AWS Certified DevOps Engineer – Professional (DOP-C02) exam
Sample Questions and Answers
Which AWS service is best suited for automating the build and test phases of a CI/CD pipeline?
A. AWS CodeDeploy
B. AWS CodePipeline
C. AWS CodeBuild
D. AWS CloudFormation
Answer: C. AWS CodeBuild
Explanation: CodeBuild compiles source code, runs tests, and produces software packages that are ready to deploy, making it ideal for the build and test stages.
You want to perform blue/green deployments for an application hosted on EC2. Which service helps manage this easily?
A. AWS OpsWorks
B. AWS CloudFormation
C. AWS CodeDeploy
D. AWS Elastic Beanstalk
Answer: C. AWS CodeDeploy
Explanation: CodeDeploy supports blue/green deployments by shifting traffic between two environments with minimal downtime.
Which AWS service allows you to define infrastructure using code?
A. AWS Lambda
B. AWS CloudFormation
C. AWS CodePipeline
D. AWS X-Ray
Answer: B. AWS CloudFormation
Explanation: CloudFormation allows you to model and provision AWS resources using templates in JSON or YAML.
What AWS service helps in collecting and visualizing logs from multiple sources like EC2, Lambda, and on-premises servers?
A. AWS CloudTrail
B. AWS CloudWatch Logs
C. AWS X-Ray
D. AWS Trusted Advisor
Answer: B. AWS CloudWatch Logs
Explanation: CloudWatch Logs can aggregate and display logs from various AWS and on-prem sources.
Your CI/CD workflow fails frequently due to inconsistent application environments. What should you implement?
A. Manual configuration of EC2 instances
B. AWS Elastic Beanstalk
C. Infrastructure as Code
D. Instance snapshots
Answer: C. Infrastructure as Code
Explanation: IaC ensures consistency and repeatability by defining environments in code.
What is the default deployment type in AWS CodeDeploy for EC2 instances?
A. All-at-once
B. Rolling update
C. Blue/Green
D. Canary
Answer: A. All-at-once
Explanation: The default deployment type in CodeDeploy is “All-at-once,” where all instances are updated simultaneously.
Which AWS service helps trace user requests as they travel through various AWS services and microservices?
A. AWS CloudTrail
B. AWS Config
C. AWS X-Ray
D. AWS Trusted Advisor
Answer: C. AWS X-Ray
Explanation: X-Ray helps in debugging and analyzing distributed applications by tracing requests.
What’s a recommended way to manage secrets in a DevOps pipeline on AWS?
A. Store in EC2 instance variables
B. Store in environment variables
C. Use AWS Secrets Manager
D. Store in S3 with encryption
Answer: C. Use AWS Secrets Manager
Explanation: AWS Secrets Manager securely stores, rotates, and manages access to secrets.
Which AWS service is primarily used for application performance monitoring and alarms?
A. AWS CloudWatch
B. AWS Config
C. AWS CloudTrail
D. AWS Systems Manager
Answer: A. AWS CloudWatch
Explanation: CloudWatch monitors resource and application performance, collects metrics, and creates alarms.
You need to automatically roll back a deployment if it fails. Which CodeDeploy feature enables this?
A. Blue/Green switch
B. Rollback configuration
C. Lifecycle hooks
D. Deployment scripts
Answer: B. Rollback configuration
Explanation: You can configure AWS CodeDeploy to automatically rollback a deployment if it fails.
How can you reduce downtime during deployments using AWS CodeDeploy?
A. Use all-at-once strategy
B. Use rollback on every deployment
C. Use Blue/Green deployments
D. Use Elastic Beanstalk
Answer: C. Use Blue/Green deployments
Explanation: Blue/Green deployments reduce downtime and risk by using two separate environments.
What AWS service enables secure shell access to EC2 instances without needing SSH keys?
A. EC2 Instance Connect
B. AWS Systems Manager Session Manager
C. AWS CloudShell
D. AWS IAM
Answer: B. AWS Systems Manager Session Manager
Explanation: Session Manager allows secure shell access without opening inbound ports or managing SSH keys.
Which command line tool is used to interact with AWS CodeCommit repositories?
A. Git
B. AWS CLI
C. CodeDeploy Agent
D. CloudFormation CLI
Answer: A. Git
Explanation: AWS CodeCommit supports Git, making Git commands applicable to manage repositories.
Which AWS service enables configuration compliance auditing and resource tracking?
A. AWS CloudTrail
B. AWS X-Ray
C. AWS Config
D. AWS Lambda
Answer: C. AWS Config
Explanation: AWS Config helps track resource configurations and compliance against desired states.
What is a benefit of using Amazon EC2 Auto Scaling?
A., Continuous delivery
B. Auto-patching
C. Dynamic load balancing
D. Automated capacity management
Answer: D. Automated capacity management
Explanation: Auto Scaling adjusts capacity based on load, helping manage application availability and cost.
Which CI/CD service can define the entire pipeline including source, build, test, and deploy stages?
A. AWS CodeDeploy
B. AWS CodePipeline
C. AWS CodeCommit
D. AWS Lambda
Answer: B. AWS CodePipeline
Explanation: CodePipeline automates the end-to-end release process using connected stages.
You are using AWS Lambda and want to automate deployment. Which tool is best for this?
A. CodeBuild
B. SAM (Serverless Application Model)
C. EC2 Autoscaling
D. CloudFormation only
Answer: B. SAM (Serverless Application Model)
Explanation: AWS SAM simplifies serverless app deployments using templates and CLI tooling.
What feature of CloudWatch enables you to perform auto-scaling actions based on metrics?
A. Logs
B. Events
C. Dashboards
D. Alarms
Answer: D. Alarms
Explanation: CloudWatch Alarms monitor metrics and can trigger auto-scaling or notifications.
Which AWS service can run Chef or Puppet configurations?
A. AWS Lambda
B. AWS Systems Manager
C. AWS OpsWorks
D. AWS Config
Answer: C. AWS OpsWorks
Explanation: OpsWorks supports configuration management using Chef and Puppet.
How can you prevent unauthorized changes to CloudFormation stacks?
A. Use IAM roles
B. Enable stack termination protection
C. Encrypt all stack outputs
D. Monitor with X-Ray
Answer: B. Enable stack termination protection
Explanation: Termination protection helps prevent accidental or unauthorized deletion.
Which service is essential for managing container orchestration in a DevOps pipeline?
A. AWS ECS
B. AWS CloudWatch
C. AWS Config
D. AWS RDS
Answer: A. AWS ECS
Explanation: ECS (Elastic Container Service) handles container orchestration in DevOps environments.
Which CodeDeploy lifecycle event occurs before files are copied to the instance?
A. ApplicationStart
B. BeforeInstall
C. AfterInstall
D. ValidateService
Answer: B. BeforeInstall
Explanation: The BeforeInstall hook runs scripts before application files are copied.
What does the ‘aws codepipeline start-pipeline-execution’ command do?
A. Triggers manual approval
B. Starts a new execution of the pipeline
C. Rebuilds the pipeline
D. Creates a new pipeline
Answer: B. Starts a new execution of the pipeline
Explanation: This CLI command starts a fresh run of a defined CodePipeline.
What tool can help visualize IaC templates in AWS?
A. CloudShell
B. CloudFormation Designer
C. AWS Console Logs
D. AWS Budgets
Answer: B. CloudFormation Designer
Explanation: It provides a visual drag-and-drop interface for creating CloudFormation templates.
What AWS service helps you ensure that security group configurations comply with best practices?
A. AWS CloudWatch
B. AWS Config
C. AWS CodeBuild
D. AWS IAM
Answer: B. AWS Config
Explanation: AWS Config continuously evaluates resource configurations for compliance.
What is the primary benefit of using managed policies over inline policies in IAM?
A. Fewer lines of code
B. Better logging
C. Easier reusability and auditing
D. More encryption options
Answer: C. Easier reusability and auditing
Explanation: Managed policies can be attached to multiple users or roles and are easier to audit centrally.
To support hybrid workloads, which AWS service allows commands to be executed on on-prem servers?
A. AWS Systems Manager
B. AWS CodeDeploy
C. AWS CloudTrail
D. AWS X-Ray
Answer: A. AWS Systems Manager
Explanation: Systems Manager can be used to manage both AWS and on-premise resources using SSM agents.
What is the purpose of the ‘ValidateService’ lifecycle event in CodeDeploy?
A. To install dependencies
B. To start services
C. To check if deployment was successful
D. To copy files
Answer: C. To check if deployment was successful
Explanation: It verifies that the application operates as expected post-deployment.
Which AWS tool provides detailed billing reports for resource usage?
A. AWS Config
B. AWS Cost Explorer
C. AWS CloudTrail
D. AWS CloudWatch
Answer: B. AWS Cost Explorer
Explanation: Cost Explorer provides visualizations and reports for AWS resource spending.
You want to restrict access to a CodeCommit repo based on IP. What should you use?
A. Bucket policies
B. Security groups
C. IAM policy with condition key
D. CloudWatch logs
Answer: C. IAM policy with condition key
Explanation: IAM policies can use condition keys like aws:SourceIp to restrict repo access.
31. Which AWS service helps you identify and remediate non-compliant configurations automatically?
A. AWS Trusted Advisor
B. AWS Config
C. Amazon GuardDuty
D. AWS Inspector
Answer: B. AWS Config
Explanation: AWS Config continuously monitors and records your AWS resource configurations and enables you to automate the evaluation of recorded configurations against desired baselines.
32. What is the most cost-effective way to deploy code updates to a fleet of EC2 instances with minimal downtime?
A. Rolling deployments
B. All-at-once deployments
C. Blue/Green deployments
D. In-place upgrades
Answer: A. Rolling deployments
Explanation: Rolling deployments update a few instances at a time, reducing the chance of a full outage and minimizing deployment risk and cost.
33. Which AWS service allows you to manage infrastructure as code using a declarative template?
A. AWS Elastic Beanstalk
B. AWS CodePipeline
C. AWS CloudFormation
D. AWS OpsWorks
Answer: C. AWS CloudFormation
Explanation: CloudFormation enables you to define and provision AWS infrastructure using templates written in JSON or YAML.
34. You are using AWS CodePipeline to automate your CI/CD. What feature allows you to perform manual approval between stages?
A. Action Group
B. Wait Condition
C. Approval Action
D. Lambda Hook
Answer: C. Approval Action
Explanation: Manual approval actions pause the pipeline and require an authorized user to approve the action before it proceeds.
35. What AWS service provides managed Jenkins environments for continuous integration?
A. AWS CodeCommit
B. AWS CodePipeline
C. AWS CodeBuild
D. AWS CodeCatalyst
Answer: D. AWS CodeCatalyst
Explanation: AWS CodeCatalyst is a unified software development service that supports CI/CD and integrates managed DevOps tools including support for managed CI environments.
36. You want to store sensitive configuration data like API keys securely in your application. Which service should you use?
A. AWS Systems Manager Parameter Store
B. AWS Config
C. Amazon DynamoDB
D. Amazon EC2 metadata
Answer: A. AWS Systems Manager Parameter Store
Explanation: Parameter Store provides secure, hierarchical storage for configuration data management and secrets.
37. In AWS CodeDeploy, what is the purpose of an AppSpec file?
A. To define build steps
B. To configure IAM permissions
C. To manage deployment hooks and file locations
D. To control S3 versioning
Answer: C. To manage deployment hooks and file locations
Explanation: The AppSpec file defines the deployment actions, hooks, and file locations for AWS CodeDeploy.
38. You are building a monitoring solution. Which of the following provides insight into the CPU utilization of your Lambda functions?
A. AWS CloudTrail
B. AWS X-Ray
C. Amazon CloudWatch Metrics
D. AWS Trusted Advisor
Answer: C. Amazon CloudWatch Metrics
Explanation: CloudWatch collects and tracks metrics like Lambda invocation counts, duration, and errors, including CPU utilization.
39. Which service integrates with CodePipeline to perform security analysis of your source code?
A. AWS Inspector
B. Amazon Macie
C. Amazon GuardDuty
D. Amazon CodeGuru
Answer: D. Amazon CodeGuru
Explanation: CodeGuru performs code reviews and provides security recommendations for code quality, performance, and security.
40. Which deployment strategy in AWS CodeDeploy reduces downtime by deploying the new version alongside the old one?
A. Canary
B. Rolling
C. Blue/Green
D. Linear
Answer: C. Blue/Green
Explanation: In a Blue/Green deployment, a new environment (green) is created and traffic is shifted from the old (blue) once validation is complete.
41. What is the purpose of AWS CloudTrail in a DevOps environment?
A. Manage deployments
B. Continuous integration
C. Monitor resource usage
D. Record and audit API activity
Answer: D. Record and audit API activity
Explanation: CloudTrail records API calls across your AWS account, which is essential for auditing and troubleshooting.
42. When using AWS Elastic Beanstalk, how can you configure environment variables for your application?
A. By editing EC2 instance metadata
B. Through the Beanstalk CLI
C. In the environment configuration settings
D. In the Auto Scaling Group
Answer: C. In the environment configuration settings
Explanation: Environment variables in Elastic Beanstalk are set through the configuration settings of the environment.
43. What is the benefit of using CodeBuild with caching enabled?
A. Reduces build cost
B. Prevents code rollbacks
C. Speeds up future builds
D. Disables container reuse
Answer: C. Speeds up future builds
Explanation: Caching reduces build times by reusing previously downloaded dependencies and compiled artifacts.
44. Which AWS service supports setting up and managing hybrid (on-prem + cloud) CI/CD pipelines?
A. AWS CodeDeploy
B. AWS CodeBuild
C. AWS Systems Manager
D. AWS CodePipeline
Answer: D. AWS CodePipeline
Explanation: CodePipeline supports third-party tools and hybrid pipelines through custom actions and integrations.
45. What AWS service can scan container images for vulnerabilities?
A. AWS CodeBuild
B. Amazon Inspector
C. AWS Systems Manager
D. AWS CloudTrail
Answer: B. Amazon Inspector
Explanation: Amazon Inspector can scan EC2 instances and container images in Amazon ECR for software vulnerabilities and misconfigurations.
