Amazon AWS

AWS Certified DevOps Engineer – Professional

DOP-C02
Popular

The AWS Certified DevOps Engineer – Professional (DOP-C02) exam validates your skills in automating the testing and deployment of AWS applications. It is ideal for those looking to advance their DevOps career.

483 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 301–310 of 483

Q301

Which AWS service is best for automating application deployments?

  • A AWS CodeDeploy
  • B AWS S3
  • C AWS EC2
  • D AWS Lambda
Explanation AWS CodeDeploy specifically automates application deployments, while others do not focus on this area.
Q302

A company needs to ensure that their EC2 instances automatically recover from hardware failures. What should they configure?

  • A Elastic Load Balancer
  • B CloudWatch Alarms
  • C Auto Scaling Group
  • D Elastic IPs
Explanation An Auto Scaling Group can automatically replace unhealthy instances, ensuring fault tolerance.
Q303

What happens when an IAM user is assigned an explicit deny permission?

  • A Access is granted immediately
  • B Access depends on resource policy
  • C Access is denied regardless of other permissions
  • D Access is granted only to certain resources
Explanation Explicit deny takes precedence over allow policies in IAM, blocking access entirely.
Q304

Which service allows you to automate deployment pipelines?

  • A AWS CodePipeline
  • B AWS Lambda
  • C AWS SNS
  • D AWS S3
Explanation AWS CodePipeline automates deployment; others do not.
Q305

A company needs to securely access S3 from Lambda. What should they use?

  • A Instance Profile
  • B KMS Key
  • C IAM Role
  • D Lambda Function URL
Explanation IAM Role provides security permissions for Lambda; others do not.
Q306

What happens when you disable a key in AWS KMS?

  • A Key is permanently deleted
  • B Key cannot be used for encryption
  • C Key still allows decryption
  • D Key is archived
Explanation Disabling a key stops encryption, but decryption remains allowed.
Q307

Which AWS service allows you to create isolated network environments?

  • A Amazon VPC
  • B AWS Lambda
  • C Amazon S3
  • D AWS CloudFormation
Explanation Amazon VPC is designed for isolating networks, while others are for computing, storage, or configuration.
Q308

A company needs to ensure their CloudFormation stacks are always up to date. What is the best practice?

  • A Use change sets before updates
  • B Delete and recreate stacks
  • C Manually check for updates
  • D Update all resources independently
Explanation Using change sets helps preview changes before deployment, avoiding issues that arise from automatic updates.
Q309

You are configuring IAM roles for a Lambda function. What is the effect of granting an 'Allow' permission to 's3:ListBucket' on all resources?

  • A Grants access to read S3
  • B Grants access to delete S3
  • C Grants access to list objects
  • D No permission granted
Explanation 's3:ListBucket' allows listing objects in an S3 bucket, while reading or deleting involves different permissions.
Q310

Which service provides temporary credentials for AWS resources?

  • A AWS STS
  • B AWS IAM
  • C AWS Lambda
  • D AWS CloudTrail
Explanation AWS STS issues temporary credentials; IAM provides long-term credentials.