100% Free Amazon DOP-C02 Practice Test Questions

Question 1

A company wants to use AWS Systems Manager documents to bootstrap physical laptops for developers. The bootstrap code is stored in GitHub. A DevOps engineer has already created a Systems Manager activation, installed the Systems Manager agent with the registration code, and installed an activation ID on all the laptops.

Which set of steps should be taken next?

A : Configure the Systems Manager document to use the AWS-RunShellScript command to copy the files from GitHub to Amazon S3, then use the aws-downloadContent plugin with a sourceType of S3.

B : Configure the Systems Manager document to use the aws-configurePackage plugin with an install action and point to the Git repository.

C : Configure the Systems Manager document to use the aws-downloadContent plugin with a sourceType of GitHub and sourceInfo with the repository details.

D : Configure the Systems Manager document to use the aws:softwareInventory plugin and run the script from the Git repository.

Answer: C

Question 2

A company manages an application that stores logs in Amazon CloudWatch Logs. The company wants to archive the logs to an Amazon S3 bucket. Logs are rarely accessed after 90 days and must be retained for 10 years.

Which combination of steps should a DevOps engineer take to meet these requirements? (Choose two.)

A : Configure a CloudWatch Logs subscription filter to use AWS Glue to transfer all logs to an S3 bucket.

B : Configure a CloudWatch Logs subscription filter to use Amazon Kinesis Data Firehose to stream all logs to an S3 bucket.

C : Configure a CloudWatch Logs subscription filter to stream all logs to an S3 bucket.

D : Configure the S3 bucket lifecycle policy to transition logs to S3 Glacier after 90 days and to expire logs after 3.650 days.

E : Configure the S3 bucket lifecycle policy to transition logs to Reduced Redundancy after 90 days and to expire logs after 3.650 days.

Answer: B,D

Question 3

A company's DevOps engineer is creating an AWS Lambda function to process notifications from an Amazon Simple Notification Service (Amazon SNS) topic. The Lambda function will process the notification messages and will write the contents of the notification messages to an Amazon RDS Multi-AZ DB instance. During testing a database administrator accidentally shut down the DB instance. While the database was down the company lost several of the SNS notification messages that were delivered during that time. The DevOps engineer needs to prevent the loss of notification messages in the future Which solutions will meet this requirement? (Select TWO.)

A : Replace the RDS Multi-AZ DB instance with an Amazon DynamoDB table.

B : Configure an Amazon Simple Queue Service (Amazon SQS) queue as a destination of the Lambda function.

C : Configure an Amazon Simple Queue Service (Amazon SQS> dead-letter queue for the SNS topic.

D : Subscribe an Amazon Simple Queue Service (Amazon SQS) queue to the SNS topic Configure the Lambda function to process messages from the SQS queue.

E : Replace the SNS topic with an Amazon EventBridge event bus Configure an EventBridge rule on the new event bus to invoke the Lambda function for each event.

Answer: C,D

Question 4

A company manages multiple AWS accounts in AWS Organizations. The company's security policy states that AWS account root user credentials for member accounts must not be used. The company monitors access to the root user credentials. A recent alert shows that the root user in a member account launched an Amazon EC2 instance. A DevOps engineer must create an SCP at the organization's root level that will prevent the root user in member accounts from making any AWS service API calls. Which SCP will meet these requirements?

A : "Version": "2012-10-17","Statement": ["Effect": "Allow","Action": "N"Resource":"","Condition": {"StringNotLike": "aws: PrincipalArn": "arn: aws:iam::*:root"

B : "Version": "2012-10-17","Statement": [{"Effect": "Deny","Action": "*","Resource": "*""Principal": { "AWS": arn:aws: iam::*:root"}

C : 1"Version": "2012-10-17","Statement": [{"Effect": "Deny","Action":"","Resource": "*","Condition": {"StringLike": "aws: PrincipalArn": "arn:aws:iam::*:root" }

D : "Version": "2012-10-17","Statement": [f"Effect": "Allow","Action":"Resource":"Principal": "root"

Answer: D

Question 5

A company's security policies require the use of security hardened AMIS in production environments. A DevOps engineer has used EC2 Image Builder to create a pipeline that builds the AMIs on a recurring schedule. The DevOps engineer needs to update the launch templates of the companys Auto Scaling groups. The Auto Scaling groups must use the newest AMIS during the launch of Amazon EC2 instances. Which solution will meet these requirements with the MOST operational efficiency?

A : Configure an Amazon EventBridge rule to receive new AMI events from Image Builder. Target an AWS Systems Manager Run Command document that updates the launch templates of the Auto Scaling groups with the newest AMI ID.

B : Configure an Amazon EventBridge rule to receive new AMI events from Image Builder. Target an AWS Lambda function that updates the launch templates of the Auto Scaling groups with the newest AMI ID.

C : Configure the launch template to use a value from AWS Systems Manager Parameter Store for the AMI ID. Configure the Image Builder pipeline to update the Parameter Store value with the newest AMI ID.

D : Configure the Image Builder distribution settings to update the launch templates with the newest AMI ID. Configure the Auto Scaling groups to use the newest version of the launch template.

Answer: C

Free Practice Amazon DOP-C02 Exam Questions 2025