100% Free Amazon DOP-C02 Practice Test Questions

Question 1

A software development company is using AWS CodeCommit, AWS CodeBuild, AWS CodeDeploy, and AWS CodePipeline for its CI/CD process. To further improve their systems, they need to implement a solution that automatically detects and reacts to changes in the state of their deployments in AWS CodeDeploy. Any changes must be rolled back automatically if the deployment process fails, and a notification must be sent to the DevOps Team's Slack channel for easy monitoring.

Which of the following is the MOST suitable configuration that you should implement to satisfy this requirement?

A : Set up a CloudWatch Events rule to monitor AWS CodeDeploy operations with a Lambda function as a target. Configure the rule to send out a message to the DevOps Team's Slack Channel in the event that the deployment fails. Configure AWS CodeDeploy to use the Roll back when a deployment fails setting.

B : Monitor the API calls in the CodeDeploy project using AWS CloudTrail. Send a message to the DevOps Team's Slack Channel when the PutLifecycleEventHookExecutionStatus API call has been detected. Rollback the changes by using the AWS CLI.

C : Set up a CloudWatch Alarm that tracks the CloudWatch metrics of the CodeDeploy project. Configure the CloudWatch Alarm to automatically send out a message to the DevOps Team's Slack Channel when the deployment fails. Configure AWS CodeDeploy to use the Roll back when alarm thresholds are met setting.

D : Configure a CodeDeploy agent to send notification to the DevOps Team's Slack Channel when the deployment fails. Configure AWS CodeDeploy to automatically roll back whenever the deployment is not successful.

Answer: A

Question 2

A company runs its container workloads in AWS App Runner. A DevOps engineer manages the company's container repository in Amazon Elastic Container Registry (Amazon ECR). The DevOps engineer must implement a solution that continuously monitors the container repository. The solution must create a new container image when the solution detects an operating system vulnerability or language package vulnerability. Which solution will meet these requirements?

A : Use EC2 Image Builder to create a container image pipeline. Use Amazon ECR as the target repository. Turn on enhanced scanning on the ECR repository. Create an Amazon EventBridge rule to capture an Inspector2 finding event. Use the event to invoke the image pipeline. Re-upload the container to the repository.

B : Use EC2 Image Builder to create a container image pipeline. Use Amazon ECR as the target repository. Enable Amazon GuardDuty Malware Protection on the container workload. Create an Amazon EventBridge rule to capture a GuardDuty finding event. Use the event to invoke the image pipeline.

C : Create an AWS CodeBuild project to create a container image. Use Amazon ECR as the target repository. Turn on basic scanning on the repository. Create an Amazon EventBridge rule to capture an ECR image action event. Use the event to invoke the CodeBuild project. Re-upload the container to the repository.

D : Create an AWS CodeBuild project to create a container image. Use Amazon ECR as the target repository. Configure AWS Systems Manager Compliance to scan all managed nodes. Create an Amazon EventBridge rule to capture a configuration compliance state change event. Use the event to invoke the CodeBuild project.

Answer: A

Question 3

A DevOps engineer is building the infrastructure for an application. The application needs to run on an Amazon Elastic Kubernetes Service (Amazon EKS) cluster that includes Amazon EC2 instances. The EC2 instances need to use an Amazon Elastic File System (Amazon EFS) file system as a storage backend. The Amazon EFS Container Storage Interface (CSI) driver is installed on the EKS cluster.

When the DevOps engineer starts the application, the EC2 instances do not mount the EFS file system.

Which solutions will fix the problem? (Choose three.)

A : Switch the EKS nodes from Amazon EC2 to AWS Fargate.

B : Add an inbound rule to the EFS file system’s security group to allow NFS traffic from the EKS cluster.

C : Create an IAM role that allows the Amazon EFS CSI driver to interact with the file system

D : Set up AWS DataSync to configure file transfer between the EFS file system and the EKS nodes.

E : Create a mount target for the EFS file system in the subnet of the EKS nodes.

F : Disable encryption or the EFS file system.

Answer: B,C,F

Question 4

An American tech company used an AWS CloudFormation template to deploy its static corporate website hosted on Amazon S3 in the US East (N. Virginia) region. The template defines an Amazon S3 bucket with a Lambda-backed custom resource that downloads the content from a file server into the bucket. There is a new task for the DevOps Engineer to move the website to the US West (Oregon) region to better serve its customers on the West Coast with lower latency. However, the application stack could not be deleted successfully in CloudFormation.

Which among the following options shows the root cause of this issue, and how can the DevOps Engineer mitigate this problem for current and future versions of the website?

A : The CloudFormation stack deletion fails for an S3 bucket that is used as a static web hosting. To fix the issue, modify the CloudFormation template to remove the website configuration for the S3 bucket.

B : The CloudFormation stack deletion fails for an S3 bucket because the DeletionPolicy attribute is set to Snapshot. To fix the issue, set the DeletionPolicy to Delete instead.

C : The CloudFormation stack deletion fails for an S3 bucket that still has contents. To fix the issue, modify the Lambda function code of the custom resource to recursively empty the bucket if the stack is selected for deletion.

D : The CloudFormation stack deletion fails for an S3 bucket because it is not yet empty. To fix the issue, set the DeletionPolicy to ForceDelete instead.

Answer: C

Question 5

company has deployed a complex container-based workload on AWS. The workload uses Amazon Managed Service for Prometheus for monitoring. The workload runs in an Amazon

Elastic Kubernetes Service (Amazon EKS) cluster in an AWS account.

The company’s DevOps team wants to receive workload alerts by using the company’s Amazon Simple Notification Service (Amazon SNS) topic. The SNS topic is in the same AWS account as the EKS cluster.

Which combination of steps will meet these requirements? (Choose three.)

A : Use the Amazon Managed Service for Prometheus remote write URL to send alerts to the SNS topic

B : Create an alerting rule that checks the availability of each of the workload’s containers.

C : reate an alert manager configuration for the SNS topic.

D : Modify the access policy of the SNS topic. Grant the aps.amazonaws.com service principal the sns:Publish permission and the sns:GetTopicAttributes permission for the SNS topic.

E : Modify the IAM role that Amazon Managed Service for Prometheus uses. Grant the role the sns:Publish permission and the sns:GetTopicAttributes permission for the SNS topic.

F : Create an OpenID Connect (OIDC) provider for the EKS cluster. Create a cluster service account. Grant the account the sns:Publish permission and the sns:GetTopicAttributes permission by using an IAM role.

Answer: B,D,E

Free Practice Amazon DOP-C02 Exam Questions 2025