Free Amazon DOP-C02 Exam Questions

Question 1

A company has a web application that is hosted on Amazon EC2 instances. The company is deploying the application into multiple AWS Regions. The application consists of dynamic content such as WebSocket-based real-time product updates. The company uses Amazon Route 53 to manage all DNS records. Which solution will provide multi-Region access to the application with the LEAST latency?

A : Deploy an Application Load Balancer (ALB) in front of the EC2 instances in each Region. Create a Route 53 A record with a latency-based routing policy. Add IP addresses of the ALBs as the value of the record.

B : Deploy an Application Load Balancer (ALB) in front of the EC2 instances in each Region. Deploy an Amazon CloudFront distribution with an origin group that contains the ALBs as origins. Create a Route 53 alias record that points to the CloudFront distribution's DNS address.

C : Deploy a Network Load Balancer (NLB) in front of the EC2 instances in each Region. Create a Route 53 A record with a multivalue answer routing policy. Add IP addresses of the NLBs as the value of the record.

D : Deploy a Network Load Balancer (NLB) in front of the EC2 instances in each Region. Deploy an AWS Global Accelerator standard accelerator with an endpoint group for each NLB. Create a Route 53 alias record that points to the accelerator's DNS address.

Answer: A

Question 2

A PHP web application is uploaded to the AWS Elastic Beanstalk of the company's development account to automatically handle the deployment, capacity provisioning, load balancing, auto-scaling, and application health monitoring. Amazon RDS is used as the database, and it is tightly coupled to the Elastic Beanstalk environment. A DevOps Engineer noticed that if you terminate the environment, its database goes down as well. This issue prevents you from performing seamless updates with blue-green deployments. Moreover, this poses a critical security risk if the company decides to deploy the application in its production environment.

How can the DevOps Engineer decouple the database instance from the environment with the LEAST amount of data loss?

A : couple the Amazon RDS instance from your Elastic Beanstalk environment using a blue/green deployment strategy. Enable deletion protection and take an RDS DB snapshot of the database. Set up a new Elastic Beanstalk environment with the necessary information to connect to the Amazon RDS instance and delete the old environment.

B : couple the Amazon RDS instance from your Elastic Beanstalk environment using the blue/green deployment strategy to decouple. Take an RDS DB snapshot of the database and enable deletion protection. Set up a new Elastic Beanstalk environment with the necessary information to connect to the Amazon RDS instance. Before terminating the old Elastic Beanstalk environment, remove its security group rule first before proceeding.

C : couple the Amazon RDS instance from your Elastic Beanstalk environment using the Canary deployment strategy. Take an RDS DB snapshot of the database and enable deletion protection. Set up a new Elastic Beanstalk environment with the necessary information to connect to the Amazon RDS instance and delete the old environment.

D : couple the Amazon RDS instance from your Elastic Beanstalk environment using the Canary deployment strategy. Take an RDS DB snapshot of the database and then set up a new Elastic Beanstalk environment with the necessary information to connect to the Amazon RDS instance.

Answer: B

Question 3

A company uses AWS CodeCommit for source code control. Developers apply their changes to various feature branches and create pull requests to move those changes to the main branch when the changes are ready for production.

The developers should not be able to push changes directly to the main branch. The company applied the AWSCodeCommitPowerUser managed policy to the developers’ IAM role, and now these developers can push changes to the main branch directly on every repository in the AWS account.

What should the company do to restrict the developers’ ability to push changes to the main branch directly?

A : eate an additional policy to include a Deny rule for the GitPush and PutFile actions. Include a restriction for the specific repositories in the policy statement with a condition that references the main branch.

B : move the IAM policy, and add an AWSCodeCommitReadOnly managed policy. Add an Allow rule for the GitPush and PutFile actions for the specific repositories in the policy statement with a condition that references the main branch.

C : dify the IAM policy. Include a Deny rule for the GitPush and PutFile actions for the specific repositories in the policy statement with a condition that references the main branch.

D : eate an additional policy to include an Allow rule for the GitPush and PutFile actions. Include a restriction for the specific repositories in the policy statement with a condition that references the feature branches.

Answer: A

Question 4

A company is re-architecting its monolithic system to a serverless application in AWS to save on cost. The deployment of the succeeding new version of the application must be initially rolled out to a small number of users first for testing before the full release. If the post-hook tests fail, there should be an easy way to roll back the deployment. The DevOps Engineer was assigned to design an efficient deployment setup that mitigates any unnecessary outage that impacts their production environment.

As a DevOps Engineer, how should you satisfy this requirement? (Select TWO.)

A : Create a new record in Route 53 with a Failover routing policy. Configure the primary record to route 20% of incoming traffic to the new version and set the secondary record to route the rest of the traffic to the current version. Once the new version stabilizes, update the primary record to route all traffic to the new version.

B : Launch an Application Load Balancer with an Amazon API Gateway private integration. Attach a single target group to the load balancer and select the 'Canary' routing option which will automatically route incoming traffic to the new version.

C : Launch a Network Load Balancer with an Amazon API Gateway private integration. Attach two target groups to the load balancer. Configure the first target group with the current version and the second target group with the new version. Configure the load balancer to route 20% of the incoming traffic to the new version and once it becomes stable, detach the first target group from the load balancer.

D : t up a canary deployment in Amazon API Gateway that routes 20% of the incoming traffic to the canary release. Promote the canary release to production once the initial tests have passed.

E : t up one AWS Lambda Function Alias that points to both the current and new versions. Route 20% of incoming traffic to the new version and once it is considered stable, update the alias to route all traffic to the new version.

Answer: A,D

Question 5

A company is developing a web application that runs on Amazon EC2 Linux instances. The application requires monitoring of custom performance metrics. The company must collect metrics for API response times and database query latency across multiple instances. Which solution will generate the custom metrics with the LEAST operational overhead?

A : Install the Amazon CloudWatch agent on the instances. Configure the agent to collect the custom metrics. Instrument the application to send the metrics to the agent.

B : Use Amazon Managed Service for Prometheus to scrape the custom metrics from the application. Use the Amazon CloudWatch agent to forward the metrics to CloudWatch.

C : Create a custom AWS Lambda function that polls the application endpoints and database at regular intervals. Program the Lambda function to calculate the custom metrics and to send the metrics to Amazon CloudWatch by using PutMetricData API calls.

D : Implement custom logging in the application code to record the custom metrics. Use Amazon CloudWatch Logs Insights to extract and analyze the metrics.

Answer: A