Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS DevOps Engineer Professional

Amazon AWS DevOps Engineer Professional Exam
AWS DevOps Engineer - Professional (DOP-C01) (Page 4 )

Updated On: 19-Jan-2026
Page 4 of 43
PDF with 208 Questions

A company runs applications in AWS accounts that are in an organization in AWS Organizations. The applications use Amazon EC2 instances and Amazon S3.

The company wants to detect potentially compromised EC2 instances, suspicious network activity, and unusual API activity in its existing AWS accounts and in any AWS accounts that the company creates in the future. When the company detects one of these events, the company wants to use an existing Amazon Simple Noti cation Service (Amazon SNS) topic to send a noti cation to its operational support team for investigation and remediation.

Which solution will meet these requirements in accordance with AWS best practices?

  1. In the organization's management account, con gure an AWS account as the Amazon GuardDuty administrator account. In the GuardDuty administrator account, add the company's existing AWS accounts to GuardDuty as members. In the GuardDuty administrator account, create an Amazon EventBridge (Amazon CloudWatch Events) rule with an event pattern to match GuardDuty events and to forward matching events to the SNS topic.
  2. In the organization's management account, con gure Amazon GuardDuty to add newly created AWS accounts by invitation and to send invitations to the existing AWS accounts. Create an AWS CloudFormation stack set that accepts the GuardDuty invitation and creates an Amazon EventBridge (Amazon CloudWatch Events) rule. Con gure the rule with an event pattern to match GuardDuty events and to forward matching events to the SNS topic. Con gure the CloudFormation stack set to deploy into all AWS accounts in the organization.
  3. In the organization's management account, create an AWS CloudTrail organization trail. Activate the organization trail in all AWS accounts in the organization. Create an SCP that enables VPC Flow Logs in each account in the organization Con gure AWS Security Hub for the organization. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with an event pattern to match Security Hub events and to forward matching events to the SNS topic.
  4. In the organization's management account, con gure an AWS account as the AWS CloudTrail administrator account. In the CloudTrail administrator account, create a CloudTrail organization trail. Add the company's existing AWS accounts to the organization trail. Create an SCP that enables VPC Flow Logs in each account in the organization. Con gure AWS Security Hub for the organization. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with an event pattern to match Security Hub events and to forward matching events to the SNS topic.

Answer(s): B



A development team wants to use AWS CloudFormation stacks to deploy an application. However, the developer IAM role does not have the required permissions to provision the resources that are speci ed in the AWS CloudFormation template. A DevOps engineer needs to implement a solution that allows the developers to deploy the stacks. The solution must follow the principle of least privilege.

Which solution will meet these requirements?

  1. Create an IAM policy that allows the developers to provision the required resources. Attach the policy to the developer IAM role.
  2. Create an IAM policy that allows full access to AWS CloudFormation. Attach the policy to the developer IAM role.
  3. Create an AWS CloudFormation service role that has the required permissions. Grant the developer IAM role a cloudforrnation:* action. Use the new service role during stack deployments.
  4. Create an AWS CloudFormation service role that has the required permissions. Grant the developer IAM role the iam:PassRole permission.
    Use the new service role during stack deployments.

Answer(s): D



A retail company wants to use AWS Elastic Beanstalk to host its online sales website running on Java. Since this will be the production website the CTO has the following requirements for the deployment strategy:
· Zero downtime. While the deployment is ongoing the current Amazon EC2 instances in service should remain in service. No deployment or any other action should be performed on the EC2 instances because they serve production tra c. · A new eet of instances should be provisioned for deploying the new application version. · Once the new application version is deployed successfully in the new eet of instances, the new instances should be placed in service and the old ones should be removed.
· The rollback should be as easy as possible. If the new eet of instances fails to deploy the new application version, they should be terminated and the current instances should continue serving tra c as normal.
· The resources within the environment (EC2 Auto Scaling group, Elastic Load Balancing, Elastic Beanstalk DNS CNAME) should remain the same and no DNS change should be made.

Which deployment strategy will meet the requirements?

  1. Use rolling deployments with a xed amount of one instance at a time and set the healthy threshold to OK.
  2. Use rolling deployments with additional batch with a xed amount of one instance at a time and set the healthy threshold to OK.
  3. Launch a new environment and deploy the new application version there, then perform a CNAME swap between environments.
  4. Use immutable environment updates to meet all the necessary requirements.

Answer(s): D



An application team has three environments for their application: development, pre-production, and production. The team recently adopted AWS CodePipeline. However, the team has had several deployments of miscon gured or nonfunctional development code into the production environment, resulting in user disruption and downtime. The DevOps engineer must review the pipeline and add steps to identify problems with the application before it is deployed.

What should the engineer do to identify functional issues during the deployment process? (Choose two.)

  1. Use Amazon Inspector to add a test action to the pipeline. Use the Amazon Inspector Runtime Behavior Analysis Inspector rules package to check that the deployed code complies with company security standards before deploying it to production.
  2. Using AWS CodeBuild to add a test action to the pipeline to replicate common user activities and ensure that the results are as expected before progressing to production deployment.
  3. Create an AWS CodeDeploy action in the pipeline with a deployment con guration that automatically deploys the application code to a limited number of instances. The action then pauses the deployment so that the QA team can review the application functionality. When the review is complete, CodeDeploy resumes and deploys the application to the remaining production Amazon EC2 instances.
  4. After the deployment process is complete, run a testing activity on an Amazon EC2 instance in a different region that accesses the application to simulate user behavior. If unexpected results occur the testing activity sends a warning to an Amazon SNS topic. Subscribe to the topic to get updates.
  5. Add an AWS CodeDeploy action in the pipeline to deploy the latest version of the development code to pre-production Add a manual approval action in the pipeline so that the QA team can test and con rm the expected functionality. After the manual approval action, add a second CodeDeploy action that deploys the approved code to the production environment.

Answer(s): B,E



A company is using AWS CodeDeploy to automate software deployment. The deployment must meet these requirements:

· A number of instances must be available to serve tra c during the deployment. Tra c must be balanced across those instances, and the instances must automatically heal in the event of failure.
· A new eet of instances must be launched for deploying a new revision automatically, with no manual provisioning. · Tra c must be rerouted to the new environment to half of the new instances at a time. The deployment should succeed if tra c is rerouted to at least half of the instances; otherwise, it should fail.
· Before routing tra c to the new eet of instances, the temporary les generated during the deployment process must be deleted. · At the end of a successful deployment, the original instances in the deployment group must be deleted immediately to reduce costs.

How can a DevOps engineer meet these requirements?

  1. Use an Application Load Balancer and an in-place deployment. Associate the Auto Scaling group with the deployment group. Use the Automatically copy Auto Scaling group option, and use CodeDeployDefault.OneAtAtime as the deployment con guration. Instruct AWS CodeDeploy to terminate the original instances in the deployment group, and use the AllowTra c hook within appspec.yml to delete the temporary les.
  2. Use an Application Load Balancer and a blue/green deployment. Associate the Auto Scaling group and Application Load Balancer target group with the deployment group. Use the Automatically copy Auto scaling group option, create a custom deployment con guration with minimum healthy hosts de ned as 50%, and assign the con guration to the deployment group. Instruct AWS CodeDeploy to terminate the original instances in the deployment group, and use the BeforeBlockTra c hook within appspec.yml to delete the temporary les.
  3. Use an Application Load Balancer and a blue/green deployment. Associate the Auto Scaling group and the Application Load Balancer target group with the deployment group. Use the Automatically copy Auto Scaling group option, and use CodeDeployDefault.HalfAtAtime as the deployment con guration. Instruct AWS CodeDeploy to terminate the original instances in the deployment group, and use the BeforeAllowTra c hook within appspec.yml to delete the temporary les.
  4. Use an Application Load Balancer and an in-place deployment. Associate the Auto Scaling group and Application Load Balancer target group with the deployment group. Use the Automatically copy Auto Scaling group option, and use CodeDeployDefault AllatOnce as a deployment con guration. Instruct AWS CodeDeploy to terminate the original instances in the deployment group, and use the BlockTra c hook within appspec.yml to delete the temporary les.

Answer(s): C



Viewing page 4 of 43
Viewing questions 16 - 20 out of 208 questions



Post your Comments and Discuss Amazon AWS DevOps Engineer Professional exam prep with other Community members:

Join the AWS DevOps Engineer Professional Discussion