Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS DevOps Engineer Professional

Amazon AWS DevOps Engineer Professional Exam
AWS DevOps Engineer - Professional (DOP-C01) (Page 7 )

Updated On: 12-Feb-2026
Page 7 of 43
PDF with 208 Questions

A DevOps engineer is deploying a new version of a company's application in an AWS CodeDeploy deployment group associated with its Amazon EC2 instances.
After some time, the deployment fails. The engineer realizes that all the events associated with the speci c deployment ID are in a Skipped status, and code was not deployed in the instances associated with the deployment group.
What are valid reasons for this failure? (Choose two.)

  1. The networking con guration does not allow the EC2 instances to reach the internet via a NAT gateway or internet gateway, and the CodeDeploy endpoint cannot be reached.
  2. The IAM user who triggered the application deployment does not have permission to interact with the CodeDeploy endpoint.
  3. The target EC2 instances were not properly registered with the CodeDeploy endpoint.
  4. An instance pro le with proper permissions was not attached to the target EC2 instances.
  5. The appspec.yml le was not included in the application revision.

Answer(s): A,D



A company has an application that is using a MySQL-compatible Amazon Aurora Multi-AZ DB cluster as the database. A cross-Region read replica has been created for disaster recovery purposes. A DevOps engineer wants to automate the promotion of the replica so it becomes the primary database instance in the event of a failure.
Which solution will accomplish this?

  1. Con gure a latency-based Amazon Route 53 CNAME with health checks so it points to both the primary and replica endpoints. Subscribe an Amazon SNS topic to Amazon RDS failure noti cations from AWS CloudTrail and use that topic to trigger an AWS Lambda function that will promote the replica instance as the master.
  2. Create an Aurora custom endpoint to point to the primary database instance. Con gure the application to use this endpoint. Con gure AWS CloudTrail to run an AWS Lambda function to promote the replica instance and modify the custom endpoint to point to the newly promoted instance.
  3. Create an AWS Lambda function to modify the application's AWS Cloud Formation template to promote the replica, apply the template to update the stack, and point the application to the newly promoted instance. Create an Amazon CloudWatch alarm to trigger this Lambda function after the failure event occurs.
  4. Store the Aurora endpoint in AWS Systems Manager Parameter Store. Create an Amazon EventBridge (Amazon CloudWatch Events) event that defects the database failure and runs an AWS Lambda function to promote the replica instance and update the endpoint URL stored in AWS Systems Manager Parameter Store. Code the application to reload the endpoint from Parameter Store if a database connection fails.

Answer(s): D



An application has microservices spread across different AWS accounts and is integrated with an on-premises legacy system for some of its functionality.
Because of the segmented architecture and missing logs, every time the application experiences issues, it is taking too long to gather the logs to identify the issues. A DevOps Engineer must x the log aggregation process and provide a way to centrally analyze the logs.
Which is the MOST e cient and cost-effective solution?

  1. Collect system logs and application logs by using the Amazon CloudWatch Logs agent. Use the Amazon S3 API to export on-premises logs, and store the logs in an S3 bucket in a central account. Build an Amazon EMR cluster to reduce the logs and derive the root cause.
  2. Collect system logs and application logs by using the Amazon CloudWatch Logs agent. Use the Amazon S3 API to import on-premises logs.
    Store all logs in S3 buckets in individual accounts. Use Amazon Macie to write a query to search for the required speci c event-related data point.
  3. Collect system logs and application logs using the Amazon CloudWatch Logs agent. Install the CloudWatch Logs agent on the on-premises servers. Transfer all logs from AWS to the on-premises data center. Use an Amazon Elasticsearch Logstash Kibana stack to analyze logs on premises.
  4. Collect system logs and application logs by using the Amazon CloudWatch Logs agent. Install a CloudWatch Logs agent for on-premises resources. Store all logs in an S3 bucket in a central account. Set up an Amazon S3 trigger and an AWS Lambda function to analyze incoming logs and automatically identify anomalies. Use Amazon Athena to run ad hoc queries on the logs in the central account.

Answer(s): D



A company's DevOps engineer is working in a multi-account environment. The company uses AWS Transit Gateway to route all outbound tra c through a network operations account. In the network operations account, all account tra c passes through a rewall appliance for inspection before the tra c goes to an internet gateway.
The rewall appliance sends logs to Amazon CloudWatch Logs and includes event severities of CRITICAL, HIGH, MEDIUM, LOW, and INFO. The security team wants to receive an alert if any CRITICAL events occur.
What should the DevOps engineer do to meet these requirements?

  1. Create an Amazon CloudWatch Synthetics canary to monitor the rewall state. If the rewall reaches a CRITICAL state or logs a CRITICAL event, use a CloudWatch alarm to publish a noti cation to an Amazon Simple Noti cation Service (Amazon SNS) topic. Subscribe the security team's email address to the topic.
  2. Create an Amazon CloudWatch mettic lter by using a search for CRITICAL events. Publish a custom metric for the nding. Use a CloudWatch alarm based on the custom metric to publish a noti cation to an Amazon Simple Noti cation Service (Amazon SNS) topic.
    Subscribe the security team's email address to the topic.
  3. Enable Amazon GuardDuty in the network operations account. Con gure GuardDuty to monitor ow logs. Create an Amazon EventBridge (Amazon CloudWatch Events) event rule that is invoked by GuardDuty events that are CRITICAL. De ne an Amazon Simple Noti cation Service (Amazon SNS) topic as a target. Subscribe the security team's email address to the topic.
  4. Use AWS Firewall Manager to apply consistent policies across all accounts. Create an Amazon EventBridge (Amazon CloudWatch Events) event rule that is invoked by Firewall Manager events that are CRITICAL. De ne an Amazon Simple Noti cation Service (Amazon SNS) topic as a target. Subscribe the security team's email address to the topic.

Answer(s): B


Reference:

https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_ ndings_cloudwatch.html



A company recently migrated its legacy application from on-premises to AWS. The application is hosted on Amazon EC2 instances behind an Application Load
Balancer, which is behind Amazon API Gateway. The company wants to ensure users experience minimal disruptions during any deployment of a new version of the application. The company also wants to ensure it can quickly roll back updates if there is an issue. Which solution will meet these requirements with MINIMAL changes to the application?

  1. Introduce changes as a separate environment parallel to the existing one. Con gure API Gateway to use a canary release deployment to send a small subset of user tra c to the new environment.
  2. Introduce changes as a separate environment parallel to the existing one. Update the application's DNS alias records to point to the new environment.
  3. Introduce changes as a separate target group behind the existing Application Load Balancer. Con gure API Gateway to route user tra c to the new target group in steps.
  4. Introduce changes as a separate target group behind the existing Application Load Balancer. Con gure API Gateway to route all tra c to the Application Load Balancer, which then sends the tra c to the new target group.

Answer(s): A






Post your Comments and Discuss Amazon AWS DevOps Engineer Professional exam prep with other Community members:

Join the AWS DevOps Engineer Professional Discussion