Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS Certified DevOps Engineer - Professional DOP-C02

Amazon AWS Certified DevOps Engineer - Professional DOP-C02 Exam Questions
AWS Certified DevOps Engineer - Professional DOP-C02 (Page 10 )

Updated On: 23-Apr-2026
Page 10 of 57
PDF with 429 Questions

A company's application is currently deployed to a single AWS Region. Recently, the company opened a new office on a different continent. The users in the new office are experiencing high latency. The company's application runs on Amazon EC2 instances behind an Application Load Balancer (ALB) and uses Amazon DynamoDB as the database layer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. A DevOps engineer is tasked with minimizing application response times and improving availability for users in both Regions.

Which combination of actions should be taken to address the latency issues? (Choose three.)

  1. Create a new DynamoDB table in the new Region with cross-Region replication enabled.
  2. Create new ALB and Auto Scaling group global resources and configure the new ALB to direct traffic to the new Auto Scaling group.
  3. Create new ALB and Auto Scaling group resources in the new Region and configure the new ALB to direct traffic to the new Auto Scaling group.
  4. Create Amazon Route 53 records, health checks, and latency-based routing policies to route to the ALB.
  5. Create Amazon Route 53 aliases, health checks, and failover routing policies to route to the ALB.
  6. Convert the DynamoDB table to a global table.

Answer(s): C,D,F



A DevOps engineer needs to apply a core set of security controls to an existing set of AWS accounts. The accounts are in an organization in AWS Organizations. Individual teams will administer individual accounts by using the AdministratorAccess AWS managed policy. For all accounts. AWS CloudTrail and AWS Config must be turned on in all available AWS Regions. Individual account administrators must not be able to edit or delete any of the baseline resources. However, individual account administrators must be able to edit or delete their

own CloudTrail trails and AWS Config rules.

Which solution will meet these requirements in the MOST operationally efficient way?

  1. Create an AWS CloudFormation template that defines the standard account resources. Deploy the template to all accounts from the organization's management account by using CloudFormation StackSets. Set the stack policy to deny Update:Delete actions.
  2. Enable AWS Control Tower. Enroll the existing accounts in AWS Control Tower. Grant the individual account administrators access to CloudTrail and AWS Config.
  3. Designate an AWS Config management account. Create AWS Config recorders in all accounts by using AWS CloudFormation StackSets. Deploy AWS Config rules to the organization by using the AWS Config management account. Create a CloudTrail organization trail in the organization's management account.
    Deny modification or deletion of the AWS Config recorders by using an SCP.
  4. Create an AWS CloudFormation template that defines the standard account resources. Deploy the template to all accounts from the organization's management account by using CloudFormation StackSets Create an SCP that prevents updates or deletions to CloudTrail resources or AWS Config resources unless the principal is an administrator of the organization's management account.

Answer(s): D



A company has its AWS accounts in an organization in AWS Organizations. AWS Config is manually configured in each AWS account. The company needs to implement a solution to centrally configure AWS Config for all accounts in the organization The solution also must record resource changes to a central account.

Which combination of actions should a DevOps engineer perform to meet these requirements? (Choose two.)

  1. Configure a delegated administrator account for AWS Config. Enable trusted access for AWS Config in the organization.
  2. Configure a delegated administrator account for AWS Config. Create a service-linked role for AWS Config in the organization's management account.
  3. Create an AWS CloudFormation template to create an AWS Config aggregator. Configure a CloudFormation stack set to deploy the template to all accounts in the organization.
  4. Create an AWS Config organization aggregator in the organization's management account. Configure data collection from all AWS accounts in the organization and from all AWS Regions.
  5. Create an AWS Config organization aggregator in the delegated administrator account. Configure data collection from all AWS accounts in the organization and from all AWS Regions.

Answer(s): A,E



A company wants to migrate its content sharing web application hosted on Amazon EC2 to a serverless architecture. The company currently deploys changes to its application by creating a new Auto Scaling group of EC2 instances and a new Elastic Load Balancer, and then shifting the traffic away using an Amazon Route 53 weighted routing policy.

For its new serverless application, the company is planning to use Amazon API Gateway and AWS Lambda. The company will need to update its deployment processes to work with the new application. It will also need to retain the ability to test new features on a small number of users before rolling the features out to the entire user base.

Which deployment strategy will meet these requirements?

  1. Use AWS CDK to deploy API Gateway and Lambda functions. When code needs to be changed, update the AWS CloudFormation stack and deploy the new version of the APIs and Lambda functions. Use a Route 53 failover routing policy for the canary release strategy.
  2. Use AWS CloudFormation to deploy API Gateway and Lambda functions using Lambda function versions.
    When code needs to be changed, update the CloudFormation stack with the new Lambda code and update the API versions using a canary release strategy. Promote the new version when testing is complete.
  3. Use AWS Elastic Beanstalk to deploy API Gateway and Lambda functions. When code needs to be changed, deploy a new version of the API and Lambda functions. Shift traffic gradually using an Elastic Beanstalk blue/green deployment.
  4. Use AWS OpsWorks to deploy API Gateway in the service layer and Lambda functions in a custom layer.
    When code needs to be changed, use OpsWorks to perform a blue/green deployment and shift traffic gradually.

Answer(s): B



A development team uses AWS CodeCommit, AWS CodePipeline, and AWS CodeBuild to develop and deploy an application. Changes to the code are submitted by pull requests. The development team reviews and merges the pull requests, and then the pipeline builds and tests the application.

Over time, the number of pull requests has increased. The pipeline is frequently blocked because of failing tests. To prevent this blockage, the development team wants to run the unit and integration tests on each pull request before it is merged.

Which solution will meet these requirements?

  1. Create a CodeBuild project to run the unit and integration tests. Create a CodeCommit approval rule template. Configure the template to require the successful invocation of the CodeBuild project. Attach the approval rule to the project's CodeCommit repository.
  2. Create an Amazon EventBridge rule to match pullRequestCreated events from CodeCommit Create a CodeBuild project to run the unit and integration tests. Configure the CodeBuild project as a target of the EventBridge rule that includes a custom event payload with the CodeCommit repository and branch information from the event.
  3. Create an Amazon EventBridge rule to match pullRequestCreated events from CodeCommit. Modify the existing CodePipeline pipeline to not run the deploy steps if the build is started from a pull request.
    Configure the EventBridge rule to run the pipeline with a custom payload that contains the CodeCommit repository and branch information from the event.
  4. Create a CodeBuild project to run the unit and integration tests. Create a CodeCommit notification rule that matches when a pull request is created or updated. Configure the notification rule to invoke the CodeBuild project.

Answer(s): B



A company has an application that runs on a fleet of Amazon EC2 instances. The application requires frequent restarts. The application logs contain error messages when a restart is required. The application logs are published to a log group in Amazon CloudWatch Logs.

An Amazon CloudWatch alarm notifies an application engineer through an Amazon Simple Notification Service (Amazon SNS) topic when the logs contain a large number of restart-related error messages. The application

engineer manually restarts the application on the instances after the application engineer receives a notification from the SNS topic.

A DevOps engineer needs to implement a solution to automate the application restart on the instances without restarting the instances.

Which solution will meet these requirements in the MOST operationally efficient manner?

  1. Configure an AWS Systems Manager Automation runbook that runs a script to restart the application on the instances. Configure the SNS topic to invoke the runbook.
  2. Create an AWS Lambda function that restarts the application on the instances. Configure the Lambda function as an event destination of the SNS topic.
  3. Configure an AWS Systems Manager Automation runbook that runs a script to restart the application on the instances. Create an AWS Lambda function to invoke the runbook. Configure the Lambda function as an event destination of the SNS topic.
  4. Configure an AWS Systems Manager Automation runbook that runs a script to restart the application on the instances. Configure an Amazon EventBridge rule that reacts when the CloudWatch alarm enters ALARM state. Specify the runbook as a target of the rule.

Answer(s): D



A DevOps engineer at a company is supporting an AWS environment in which all users use AWS IAM Identity Center (AWS Single Sign-On). The company wants to immediately disable credentials of any new IAM user and wants the security team to receive a notification.

Which combination of steps should the DevOps engineer take to meet these requirements? (Choose three.)

  1. Create an Amazon EventBridge rule that reacts to an IAM CreateUser API call in AWS CloudTrail.
  2. Create an Amazon EventBridge rule that reacts to an IAM GetLoginProfile API call in AWS CloudTrail.
  3. Create an AWS Lambda function that is a target of the EventBridge rule. Configure the Lambda function to disable any access keys and delete the login profiles that are associated with the IAM user.
  4. Create an AWS Lambda function that is a target of the EventBridge rule. Configure the Lambda function to delete the login profiles that are associated with the IAM user.
  5. Create an Amazon Simple Notification Service (Amazon SNS) topic that is a target of the EventBridge rule.
    Subscribe the security team's group email address to the topic.
  6. Create an Amazon Simple Queue Service (Amazon SQS) queue that is a target of the Lambda function.
    Subscribe the security team's group email address to the queue.

Answer(s): A,C,E



A company wants to set up a continuous delivery pipeline. The company stores application code in a private GitHub repository. The company needs to deploy the application components to Amazon Elastic Container Service (Amazon ECS), Amazon EC2, and AWS Lambda. The pipeline must support manual approval actions.

Which solution will meet these requirements?

  1. Use AWS CodePipeline with Amazon ECS, Amazon EC2, and Lambda as deploy providers.
  2. Use AWS CodePipeline with AWS CodeDeploy as the deploy provider.
  3. Use AWS CodePipeline with AWS Elastic Beanstalk as the deploy provider.
  4. Use AWS CodeDeploy with GitHub integration to deploy the application.

Answer(s): B



Viewing page 10 of 57
Viewing questions 73 - 80 out of 429 questions
Share your experience with other


AWS Certified DevOps Engineer - Professional DOP-C02 Exam Discussions & Posts

Amazon AWS Certified DevOps Engineer - Professional DOP-C02: Skills Tested, Job Roles, and Study Tips

The AWS Certified DevOps Engineer - Professional DOP-C02 certification is designed for individuals who perform a DevOps engineer role with two or more years of experience provisioning, operating, and managing AWS environments. This certification validates technical expertise in implementing continuous delivery systems and methodologies on the AWS platform, as well as automating security controls, governance processes, and compliance validation. Organizations hiring for cloud-native roles, such as DevOps Engineers, Site Reliability Engineers, and Cloud Architects, prioritize this credential because it demonstrates a candidate's ability to design and maintain resilient, scalable, and secure infrastructure. Achieving this Amazon certification signifies that a professional possesses the advanced skills required to manage complex, multi-account AWS environments effectively.

What the AWS Certified DevOps Engineer - Professional DOP-C02 Exam Covers

The exam evaluates a candidate's proficiency across several critical domains, including SDLC Automation, Configuration Management and IaC, Resilient Cloud Solutions, Monitoring and Logging, Incident and Event Response, and Security and Compliance. These topics are not tested in isolation; rather, the exam presents complex, scenario-based practice questions that require you to synthesize knowledge across these areas to solve real-world operational challenges. For instance, you might be asked to design a CI/CD pipeline that integrates automated security testing, which touches upon both SDLC Automation and Security and Compliance. By engaging with our practice questions, you will encounter scenarios that mirror the multifaceted nature of these domains, ensuring you are prepared for the integrated way AWS tests these concepts. Mastering these topics requires a deep understanding of how various AWS services interact to support automated, secure, and resilient software delivery lifecycles.

Among these domains, Resilient Cloud Solutions often presents the most significant challenge for candidates because it requires a comprehensive understanding of high availability, disaster recovery, and fault tolerance across distributed systems. You must demonstrate the ability to architect solutions that can withstand service failures while maintaining performance and data integrity, which often involves complex configurations of AWS services like Auto Scaling, Elastic Load Balancing, and multi-region deployments. This area demands more than theoretical knowledge; it requires the ability to analyze trade-offs between cost, performance, and availability in high-pressure scenarios. Candidates must be prepared to evaluate architectural diagrams and operational requirements to select the most resilient design patterns that align with AWS best practices.

Are These Real AWS Certified DevOps Engineer - Professional DOP-C02 Exam Questions?

Our practice questions are sourced and verified by the community, consisting of IT professionals and recent test-takers who have sat for the actual exam. Because these questions are community-verified, they reflect the style, complexity, and focus areas that appear on the real exam, providing a reliable way to gauge your readiness. If you've been searching for AWS Certified DevOps Engineer - Professional DOP-C02 exam dumps or braindump files, our community-verified practice questions offer something more valuable — each question is verified and explained by IT professionals who recently passed the exam. We do not provide leaked or confidential content, as our goal is to help you understand the underlying concepts rather than memorize answers. This approach ensures that you are prepared for the logic and reasoning required on the actual certification exam.

The community verification process is central to the reliability of our study materials, as it involves active participation from users who have recently completed their certification journey. When a question is posted, users discuss the answer choices, debate the technical nuances of the scenario, and flag any inaccuracies based on their recent exam experience. This collaborative environment allows for the refinement of explanations, ensuring that the reasoning provided is accurate and aligned with current AWS documentation. By engaging with these discussions, you gain insights into how experienced professionals approach complex problems, which is far more effective than relying on static, unverified sources.

How to Prepare for the AWS Certified DevOps Engineer - Professional DOP-C02 Exam

Effective exam preparation requires a combination of hands-on experience and a deep understanding of AWS architectural principles. You should spend significant time in a sandbox or real AWS environment, building and breaking infrastructure to see how services like AWS CloudFormation, AWS CodePipeline, and AWS Systems Manager behave under different conditions. Rely heavily on official Amazon documentation and whitepapers, as these are the definitive sources of truth for the services covered in the exam. Every practice question includes a free AI Tutor explanation that breaks down the reasoning behind the correct answer — so you understand the concept, not just the answer. Creating a consistent study schedule that allocates time for both reading and practical application is essential for retaining the vast amount of information required for this professional-level certification.

A common mistake candidates make is relying on rote memorization of facts rather than developing the ability to apply knowledge to scenario-based questions. The DOP-C02 exam is heavily focused on situational judgment, meaning you must understand not just what a service does, but when and why to use it over an alternative in a specific context. To avoid this, focus on understanding the "why" behind every architectural decision in your practice sessions. Additionally, many candidates struggle with time management during the exam; practicing with timed sets of questions will help you build the stamina and speed necessary to complete the exam within the allotted time frame.

What to Expect on Exam Day

On the day of your exam, you will encounter a series of questions designed to test your ability to apply AWS knowledge in professional scenarios. The exam typically consists of multiple-choice and multiple-response questions, which may require you to select one or more correct answers based on the provided requirements. These questions are often presented as complex, multi-paragraph scenarios that describe a business problem, a set of constraints, and a desired outcome. You will take the exam at a Pearson VUE testing center or via an online proctored environment, where strict security protocols are enforced to maintain the integrity of the Amazon certification process. Being familiar with the interface and the style of questioning beforehand is a critical component of your overall exam prep strategy.

Who Should Use These AWS Certified DevOps Engineer - Professional DOP-C02 Practice Questions

These practice questions are intended for experienced DevOps engineers, cloud architects, and systems administrators who are ready to validate their expertise at a professional level. Ideally, you should have at least two years of hands-on experience managing AWS environments before attempting this certification exam. This exam is a significant step for professionals looking to demonstrate their capability to lead complex DevOps initiatives and manage large-scale, automated cloud infrastructure. By using these resources, you are engaging in a structured exam preparation process that helps identify knowledge gaps and reinforces your understanding of AWS best practices. The career impact of passing this exam is substantial, as it serves as a recognized benchmark of your ability to handle the operational demands of modern cloud-native organizations.

To get the most out of these practice questions, treat each one as a learning opportunity rather than a simple test. Do not just read the correct answer; engage with the AI Tutor explanation to understand the underlying logic, and read the community discussions to see how others interpreted the scenario. If you get a question wrong, flag it and revisit it later to ensure you have mastered the concept, rather than just memorizing the correction. This iterative process of testing, reviewing, and refining your knowledge is the most effective way to prepare for the rigors of the actual exam. Browse the questions above and use the community discussions and AI Tutor to build real exam confidence.

Updated on: 27 April, 2026

AI Tutor AI Tutor 👋 I’m here to help!