particular S3 bucket The Lambda function will use the S3 bucket name and the S3 object key of the incoming event to read the contents of the created or modified S3 object The Lambda function will parse the contents and save the parsed contents to an Amazon DynamoDB table.

    The Lambda function's execution role has permissions to read from the S3 bucket and to write to the DynamoDB table, During testing, a DevOps engineer discovers that the Lambda function does not run when objects are added to the S3 bucket or when existing objects are modified.

    Which solution will resolve this problem?

    A. Increase the memory of the Lambda function to give the function the ability to process large files from the S3 bucket.
    B. Create a resource policy on the Lambda function to grant Amazon S3 the permission to invoke the Lambda function for the S3 bucket
    C. Configure an Amazon Simple Queue Service (Amazon SQS) queue as an OnFailure destination for the Lambda function
    D. Provision space in the /tmp folder of the Lambda function to give the function the ability to process large files from the S3 bucket

  • Question 387:

    A company has a workflow that generates a file for each of the company's products and stores the files in a production environment Amazon S3 bucket. The company's users can access the S3 bucket.

    Each file contains a product ID. Product IDs for products that have not been publicly announced are prefixed with a specific UUID. Product IDs are 12 characters long. IDs for products that have not been publicly announced begin with the letter P. The company does not want information about products that have not been publicly announced to be available in the production environment S3 bucket.

    Which solution will meet these requirements?

    A. Create a new staging S3 bucket. Generate all files in the new staging bucket. Create an Amazon Macie custom data identifier to identify product IDs in the new bucket that begin with the specific UUID. Launch an Amazon Macie sensitive data discovery job with the custom data identifier. Copy all files that do not have a Macie finding to the production S3 bucket.
    B. Create an Amazon Macie custom data identifier to identify product IDs in the production bucket that begin with the specific UUID. Launch an Amazon Macie sensitive data discovery job with the custom data identifier. Remove all files that have a Macie finding from the production S3 bucket.
    C. Create a new staging S3 bucket. Generate all files in the new staging bucket. Launch an Amazon Macie sensitive data discovery job with a managed data identifier. Copy all files that do not have a Macie finding to the production S3 bucket.
    D. Create an Amazon Macie sensitive data discovery job with a managed data identifier. Remove all files that have a Macie finding from the production S3 bucket.

  • Question 388:

    A company groups its AWS accounts in OUs in an organization in AWS Organizations. The company has deployed a set of Amazon API Gateway APIs in one of the Organizations accounts. The APIs are bound to the account's VPC and have no existing authentication mechanism. Only principals in a specific OU can have permissions to invoke the APIs.

    The company applies the following policy to the API Gateway interface VPC endpoint:

    The company also updates the API Gateway resource policies to deny invocations that do not come through the interface VPC endpoint. After the updates, the following error message appears during attempts to use the interface VPC endpoint URL to invoke an API: "User: anonymous is not authorized."

    Which combination of steps will solve this problem? (Choose two.)

    A. Enable IAM authentication on all API methods by setting AWS JAM as the authorization method.
    B. Create a token-based AWS Lambda authorizer that passes the caller's identity in a bearer token.
    C. Create a request parameter-based AWS Lambda authorizer that passes the caller's identity in a combination of headers, query string parameters, stage variables, and $cortext variables.
    D. Use Amazon Cognito user pools as the authorizer to control access to the API.
    E. Verify the identity of the requester by using Signature Version 4 to sign client requests by using AWS credentials.

  • Question 389:

    A software team is using AWS CodePipeline to automate its Java application release pipeline. The pipeline consists of a source stage, then a build stage, and then a deploy stage. Each stage contains a single action that has a runOrder value of 1.

    The team wants to integrate unit tests into the existing release pipeline. The team needs a solution that deploys only the code changes that pass all unit tests.

    Which solution will meet these requirements?

    A. Modify the build stage. Add a test action that has a runOrder value of 1. Use AWS CodeDeploy as the action provider to run unit tests.
    B. Modify the build stage. Add a test action that has a runOrder value of 2. Use AWS CodeBuild as the action provider to run unit tests.
    C. Modify the deploy stage. Add a test action that has a runOrder value of 1. Use AWS CodeDeploy as the action provider to run unit tests.
    D. Modify the deploy stage. Add a test action that has a runOrder value of 2. Use AWS CodeBuild as the action provider to run unit tests.

  • Question 390:

    A company runs applications on Windows and Linux Amazon EC2 instances. The instances run across multiple Availability Zones in an AWS Region. The company uses Auto Scaling groups for each application.

    The company needs a durable storage solution for the instances. The solution must use SMB for Windows and must use NFS for Linux. The solution must also have sub-millisecond latencies. All instances will read and write the data.

    Which combination of steps will meet these requirements? (Choose three.)

    A. Create an Amazon Elastic File System (Amazon EFS) file system that has targets in multiple Availability Zones.
    B. Create an Amazon FSx for NetApp ONTAP Multi-AZ file system.
    C. Create a General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volume to use for shared storage.
    D. Update the user data for each application's launch template to mount the file system.
    E. Perform an instance refresh on each Auto Scaling group.
    F. Update the EC2 instances for each application to mount the file system when new instances are launched.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your DOP-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.