Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Amazon
  3. AWS DevOps Engineer Professional

Amazon AWS DevOps Engineer Professional Exam (page: 4)
Amazon AWS DevOps Engineer - Professional (DOP-C01)
Updated on: 09-Feb-2026

Viewing Page 4 of 27
AWS DevOps Engineer Professional PDF 208 Questions

A development team is using AWS CodeCommit to version control application code and AWS CodePipeline to orchestrate software deployments. The team has decided to use a remote master branch as the trigger for the pipeline to integrate code changes. A developer has pushed code changes to the CodeCommit repository, but noticed that the pipeline had no reaction, even after 10 minutes.
Which of the following actions should be taken to troubleshoot this issue?

  1. Check that an Amazon CloudWatch Events rule has been created for the master branch to trigger the pipeline.
  2. Check that the CodePipeline service role has permission to access the CodeCommit repository.
  3. Check that the developer's IAM role has permission to push to the CodeCommit repository.
  4. Check to see if the pipeline failed to start because of CodeCommit errors in Amazon CloudWatch Logs.

Answer(s): A



A DevOps engineer is deploying a new version of a company's application in an AWS CodeDeploy deployment group associated with its Amazon EC2 instances.
After some time, the deployment fails. The engineer realizes that all the events associated with the speci c deployment ID are in a Skipped status, and code was not deployed in the instances associated with the deployment group.
What are valid reasons for this failure? (Choose two.)

  1. The networking con guration does not allow the EC2 instances to reach the internet via a NAT gateway or internet gateway, and the CodeDeploy endpoint cannot be reached.
  2. The IAM user who triggered the application deployment does not have permission to interact with the CodeDeploy endpoint.
  3. The target EC2 instances were not properly registered with the CodeDeploy endpoint.
  4. An instance pro le with proper permissions was not attached to the target EC2 instances.
  5. The appspec.yml le was not included in the application revision.

Answer(s): A,D



A company has an application that is using a MySQL-compatible Amazon Aurora Multi-AZ DB cluster as the database. A cross-Region read replica has been created for disaster recovery purposes. A DevOps engineer wants to automate the promotion of the replica so it becomes the primary database instance in the event of a failure.
Which solution will accomplish this?

  1. Con gure a latency-based Amazon Route 53 CNAME with health checks so it points to both the primary and replica endpoints. Subscribe an Amazon SNS topic to Amazon RDS failure noti cations from AWS CloudTrail and use that topic to trigger an AWS Lambda function that will promote the replica instance as the master.
  2. Create an Aurora custom endpoint to point to the primary database instance. Con gure the application to use this endpoint. Con gure AWS CloudTrail to run an AWS Lambda function to promote the replica instance and modify the custom endpoint to point to the newly promoted instance.
  3. Create an AWS Lambda function to modify the application's AWS Cloud Formation template to promote the replica, apply the template to update the stack, and point the application to the newly promoted instance. Create an Amazon CloudWatch alarm to trigger this Lambda function after the failure event occurs.
  4. Store the Aurora endpoint in AWS Systems Manager Parameter Store. Create an Amazon EventBridge (Amazon CloudWatch Events) event that defects the database failure and runs an AWS Lambda function to promote the replica instance and update the endpoint URL stored in AWS Systems Manager Parameter Store. Code the application to reload the endpoint from Parameter Store if a database connection fails.

Answer(s): D



An application has microservices spread across different AWS accounts and is integrated with an on-premises legacy system for some of its functionality.
Because of the segmented architecture and missing logs, every time the application experiences issues, it is taking too long to gather the logs to identify the issues. A DevOps Engineer must x the log aggregation process and provide a way to centrally analyze the logs.
Which is the MOST e cient and cost-effective solution?

  1. Collect system logs and application logs by using the Amazon CloudWatch Logs agent. Use the Amazon S3 API to export on-premises logs, and store the logs in an S3 bucket in a central account. Build an Amazon EMR cluster to reduce the logs and derive the root cause.
  2. Collect system logs and application logs by using the Amazon CloudWatch Logs agent. Use the Amazon S3 API to import on-premises logs.
    Store all logs in S3 buckets in individual accounts. Use Amazon Macie to write a query to search for the required speci c event-related data point.
  3. Collect system logs and application logs using the Amazon CloudWatch Logs agent. Install the CloudWatch Logs agent on the on-premises servers. Transfer all logs from AWS to the on-premises data center. Use an Amazon Elasticsearch Logstash Kibana stack to analyze logs on premises.
  4. Collect system logs and application logs by using the Amazon CloudWatch Logs agent. Install a CloudWatch Logs agent for on-premises resources. Store all logs in an S3 bucket in a central account. Set up an Amazon S3 trigger and an AWS Lambda function to analyze incoming logs and automatically identify anomalies. Use Amazon Athena to run ad hoc queries on the logs in the central account.

Answer(s): D



A company's DevOps engineer is working in a multi-account environment. The company uses AWS Transit Gateway to route all outbound tra c through a network operations account. In the network operations account, all account tra c passes through a rewall appliance for inspection before the tra c goes to an internet gateway.
The rewall appliance sends logs to Amazon CloudWatch Logs and includes event severities of CRITICAL, HIGH, MEDIUM, LOW, and INFO. The security team wants to receive an alert if any CRITICAL events occur.
What should the DevOps engineer do to meet these requirements?

  1. Create an Amazon CloudWatch Synthetics canary to monitor the rewall state. If the rewall reaches a CRITICAL state or logs a CRITICAL event, use a CloudWatch alarm to publish a noti cation to an Amazon Simple Noti cation Service (Amazon SNS) topic. Subscribe the security team's email address to the topic.
  2. Create an Amazon CloudWatch mettic lter by using a search for CRITICAL events. Publish a custom metric for the nding. Use a CloudWatch alarm based on the custom metric to publish a noti cation to an Amazon Simple Noti cation Service (Amazon SNS) topic.
    Subscribe the security team's email address to the topic.
  3. Enable Amazon GuardDuty in the network operations account. Con gure GuardDuty to monitor ow logs. Create an Amazon EventBridge (Amazon CloudWatch Events) event rule that is invoked by GuardDuty events that are CRITICAL. De ne an Amazon Simple Noti cation Service (Amazon SNS) topic as a target. Subscribe the security team's email address to the topic.
  4. Use AWS Firewall Manager to apply consistent policies across all accounts. Create an Amazon EventBridge (Amazon CloudWatch Events) event rule that is invoked by Firewall Manager events that are CRITICAL. De ne an Amazon Simple Noti cation Service (Amazon SNS) topic as a target. Subscribe the security team's email address to the topic.

Answer(s): B


Reference:

https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_ ndings_cloudwatch.html



A company recently migrated its legacy application from on-premises to AWS. The application is hosted on Amazon EC2 instances behind an Application Load
Balancer, which is behind Amazon API Gateway. The company wants to ensure users experience minimal disruptions during any deployment of a new version of the application. The company also wants to ensure it can quickly roll back updates if there is an issue. Which solution will meet these requirements with MINIMAL changes to the application?

  1. Introduce changes as a separate environment parallel to the existing one. Con gure API Gateway to use a canary release deployment to send a small subset of user tra c to the new environment.
  2. Introduce changes as a separate environment parallel to the existing one. Update the application's DNS alias records to point to the new environment.
  3. Introduce changes as a separate target group behind the existing Application Load Balancer. Con gure API Gateway to route user tra c to the new target group in steps.
  4. Introduce changes as a separate target group behind the existing Application Load Balancer. Con gure API Gateway to route all tra c to the Application Load Balancer, which then sends the tra c to the new target group.

Answer(s): A



A company recently launched an application that is more popular than expected. The company wants to ensure the application can scale to meet increasing demands and provide reliability using multiple Availability Zones (AZs). The application runs on a eet of Amazon EC2 instances behind an Application Load
Balancer (ALB). A DevOps engineer has created an Auto Scaling group across multiple AZs for the application. Instances launched in the newly added AZs are not receiving any tra c for the application.
What is likely causing this issue?

  1. Auto Scaling groups can create new instances in a single AZ only.
  2. The EC2 instances have not been manually associated to the AL
  3. The ALB should be replaced with a Network Load Balancer (NLB).
  4. The new AZ has not been added to the ALB.

Answer(s): D



A DevOps Engineer manages a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an EC2
Auto Scaling group across multiple Availability Zones. The engineer needs to implement a deployment strategy that:
Launches a second eet of instances with the same capacity as the original eet.
Maintains the original eet unchanged while the second eet is launched.
Transitions tra c to the second eet when the second eet is fully deployed.
Terminates the original eet automatically 1 hour after transition.
Which solution will satisfy these requirements?

  1. Use an AWS CloudFormation template with a retention policy for the ALB set to 1 hour. Update the Amazon Route 53 record to re ect the new ALB.
  2. Use two AWS Elastic Beanstalk environments to perform a blue/green deployment from the original environment to the new one. Create an application version lifecycle policy to terminate the original environment in 1 hour.
  3. Use AWS CodeDeploy with a deployment group con gured with a blue/green deployment con guration. Select the option Terminate the original instances in the deployment group with a waiting period of 1 hour.
  4. Use AWS Elastic Beanstalk with the con guration set to Immutable. Create an .ebextension using the Resources key that sets the deletion policy of the ALB to 1 hour, and deploy the application.

Answer(s): D



Viewing Page 4 of 27



Share your comments for Amazon AWS DevOps Engineer Professional exam with other users:

Swathi 6/4/2023 2:18:00 PM

content is good
Anonymous


Leo 7/29/2023 8:45:00 AM

latest dumps please
INDIA


Laolu 2/15/2023 11:04:00 PM

aside from pdf the test engine software is helpful. the interface is user-friendly and intuitive, making it easy to navigate and find the questions.
UNITED STATES


Zaynik 9/17/2023 5:36:00 AM

questions and options are correct, but the answers are wrong sometimes. so please check twice or refer some other platform for the right answer
Anonymous


Massam 6/11/2022 5:55:00 PM

90% of questions was there but i failed the exam, i marked the answers as per the guide but looks like they are not accurate , if not i would have passed the exam given that i saw about 45 of 50 questions from dump
Anonymous


Anonymous 12/27/2023 12:47:00 AM

answer to this question "what administrative safeguards should be implemented to protect the collected data while in use by manasa and her product management team? " it should be (c) for the following reasons: this administrative safeguard involves controlling access to collected data by ensuring that only individuals who need the data for their job responsibilities have access to it. this helps minimize the risk of unauthorized access and potential misuse of sensitive information. while other options such as (a) documenting data flows and (b) conducting a privacy impact assessment (pia) are important steps in data protection, implementing a "need to know" access policy directly addresses the issue of protecting data while in use by limiting access to those who require it for legitimate purposes. (d) is not directly related to safeguarding data during use; it focuses on data transfers and location.
INDIA


Japles 5/23/2023 9:46:00 PM

password lockout being the correct answer for question 37 does not make sense. it should be geofencing.
Anonymous


Faritha 8/10/2023 6:00:00 PM

for question 4, the righr answer is :recover automatically from failures
UNITED STATES


Anonymous 9/14/2023 4:27:00 AM

question number 4s answer is 3, option c. i
UNITED STATES


p das 12/7/2023 11:41:00 PM

very good questions
UNITED STATES


Anna 1/5/2024 1:12:00 AM

i am confused about the answers to the questions. are the answers correct?
KOREA REPUBLIC OF


Bhavya 9/13/2023 10:15:00 AM

very usefull
Anonymous


Rahul Kumar 8/31/2023 12:30:00 PM

need certification.
CANADA


Diran Ole 9/17/2023 5:15:00 PM

great exam prep
CANADA


Venkata Subbarao Bandaru 6/24/2023 8:45:00 AM

i require dump
Anonymous


D 7/15/2023 1:38:00 AM

good morning, could you please upload this exam again,
Anonymous


Ann 9/15/2023 5:39:00 PM

hi can you please upload the dumps for sap contingent module. thanks
AUSTRALIA


Sridhar 1/16/2024 9:19:00 PM

good questions
Anonymous


Summer 10/4/2023 9:57:00 PM

looking forward to the real exam
Anonymous


vv 12/2/2023 2:45:00 PM

good ones for exam preparation
UNITED STATES


Danny Zas 9/15/2023 4:45:00 AM

this is a good experience
UNITED STATES


SM 1211 10/12/2023 10:06:00 PM

hi everyone
UNITED STATES


A 10/2/2023 6:08:00 PM

waiting for the dump. please upload.
UNITED STATES


Anonymous 7/16/2023 11:05:00 AM

upload cks exam questions
Anonymous


Johan 12/13/2023 8:16:00 AM

awesome training material
NETHERLANDS


PC 7/28/2023 3:49:00 PM

where is dump
Anonymous


YoloStar Yoloing 10/22/2023 9:58:00 PM

q. 289 - the correct answer should be b not d, since the question asks for the most secure way to provide access to a s3 bucket (a single one), and by principle of the least privilege you should not be giving access to all buckets.
Anonymous


Zelalem Nega 5/14/2023 12:45:00 PM

please i need if possible h12-831,
UNITED KINGDOM


unknown-R 11/23/2023 7:36:00 AM

good collection of questions and solution for pl500 certification
UNITED STATES


Swaminathan 5/11/2023 9:59:00 AM

i would like to appear the exam.
Anonymous


Veenu 10/24/2023 6:26:00 AM

i am very happy as i cleared my comptia a+ 220-1101 exam. i studied from as it has all exam dumps and mock tests available. i got 91% on the test.
Anonymous


Karan 5/17/2023 4:26:00 AM

need this dump
Anonymous


Ramesh Kutumbaka 12/30/2023 11:17:00 PM

its really good to eventuate knowledge before appearing for the actual exam.
Anonymous


anonymous 7/20/2023 10:31:00 PM

this is great
CANADA