Easy & Quick Way To Pass Your Any Certification Exam.

Amazon DOP-C02 Exam Dumps

AWS Certified DevOps Engineer - Professional

( 735 Reviews )
Total Questions : 449
Update Date : July 16, 2026
PDF + Test Engine
$65 $95
Test Engine
$55 $85
PDF Only
$45 $75

Recent DOP-C02 Exam Results

Our Amazon DOP-C02 dumps are key to get success. More than 80000+ success stories.

41

Clients Passed Amazon DOP-C02 Exam Today

94%

Passing score in Real Amazon DOP-C02 Exam

91%

Questions were from our given DOP-C02 dumps


DOP-C02 Dumps

Dumpsspot offers the best DOP-C02 exam dumps that comes with 100% valid questions and answers. With the help of our trained team of professionals, the DOP-C02 Dumps PDF carries the highest quality. Our course pack is affordable and guarantees a 98% to 100% passing rate for exam. Our DOP-C02 test questions are specially designed for people who want to pass the exam in a very short time.

Most of our customers choose Dumpsspot's DOP-C02 study guide that contains questions and answers that help them to pass the exam on the first try. Out of them, many have passed the exam with a passing rate of 98% to 100% by just training online.


Top Benefits Of Amazon DOP-C02 Certification

  • Proven skills proficiency
  • High earning salary or potential
  • Opens more career opportunities
  • Enrich and broaden your skills
  • Stepping stone to avail of advance DOP-C02 certification

Who is the target audience of Amazon DOP-C02 certification?

  • The DOP-C02 PDF is for the candidates who aim to pass the Amazon Certification exam in their first attempt.
  • For the candidates who wish to pass the exam for Amazon DOP-C02 in a short period of time.
  • For those who are working in Amazon industry to explore more.

What makes us provide these Amazon DOP-C02 dumps?

Dumpsspot puts the best DOP-C02 Dumps question and answers forward for the students who want to clear the exam in their first go. We provide a guarantee of 100% assurance. You will not have to worry about passing the exam because we are here to take care of that.


Amazon DOP-C02 Sample Questions

Question # 1

A DevOps engineer needs to implement integration tests into an existing AWSCodePipelme CI/CD workflow for an Amazon Elastic Container Service (Amazon ECS)service. The CI/CD workflow retrieves new application code from an AWS CodeCommitrepository and builds a container image. The CI/CD workflow then uploads the containerimage to Amazon Elastic Container Registry (Amazon ECR) with a new image tag version.The integration tests must ensure that new versions of the service endpoint are reachableand that vanous API methods return successful response data The DevOps engineer hasalready created an ECS cluster to test the serviceWhich combination of steps will meet these requirements with the LEAST managementoverhead? (Select THREE.)

A. Add a deploy stage to the pipeline Configure Amazon ECS as the action provider 
B. Add a deploy stage to the pipeline Configure AWS CodeDeploy as the action provider 
C. Add an appspec.yml file to the CodeCommit repository 
D. Update the image build pipeline stage to output an imagedefinitions json file thatreferences the new image tag. 
E. Create an AWS Lambda function that runs connectivity checks and API calls against theservice. Integrate the Lambda function with CodePipeline by using aLambda action stage
F. Write a script that runs integration tests against the service. Upload the script to anAmazon S3 bucket. Integrate the script in the S3 bucket with CodePipeline by using an S3action stage



Question # 2

To run an application, a DevOps engineer launches an Amazon EC2 instance with publicIP addresses in a public subnet. A user data script obtains the application artifacts andinstalls them on the instances upon launch. A change to the security classification of theapplication now requires the instances to run with no access to the internet. While theinstances launch successfully and show as healthy, the application does not seem to beinstalled.Which of the following should successfully install the application while complying with thenew rule?

A. Launch the instances in a public subnet with Elastic IP addresses attached. Once theapplication is installed and running, run a script to disassociate the Elastic IP addressesafterwards. 
B. Set up a NAT gateway. Deploy the EC2 instances to a private subnet. Update theprivate subnet's route table to use the NAT gateway as the default route. 
C. Publish the application artifacts to an Amazon S3 bucket and create a VPC endpoint forS3. Assign an IAM instance profile to the EC2 instances so they can read the applicationartifacts from the S3 bucket.
D. Create a security group for the application instances and allow only outbound traffic tothe artifact repository. Remove the security group rule once the install is complete. 



Question # 3

A DevOps engineer needs to implement a CI/CD pipeline in an AWS account. The pipelinemust consume sensitive database credentials that are stored in an AWS Systems ManagerParameter Store parameter. The Parameter Store parameter is in a separate centralaccount. The DevOps engineer needs to create and integrate the parameter with the CI/CDaccount.Which combination of steps will meet these requirements? (Select THREE.)

A. Use an advanced tier Parameter Store parameter to store the database credentials inthe central AWS account. 
B. Create an IAM role in the AWS account that hosts the CI/CD pipeline. Add the full ARNof the parameter to the IAM policy that is associated with the IAM role. 
C. Use a standard tier Parameter Store parameter to store the database credentials in thecentral AWS account. 
D. Use an AWS KMS managed key to encrypt the parameter. Grant decrypt permissionsfor the KMS key to the AWS account that hosts the CI/CD pipeline.
E. Use a customer managed AWS KMS key to encrypt the parameter. Grant decryptpermissions for the customer managed key to the AWS account that hosts the CI/CDpipeline. 
F. Create an AWS Resource Access Manager (AWS RAM) resource share in the centralAWS account. Share the parameter with the account that hosts the CI/CD pipeline.



Question # 4

A DevOps engineer is researching the least expensive way to implement an image batchprocessing cluster on AWS. The application cannot run in Docker containers and must runon Amazon EC2. The batch job stores checkpoint data on an NFS volume and can tolerateinterruptions. Configuring the cluster software from a generic EC2 Linux image takes 30minutes.What is the MOST cost-effective solution?

A. Use Amazon EFS (or checkpoint data. To complete the job, use an EC2 Auto Scalinggroup and an On-Demand pricing model to provision EC2 instances temporally. 
B. Use GlusterFS on EC2 instances for checkpoint data. To run the batch job configureEC2 instances manually When the job completes shut down the instances manually. 
C. Use Amazon EFS for checkpoint data Use EC2 Fleet to launch EC2 Spot Instances andutilize user data to configure the EC2 Linux instance on startup. 
D. Use Amazon EFS for checkpoint data Use EC2 Fleet to launch EC2 Spot InstancesCreate a custom AMI for the cluster and use the latest AMI when creating instances.



Question # 5

A company has an RPO of 24 hours and an RTO of 10 minutes for a critical webapplication that runs on Amazon EC2 instances. The company uses AWS Organizations tomanage its AWS account. The company wants to set up AWS Backup for its AWSenvironment.A DevOps engineer configures AWS Organizations for AWS Backup. The DevOpsengineer creates a new centralized AWS account to store the backups. Each EC2 instancehas four Amazon Elastic Block Store (Amazon EBS) volumes attached.Which solution will meet this requirement MOST securely?

A. Create encrypted backup vaults and customer managed AWS KMS keys in bothaccounts. Configure AWS Backup to create full EC2 backups as AMIs. Copy the backupsto the centralized vault.
B. Create encrypted vaults in both accounts by using the source account's AWS KMS key.Configure AWS Backup to create EC2 AMIs. Copy the AMIs to the centralized vault
C. Create backup vaults in both accounts. Use AWS managed keys for encryption.Configure AWS Backup to create EC2 AMIs. Copy the AMIs to the centralized vault.
D. Create encrypted vaults in both accounts. Use a customer managed KMS key in thesource account. Use an AWS managed key in the centralized account. Configure AWSBackup to create EC2 AMIs. Copy the AMIs to the centralized vault. 



Question # 6

A DevOps team manages an API running on-premises that serves as a backend for anAmazon API Gateway endpoint. Customers have been complaining about high responselatencies, which the development team has verified using the API Gateway latency metricsin Amazon CloudWatch. To identify the cause, the team needs to collect relevant datawithout introducing additional latency.Which actions should be taken to accomplish this? (Choose two.)

A. Install the CloudWatch agent server side and configure the agent to upload relevant logsto CloudWatch
B. Enable AWS X-Ray tracing in API Gateway, modify the application to capture requestsegments, and upload those segments to X-Ray during each request. 
C. Enable AWS X-Ray tracing in API Gateway, modify the application to capture requestsegments, and use the X-Ray daemon to upload segments to X-Ray.
D. Modify the on-premises application to send log information back to API Gateway witheach request.
E. Modify the on-premises application to calculate and upload statistical data relevant tothe API service requests to CloudWatch metrics.



Question # 7

A company uses Amazon RDS for Microsoft SQL Server as its primary database forapplications. The company needs to ensure high availability within and across AWSRegions.An Amazon Route 53 CNAME record is configured for the database endpoint. Theapplications connect to the database endpoint. The company must redirect applicationtraffic to a standby database during a failover event. The company must maintain an RPOof less than 1 minute and an RTO of less than 10 minutes.Which solution will meet these requirements?

A. Deploy an Amazon RDS for SQL Server Multi-AZ DB cluster deployment that usescross-Region read replicas. Use automation to promote the read replica to a standaloneinstance and to update the Route 53 record.
B. Deploy an Amazon RDS for SQL Server Multi-AZ DB cluster deployment. Set upautomated snapshots to be copied to another Region every 5 minutes. Use AWS Lambdato restore the latest snapshot in the secondary Region during failover.
C. Deploy an Amazon RDS for SQL Server Single-AZ DB instance. Use AWS DatabaseMigration Service (AWS DMS) to replicate data continuously to an RDS DB instance in another Region. Use Amazon CloudWatch alarms to notify the company about failoverevents. 
D. Deploy an Amazon RDS for SQL Server Single-AZ DB instance. Configure AWSBackup to create cross-Region backups every 30 seconds. Use automation to restore thelatest backup and to update the Route 53 record during failover.



Question # 8

A company containerized its Java app and uses CodePipeline. They want to scan imagesin ECR for vulnerabilities and reject images with critical vulnerabilities in a manual approvalstage.Which solution meets these?

A. Basic scanning with EventBridge for Inspector findings and Lambda to reject manualapproval if critical vulnerabilities found.
B. Enhanced scanning, Lambda invokes Inspector for SBOM, exports to S3, Athenaqueries SBOM, rejects manual approval on critical findings. 
C. Enhanced scanning, EventBridge listens to Detective scan findings, Lambda rejectsmanual approval on critical vulnerabilities.
D. Enhanced scanning, EventBridge listens to Inspector scan findings, Lambda rejectsmanual approval on critical vulnerabilities. 



Question # 9

A company requires that its internally facing web application be highly available. Thearchitecture is made up of one Amazon EC2 web server instance and one NAT instancethat provides outbound internet access for updates and accessing public data.Which combination of architecture adjustments should the company implement to achievehigh availability? (Choose two.)

A. Add the NAT instance to an EC2 Auto Scaling group that spans multiple AvailabilityZones. Update the route tables.
B. Create additional EC2 instances spanning multiple Availability Zones. Add anApplication Load Balancer to split the load between them.
C. Configure an Application Load Balancer in front of the EC2 instance. Configure AmazonCloudWatch alarms to recover the EC2 instance upon host failure.
D. Replace the NAT instance with a NAT gateway in each Availability Zone. Update theroute tables. 
E. Replace the NAT instance with a NAT gateway that spans multiple Availability Zones.Update the route tables. 



Question # 10

A company has a web application that publishes logs that contain metadata fortransactions, with a status of success or failure for each log. The logs are in JSON format.The application publishes the logs to an Amazon CloudWatch Logs log group.The company wants to create a dashboard that displays the number of successfultransactions.Which solution will meet this requirement with the LEAST operational overhead?

A. Create an Amazon OpenSearch Service cluster and an OpenSearch Servicesubscription filter to send the log group data to the cluster. Create a dashboard within theDashboards feature in the OpenSearch Service cluster by using a search query fortransactions that have a status of success.
B. Create a CloudWatch subscription filter for the log group that uses an AWS Lambdafunction. Configure the Lambda function to parse the JSON logs and publish a custommetric to CloudWatch for transactions that have a status of success. Create a CloudWatchdashboard by using a metric graph that displays the custom metric. 
C. Create a CloudWatch metric filter for the log groups with a filter pattern that matches thetransaction status property and a value of success. Create a CloudWatch dashboard byusing a metric graph that displays the new metric. 
D. Create an Amazon Kinesis data stream that is subscribed to the log group. Configurethe data stream to filter incoming log data based on a status of success and to send thefiltered logs to an AWS Lambda function. Configure the Lambda function to publish acustom metric to CloudWatch. Create a CloudWatch dashboard by using a metric graphthat displays the custom metric. 



Question # 11

A company runs several applications in the same AWS account. The applications sendlogs to Amazon CloudWatch.A data analytics team needs to collect performance metrics and custom metrics from theapplications. The analytics team needs to transform the metrics data before storing thedata in an Amazon S3 bucket. The analytics team must automatically collect any newmetrics that are added to the CloudWatch namespace.Which solution will meet these requirements with the LEAST operational overhead?

A. Configure a CloudWatch metric stream to include metrics from the application and theCloudWatch namespace. Configure the metric stream to deliver the metrics to an AmazonData Firehose delivery stream. Configure the Firehose delivery stream to invoke an AWSLambda function to transform the data. Configure the delivery stream to send thetransformed data to the S3 bucket. 
B. Configure a CloudWatch metrics stream to include all the metrics and to deliver themetrics to an Amazon Data Firehose delivery stream. Configure the Firehose deliverystream to invoke an AWS Lambda function to transform the data. Configure the deliverystream to send the transformed data to the S3 bucket
C. Configure metric filters for the CloudWatch logs to create custom metrics. Configure aCloudWatch metric stream to deliver the application metrics to the S3 bucket. 
D. Configure subscription filters on the application log groups to target an Amazon DataFirehose delivery stream. Configure the Firehose delivery stream to invoke an AWSLambda function to transform the data. Configure the delivery stream to send thetransformed data to the S3 bucket.



Question # 12

A DevOps engineer is planning to use the AWS Cloud Development Kit (AWS CDK) tomanage infrastructure as code (IaC) for a microservices-based application. The DevOpsengineer must create reusable components for common infrastructure patterns and mustapply the same cost allocation tags across different microservices.Which solution will meet these requirements?

A. Create a custom CDK construct library that includes common infrastructure patterns.Create a CDK app. Use the TagManager class to add cost allocation tags to the whole app.Use the custom CDK construct library to write a higher-level construct that contains all themicroservices. Deploy the microservices as a single CDK stack with environment-specificconfigurations. 
B. Create a custom CDK construct library that includes common infrastructure patterns.Create a CDK app. Use the Tags class to add cost allocation tags to the whole app. Usethe custom CDK construct library to write higher-level constructs for each microservice.Deploy the microservices as separate CDK stacks with environment-specificconfigurations.
C. Create AWS Service Catalog products that contain common infrastructure components.Create a CDK app. Use the TagManager class to add cost allocation tags to the whole app.Use the Service Catalog products to write a higher-level construct that contains all themicroservices. Deploy the microservices as a single CDK stack with environment-specificconfigurations.
D. Create AWS Service Catalog products that contain common infrastructure components.Create a CDK app. Use the Tags class to add cost allocation tags to the whole app. Usethe Service Catalog products to write higher-level constructs for each microservice. Deploythe microservices as separate CDK stacks with environment-specific configurations. 



Question # 13

A company is using the AWS Cloud Development Kit (AWS CDK) to develop amicroservices-based application. The company needs to create reusable infrastructurecomponents for three environments: development, staging, and production. Thecomponents must include networking resources, database resources, and serverlesscompute resources.The company must implement a solution that provides consistent infrastructure acrossenvironments while offering the option for environment-specific customizations. Thesolution also must minimize code duplication.Which solution will meet these requirements with the LEAST development overhead?

A. Create custom Level 1 (L1) constructs out of Level 2 (L2) constructs where repeatablepatterns exist. Create a single set of deployment stacks that takes the environment nameas an argument upon instantiation. Deploy CDK applications for each environment. 
B. Create custom Level 1 (L1) constructs out of Level 2 (L2) constructs where repeatablepatterns exist. Create separate deployment stacks for each environment. Use the CDKcontext command to determine which stacks to run when deploying to each environment.
C. Create custom Level 3 (L3) constructs out of Level 2 (L2) constructs where repeatablepatterns exist. Create a single set of deployment stacks that takes the environment nameas an argument upon instantiation. Deploy CDK applications for each environment. 
D. Create custom Level 3 (L3) constructs out of Level 2 (L2) constructs where repeatablepatterns exist. Create separate deployment stacks for each environment. Use the CDKcontext command to determine which stacks to run when deploying to each environment. 



Question # 14

A company has deployed an application in a production VPC in a single AWS account. Theapplication is popular and is experiencing heavy usage. The company’s security teamwants to add additional security, such as AWS WAF, to the application deployment.However, the application's product manager is concerned about cost and does not want toapprove the change unless the security team can prove that additional security isnecessary.The security team believes that some of the application's demand might come from usersthat have IP addresses that are on a deny list. The security team provides the deny list to aDevOps engineer. If any of the IP addresses on the deny list access the application, thesecurity team wants to receive automated notification in near real time so that the securityteam can document that the application needs additional security. The DevOps engineercreates a VPC flow log for the production VPC.Which set of additional steps should the DevOps engineer take to meet these requirementsMOST cost-effectively?

A. Create a log group in Amazon CloudWatch Logs. Configure the VPC flow log to captureaccepted traffic and to send the data to the log group. Create an Amazon CloudWatchmetric filter for IP addresses on the deny list. Create a CloudWatch alarm with the metricfilter as input. Set the period to 5 minutes and the datapoints to alarm to 1. Use an AmazonSimple Notification Service (Amazon SNS) topic to send alarm notices to the security team. 
B. Create an Amazon S3 bucket for log files. Configure the VPC flow log to capture alltraffic and to send the data to the S3 bucket. Configure Amazon Athena to return all logfiles in the S3 bucket for IP addresses on the deny list. Configure Amazon QuickSight toaccept data from Athena and to publish the data as a dashboard that the security team canaccess. Create a threshold alert of 1 for successful access. Configure the alert toautomatically notify the security team as frequently as possible when the alert threshold ismet. 
C. Create an Amazon S3 bucket for log files. Configure the VPC flow log to captureaccepted traffic and to send the data to the S3 bucket. Configure an Amazon OpenSearchService cluster and domain for the log files. Create an AWS Lambda function to retrieve thelogs from the S3 bucket, format the logs, and load the logs into the OpenSearch Servicecluster. Schedule the Lambda function to run every 5 minutes. Configure an alert andcondition in OpenSearch Service to send alerts to the security team through an AmazonSimple Notification Service (Amazon SNS) topic when access from the IP addresses on thedeny list is detected. 
D. Create a log group in Amazon CloudWatch Logs. Create an Amazon S3 bucket to holdquery results. Configure the VPC flow log to capture all traffic and to send the data to thelog group. Deploy an Amazon Athena CloudWatch connector in AWS Lambda. Connectthe connector to the log group. Configure Athena to periodically query for all acceptedtraffic from the IP addresses on the deny list and to store the results in the S3 bucket.Configure an S3 event notification to automatically notify the security team through anAmazon Simple Notification Service (Amazon SNS) topic when new objects are added tothe S3 bucket.



Question # 15

A company has an AWS CodePipeline pipeline that is configured with an Amazon S3bucket in the eu-west-1 Region. The pipeline deploys an AWS Lambda application to thesame Region. The pipeline consists of an AWS CodeBuild project build action and an AWSCloudFormation deploy action.The CodeBuild project uses the aws cloudformation package AWS CLI command to buildan artifact that contains the Lambda function code’s .zip file and the CloudFormationtemplate. The CloudFormation deploy action references the CloudFormation template fromthe output artifact of the CodeBuild project’s build action.The company wants to also deploy the Lambda application to the us-east-1 Region byusing the pipeline in eu-west-1. A DevOps engineer has already updated the CodeBuildproject to use the aws cloudformation package command to produce an additional outputartifact for us-east-1.Which combination of additional steps should the DevOps engineer take to meet theserequirements? (Choose two.)

A. Modify the CloudFormation template to include a parameter for the Lambda functioncode’s zip file location. Create a new CloudFormation deploy action for us-east-1 in thepipeline. Configure the new deploy action to pass in the us-east-1 artifact location as aparameter override.
B. Create a new CloudFormation deploy action for us-east-1 in the pipeline. Configure thenew deploy action to use the CloudFormation template from the us-east-1 output artifact
C. Create an S3 bucket in us-east-1. Configure the S3 bucket policy to allow CodePipelineto have read and write access. 
D. Create an S3 bucket in us-east-1. Configure S3 Cross-Region Replication (CRR) fromthe S3 bucket in eu-west-1 to the S3 bucket in us-east-1. 
E. Modify the pipeline to include the S3 bucket for us-east-1 as an artifact store. Create anew CloudFormation deploy action for us-east-1 in the pipeline. Configure the new deployaction to use the CloudFormation template from the us-east-1 output artifact.



Question # 16

A company in a highly regulated industry is building an artifact by using AWS CodeBuildand AWS CodePipeline. The company must connect to an external authenticated APIduring the building process.The company's DevOps engineer needs to encrypt the build outputs by using an AWS KeyManagement Service (AWS KMS) key. The external API credentials must be reset eachmonth. The DevOps engineer has created a new key in AWS KMS.Which solution will meet these requirements?

A. Store the API credentials in AWS Systems Manager Parameter Store. Update the keypolicy for the CodeBuild IAM service role to have access to the KMS key. SetCODEBUILD_KMS_KEY_ID as the new key ID. 
B. Store the API credentials in AWS Systems Manager Parameter Store. Update the keypolicy for the CodePipeline IAM service role to have access to the KMS key. Add the key tothe pipeline
C. Store the API credentials in AWS Secrets Manager. Update the key policy for theCodeBuild IAM service role to have access to the KMS key. SetCODEBUILD_KMS_KEY_ID as the new key ID. 
D. Store the API credentials in AWS Secrets Manager. Update the key policy for theCodePipeline IAM service role to have access to the KMS key. Add the key to the pipeline. 



Question # 17

A company is refactoring applications to use AWS. The company identifies an internal webapplication that needs to make Amazon S3 API calls in a specific AWS account.The company wants to use its existing identity provider (IdP) auth.company.com forauthentication. The IdP supports only OpenID Connect (OIDC). A DevOps engineer needsto secure the web application's access to the AWS account.Which combination of steps will meet these requirements? (Select THREE.)

A. Configure AWS 1AM Identity Center. Configure an IdP. Upload the IdP metadata fromthe existing IdP.
B. Create an 1AM IdP by using the provider URL, audience, and signature from theexisting IdP. 
C. Create an 1AM role that has a policy that allows the necessary S3 actions. Configurethe role's trust policy to allow the OIDC IdP to assume the role if the sts.amazon.conraudcontext key is appid from idp.
D. Create an 1AM role that has a policy that allows the necessary S3 actions. Configurethe role's trust policy to allow the OIDC IdP to assume the role if theauth.company.com:aud context key is appid_from_idp. 
E. Configure the web application lo use the AssumeRoleWith Web Identity API operation toretrieve temporary credentials. Use the temporary credentials to make the S3 API calls. 
F. Configure the web application to use the GetFederationToken API operation to retrievetemporary credentials Use the temporary credentials to make the S3 API calls. 



Question # 18

A DevOps team supports an application that sends many requests through multipleexternal systems. The application runs on many Amazon EC2 instances in an Auto Scalinggroup. The application stages requests to the external systems in Amazon Simple QueueService (Amazon SQS) queues. The application emits logs to Amazon CloudWatch Logs.The DevOps team wants to notify an Amazon Simple Notification Service (Amazon SNS)topic when there are 10 or more errors during a 5-minute period for requests to the externalsystems.Which solution will meet these requirements with the LEAST operational overhead?

A. Configure an Amazon CloudWatch metric filter on the application log group that uses aregular expression to match external requests that result in errors. Use the CloudWatchmetric to publish a custom metric. Configure a CloudWatch alarm to alert an SNS topicwhen there are more than 10 errors during a 5-minute period
B. Publish a custom metric for requests to the external systems that result in errors.Configure an Amazon CloudWatch alarm to invoke an AWS Lambda function when thereare more than 10 errors during a 5-minute period. Configure the Lambda function to notifyan SNS topic
C. Use Amazon CloudWatch anomaly detection on the log group. Use a filter pattern ofERROR with an evaluation frequency of 5 minutes. Configure a CloudWatch alarm for theLogAnomalyPriority dimension to breach on a static threshold of 10. Configure the alarm tonotify an SNS topic. 
D. Configure an Amazon CloudWatch subscription filter to send data to an AWS Lambdafunction. Configure the Lambda function to parse the log entries and publish a custommetric for failed requests to the external systems. Configure a CloudWatch alarm to notifyan SNS topic when there are more than 10 errors during a 5-minute period. 



Question # 19

A company is building a web application on AWS. The application uses AWSCodeConnections to access a Git repository. The company sets up a pipeline in AWSCodePipeline that automatically builds and deploys the application to a stagingenvironment when the company pushes code to the main branch. Bugs and integrationissues sometimes occur in the main branch because there is no automated testingintegrated into the pipeline.The company wants to automatically run tests when code merges occur in the Gitrepository and to prevent deployments from reaching the staging environment if any testfails. Tests can run up to 20 minutes. Which solution will meet these requirements?

A. Add an AWS CodeBuild action to the pipeline. Add a buildspec.yml file to the Gitrepository to define commands to run tests. Configure the pipeline to stop the deployment ifa test fails. 
B. Configure Git webhooks to initiate an AWS Lambda function during each code merge.Configure the Lambda function to run tests programmatically and to stop the pipeline if atest fails
C. Configure AWS Batch to use Docker images of test environments. Integrate AWS Batchinto the pipeline. Add an AWS Lambda function to the pipeline that submits the batch jobsand reverts the code merge if a test fails. 
D. Configure the Git repository to push code to an Amazon S3 bucket during each codemerge. Use S3 Event Notifications to initiate tests and to revert the code merge if a testfails. 



Question # 20

 company uses an organization in AWS Organizations to manage multiple AWS accountsin multiple OUs. The company is planning to implement a comprehensive accountmanagement solution and wants to ensure consistent baseline configurations.A DevOps engineer is developing a solution to automatically deploy AWS CloudFormationtemplates to new AWS accounts. The specific CloudFormation template that the solutiondeploys must vary based on which organizational unit (OU) each new account is placed in.Which solution will meet these requirements with the LEAST operational overhead?

A. Enable AWS Control Tower. Use Customizations for AWS Control Tower (CfCT) to deploy each CloudFormation template from a centralized account. Create a GitHub repository to store the entire configuration package, including the CloudFormation templates and a manifest file that maps each CloudFormation template to its corresponding OU.
B. Enable AWS Control Tower. Build a pipeline in AWS CodePipeline to deploy theCloudFormation deployment from a centralized account. Create a GitHub repository tostore the entire configuration package, including the CloudFormation templates and amanifest file that maps each CloudFormation template to its corresponding OU. After thecode is updated in GitHub, initiate the pipeline and deploy the CloudFormation templates tothe new AWS accounts
C. Store the CloudFormation templates in an Amazon S3 bucket by using a separate prefixfor each AWS account. Create an AWS Lambda function that deploys a specificCloudFormation template to each new AWS account based on the prefix path that indicateswhere each template is located in the S3 bucket. 
D. Store CloudFormation templates in an Amazon S3 bucket. Create an AWS Lambdafunction that deploys a specific CloudFormation template to the new AWS accounts basedon the OU each new account is in. Create an Amazon EventBridge rule that matches"eventName": "CreateAccountResult" and "state": "SUCCEEDED." Set the Lambdafunction as the target of the EventBridge rule. 



Question # 21

A DevOps team is merging code revisions for an application that uses an Amazon RDSMulti-AZ DB cluster for its production database. The DevOps team uses continuousintegration to periodically verify that the application works. The DevOps team needs to testthe changes before the changes are deployed to the production database.Which solution will meet these requirements'?

A. Use a buildspec file in AWS CodeBuild to restore the DB cluster from a snapshot of theproduction database run integration tests, and drop the restored database after verification. 
B. Deploy the application to production. Configure an audit log of data control language(DCL) operations to capture database activities to perform if verification fails. 
C. Create a snapshot of the DB duster before deploying the application Use the Updaterequires Replacement property on the DB instance in AWS CloudFormation to deploy theapplication and apply the changes.
D. Ensure that the DB cluster is a Multi-AZ deployment. Deploy the application with theupdates. Fail over to the standby instance if verification fails. 



Question # 22

A DevOps engineer needs to design a cloud-based solution to standardize deploymentartifacts for AWS Cloud deployments and on-premises deployments. There is currently norouting traffic between the on-premises data center and the AWS environment.The solution must be able to consume downstream packages from public repositories andmust be highly available. Data must be encrypted in transit and at rest. The solution muststore the deployment artifacts in object storage and deploy the deployment artifacts intoAmazon Elastic Container Service (Amazon ECS). The deployment artifacts must beencrypted in transit if the deployment artifacts travel across the public internet.The DevOps engineer needs to deploy this solution in less than two weeks.Which solution will meet these requirements?

A. Use a third-party software VPN appliance to connect the on-premises data center andAWS. Use AWS CodeArtifact to store the deployment artifacts.
B. Use an AWS Direct Connect connection and a VPN connection to connect the onpremises data center to AWS. Deploy third-party artifact management software on AmazonEC2 instances. 
C. Use two AWS VPN connections to connect the on-premises data center to AWS. UseAWS CodeArtifact to store the deployment artifacts. 
D. Use parallel AWS Direct Connect connections to connect the on-premises data center toAWS. Deploy third-party artifact management software on Amazon EC2 instances