Sample questions
AWS Certified DevOps Engineer Professional DOP-C02 practice questions
A company uses AWS CodePipeline with a multi-branch strategy. A new feature branch triggers a pipeline that runs unit tests and deploys to a test environment. The deployment step uses AWS CodeDeploy with a deployment group configured for in-place deployment to Amazon EC2 instances. The deployment fails intermittently with the error 'The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available for deployment, or some instances in your deployment group are experiencing problems.' The instances are healthy and pass health checks. What is the most likely cause?
Trap 1: The pipeline has a failed execution that is blocking subsequent…
CodePipeline allows concurrent executions unless specifically configured to block.
Trap 2: The CodeDeploy agent on the instances is not running, causing the…
If the agent were not running, instances would fail health checks and show specific errors.
Trap 3: The pipeline is configured with a high frequency of changes,…
CodePipeline throttles are rare and would produce a different error.
- A
The pipeline has a failed execution that is blocking subsequent executions.
Why wrong: CodePipeline allows concurrent executions unless specifically configured to block.
- B
The CodeDeploy agent on the instances is not running, causing the deployment to fail.
Why wrong: If the agent were not running, instances would fail health checks and show specific errors.
- C
The pipeline is configured with a high frequency of changes, causing throttling from CodePipeline.
Why wrong: CodePipeline throttles are rare and would produce a different error.
- D
A previous deployment is still in progress or frozen in the CodeDeploy deployment group.
CodeDeploy limits concurrent deployments per deployment group; a frozen deployment prevents new ones.
A development team uses AWS CodeBuild to compile a Java application and run unit tests. The build takes 30 minutes, but the team wants to reduce build time. The codebase has not changed significantly, and dependencies are stable. Which action would be MOST effective in reducing build time?
Trap 1: Move the build process to a local developer machine to avoid…
Local builds are not a scalable or consistent solution.
Trap 2: Reduce the number of unit tests executed in the build phase.
This compromises quality and may not be acceptable.
Trap 3: Increase the compute type of the build environment to a larger…
While faster compute helps, it does not address the dependency download overhead.
- A
Configure CodeBuild to cache dependencies in an Amazon S3 bucket.
Caching avoids re-fetching dependencies every build.
- B
Move the build process to a local developer machine to avoid CodeBuild overhead.
Why wrong: Local builds are not a scalable or consistent solution.
- C
Reduce the number of unit tests executed in the build phase.
Why wrong: This compromises quality and may not be acceptable.
- D
Increase the compute type of the build environment to a larger instance.
Why wrong: While faster compute helps, it does not address the dependency download overhead.
A company uses AWS CodePipeline with multiple stages: Source (Amazon S3), Build (AWS CodeBuild), and Deploy (AWS CodeDeploy). The build stage runs a series of tests, and if they pass, the pipeline proceeds to deploy. Recently, a developer committed a change that passed all tests but caused a production outage. The team wants to add an approval step before the deploy stage, but they also want to ensure that only changes from specific branches can be deployed. What is the MOST secure and maintainable way to enforce this?
Trap 1: Use a Lambda function in the pipeline to check the branch name and…
The Lambda function can be modified by anyone with pipeline edit permissions.
Trap 2: Add a manual approval step in the pipeline and rely on the approver…
Manual approval does not prevent a developer from approving their own change.
Trap 3: Tag the source artifacts with the branch name and use a condition…
CodePipeline does not support conditions on artifact tags.
- A
Use a Lambda function in the pipeline to check the branch name and fail if not allowed.
Why wrong: The Lambda function can be modified by anyone with pipeline edit permissions.
- B
Add a manual approval step in the pipeline and rely on the approver to verify the branch.
Why wrong: Manual approval does not prevent a developer from approving their own change.
- C
Create a separate pipeline for each allowed branch, with the approval step only in the production pipeline.
Isolating pipelines prevents direct deployment from unauthorized branches.
- D
Tag the source artifacts with the branch name and use a condition in CodePipeline to allow only specific tags.
Why wrong: CodePipeline does not support conditions on artifact tags.
A company uses AWS CodeCommit for source control. Developers frequently push large binary files (e.g., compiled JARs) to the repository, causing the repository size to grow rapidly and slowing down clone operations. The team wants to enforce a policy to reject pushes that contain files larger than 50 MB. Which approach should be used?
Trap 1: Set up an Amazon CloudWatch Events rule to monitor repository size…
This is reactive, not preventive.
Trap 2: Create an IAM policy that denies the `codecommit:GitPush` action if…
IAM policies cannot evaluate file sizes.
Trap 3: Use a pre-receive hook in the repository to reject large files by…
Pre-receive hooks are not natively supported in CodeCommit.
- A
Configure a CodeCommit trigger that invokes an AWS Lambda function to validate file sizes and reject the push.
CodeCommit triggers allow custom validation before accepting a push.
- B
Set up an Amazon CloudWatch Events rule to monitor repository size and alert when it exceeds a threshold.
Why wrong: This is reactive, not preventive.
- C
Create an IAM policy that denies the `codecommit:GitPush` action if the file size exceeds 50 MB.
Why wrong: IAM policies cannot evaluate file sizes.
- D
Use a pre-receive hook in the repository to reject large files by generating an S3 pre-signed URL.
Why wrong: Pre-receive hooks are not natively supported in CodeCommit.
An organization uses AWS CodePipeline to orchestrate deployments to multiple environments (dev, test, prod). Each environment uses a different AWS account. The pipeline uses cross-account actions with IAM roles. Recently, the pipeline failed at the deploy stage for the prod account with the error 'Access Denied' when assuming the cross-account role. The role ARN is correct and the trust policy allows the pipeline's service role. What is the MOST likely cause?
Trap 1: The EC2 instances in the prod account do not have an appropriate…
The pipeline does not run on EC2 instances.
Trap 2: The cross-account role's permissions boundary denies the deploy…
Permissions boundary affects what the role can do after assuming it, not the assumption itself.
Trap 3: The pipeline's service role does not have permission to perform the…
The error occurs when assuming the role, not during the deploy action itself.
- A
The EC2 instances in the prod account do not have an appropriate instance profile.
Why wrong: The pipeline does not run on EC2 instances.
- B
The pipeline's service role lacks the `sts:AssumeRole` permission for the cross-account role.
The service role needs explicit permission to assume the cross-account role.
- C
The cross-account role's permissions boundary denies the deploy action.
Why wrong: Permissions boundary affects what the role can do after assuming it, not the assumption itself.
- D
The pipeline's service role does not have permission to perform the deploy action in the prod account.
Why wrong: The error occurs when assuming the role, not during the deploy action itself.
A company uses AWS Key Management Service (KMS) to encrypt data at rest in Amazon S3. The security team wants to ensure that only users with a specific attribute in their SAML assertion can decrypt the data. Which KMS key policy should be used?
Trap 1: Create an S3 bucket policy that denies kms:Decrypt unless the…
S3 bucket policies cannot deny KMS actions.
Trap 2: Attach a resource-based policy to the S3 bucket that allows…
S3 bucket policies do not control KMS decryption permissions.
Trap 3: Use an IAM policy that grants kms:Decrypt only if the user has the…
IAM policies cannot evaluate SAML attributes directly; KMS key policies can.
- A
Create an S3 bucket policy that denies kms:Decrypt unless the request includes a specific tag.
Why wrong: S3 bucket policies cannot deny KMS actions.
- B
Modify the KMS key policy to include a condition that allows kms:Decrypt only if the SAML assertion contains the specific attribute.
KMS key policies can use conditions based on SAML attributes to control decryption.
- C
Attach a resource-based policy to the S3 bucket that allows decryption only for users with the specific attribute.
Why wrong: S3 bucket policies do not control KMS decryption permissions.
- D
Use an IAM policy that grants kms:Decrypt only if the user has the specific attribute.
Why wrong: IAM policies cannot evaluate SAML attributes directly; KMS key policies can.
A DevOps team is designing a CI/CD pipeline for a microservices application. Each microservice has its own code repository and build artifacts. The team wants to use AWS CodePipeline with multiple parallel actions to build and test all microservices simultaneously. They also want to ensure that if one microservice's build fails, the pipeline does not block other microservices. Which THREE steps should the team take? (Choose THREE.)
Trap 1: Configure the pipeline to block subsequent stages if any build…
Blocking would affect other microservices.
Trap 2: Configure a single build action that sequentially builds all…
Sequential builds would block if one fails.
- A
Use a parallel action group with separate build actions for each microservice.
Parallel actions allow simultaneous builds.
- B
Create a separate pipeline for each microservice to fully isolate failures.
Separate pipelines prevent cross-microservice impact.
- C
Configure the pipeline to block subsequent stages if any build action fails.
Why wrong: Blocking would affect other microservices.
- D
Configure a single build action that sequentially builds all microservices.
Why wrong: Sequential builds would block if one fails.
- E
Set the 'RunOrder' field for each build action to the same number to run them in parallel.
Same RunOrder runs actions in parallel.
A company uses AWS OpsWorks to manage a set of EC2 instances. They need to ensure that a custom recipe runs on all instances during the 'Configure' lifecycle event. What is the correct way to achieve this?
Trap 1: Modify the stack's CloudFormation template to include the recipe.
OpsWorks stacks are not defined by CloudFormation templates.
Trap 2: Add the recipe commands to the instance's user data script.
User data runs only once at boot, not during each Configure event.
Trap 3: Use AWS CodeDeploy to trigger the recipe during the Configure event.
CodeDeploy is for application deployment, not OpsWorks lifecycle events.
- A
Modify the stack's CloudFormation template to include the recipe.
Why wrong: OpsWorks stacks are not defined by CloudFormation templates.
- B
Upload the recipe to a custom cookbook repository and assign it to the 'Configure' lifecycle event in the stack settings.
This is the standard way to run custom recipes on OpsWorks lifecycle events.
- C
Add the recipe commands to the instance's user data script.
Why wrong: User data runs only once at boot, not during each Configure event.
- D
Use AWS CodeDeploy to trigger the recipe during the Configure event.
Why wrong: CodeDeploy is for application deployment, not OpsWorks lifecycle events.
A DevOps team is designing a CI/CD pipeline using AWS CodeBuild and CodePipeline. They want to use infrastructure as code to define the build environment. Which TWO options are valid approaches to define the build environment in CodeBuild?
Trap 1: Configure CodeDeploy to set up the build environment before the…
CodeDeploy is for application deployment, not build environment setup.
Trap 2: Use an Elastic Beanstalk environment to run the build.
Elastic Beanstalk is for running applications, not for CI/CD build environments.
Trap 3: Use an AWS CloudFormation template to specify the build environment…
CloudFormation is for provisioning resources, not for CodeBuild build environment definitions.
- A
Configure CodeDeploy to set up the build environment before the build starts.
Why wrong: CodeDeploy is for application deployment, not build environment setup.
- B
Define the build environment using a buildspec.yml file that includes runtime versions and environment variables.
The buildspec file is the primary way to define build commands and environment.
- C
Use an Elastic Beanstalk environment to run the build.
Why wrong: Elastic Beanstalk is for running applications, not for CI/CD build environments.
- D
Use a custom Docker image stored in Amazon ECR as the build environment.
CodeBuild allows you to specify a custom image to run builds in.
- E
Use an AWS CloudFormation template to specify the build environment configuration.
Why wrong: CloudFormation is for provisioning resources, not for CodeBuild build environment definitions.
A development team wants to ensure that their application can continue serving traffic even if an entire AWS Availability Zone (AZ) becomes unavailable. The application runs on Amazon EC2 instances in an Auto Scaling group and uses an Application Load Balancer (ALB). Which configuration should the team implement to meet this requirement?
Trap 1: Use a launch template with multiple instance types to ensure…
Instance type diversity does not address AZ failure.
Trap 2: Use a single AZ but configure EC2 Auto Scaling to replace unhealthy…
This does not protect against AZ failure.
Trap 3: Launch all EC2 instances in the same AZ to minimize latency, and…
All instances in one AZ remain vulnerable to AZ failure.
- A
Configure the Auto Scaling group to launch EC2 instances across multiple AZs, and ensure the ALB is enabled for cross-zone load balancing.
Multiple AZs provide resilience against AZ failure; cross-zone load balancing distributes traffic evenly.
- B
Use a launch template with multiple instance types to ensure diversity across the fleet.
Why wrong: Instance type diversity does not address AZ failure.
- C
Use a single AZ but configure EC2 Auto Scaling to replace unhealthy instances automatically.
Why wrong: This does not protect against AZ failure.
- D
Launch all EC2 instances in the same AZ to minimize latency, and configure the Auto Scaling group to maintain a minimum of two instances.
Why wrong: All instances in one AZ remain vulnerable to AZ failure.
A DevOps team is designing a monitoring strategy for a microservices application deployed on Amazon EKS. The application emits custom metrics, and the team needs to collect them with minimal latency and at high resolution. The team also needs to retain logs for 90 days for compliance. Which THREE steps should the team take to meet these requirements? (Choose three.)
Trap 1: Stream logs to Amazon Kinesis Data Firehose for transformation…
This adds complexity and cost; direct streaming to CloudWatch Logs is sufficient.
Trap 2: Enable CloudWatch Container Insights for the EKS cluster.
Container Insights provides cluster-level metrics, not custom application metrics.
- A
Use Fluent Bit daemonset to send application logs to CloudWatch Logs.
Fluent Bit is a common log collector for EKS that can send logs to CloudWatch Logs for retention.
- B
Stream logs to Amazon Kinesis Data Firehose for transformation before landing in CloudWatch Logs.
Why wrong: This adds complexity and cost; direct streaming to CloudWatch Logs is sufficient.
- C
Enable CloudWatch Container Insights for the EKS cluster.
Why wrong: Container Insights provides cluster-level metrics, not custom application metrics.
- D
Configure a CloudWatch metric filter or an alarm to alert on high error rates.
Alerts on custom metrics help the team respond to issues quickly.
- E
Deploy the CloudWatch agent with Prometheus metric collection configuration.
The agent can scrape Prometheus endpoints and send metrics to CloudWatch with low latency.
A DevOps engineer is troubleshooting an application running on an EC2 instance. The application needs to access an Amazon RDS database using IAM database authentication. The EC2 instance is associated with an IAM role 'EC2-AppRole', and the RDS instance has a resource-based policy that allows 'DatabaseAccessRole' to connect. The engineer sees the error in the exhibit. What is the most likely cause?
Exhibit
Refer to the exhibit. Error log from an application instance: 2023-10-01T12:34:56Z ERROR Failed to assume role: AccessDenied User: arn:aws:sts::123456789012:assumed-role/EC2-AppRole/i-0a1b2c3d4e5f is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::123456789012:role/DatabaseAccessRole
Trap 1: The RDS instance does not have a resource-based policy that grants…
B is wrong because the error is about assuming the role, not about the RDS policy.
Trap 2: The security group for the EC2 instance does not allow outbound…
D is wrong because the error is an IAM permission error, not a network connectivity error.
Trap 3: The EC2 instance does not have the correct IAM instance profile…
C is wrong because the log shows the instance role is assumed (the user ARN is from that role).
- A
The RDS instance does not have a resource-based policy that grants access to 'DatabaseAccessRole'.
Why wrong: B is wrong because the error is about assuming the role, not about the RDS policy.
- B
The security group for the EC2 instance does not allow outbound traffic to the RDS instance.
Why wrong: D is wrong because the error is an IAM permission error, not a network connectivity error.
- C
The EC2 instance does not have the correct IAM instance profile attached.
Why wrong: C is wrong because the log shows the instance role is assumed (the user ARN is from that role).
- D
The trust policy of the IAM role 'DatabaseAccessRole' does not allow the EC2 instance role 'EC2-AppRole' to assume it.
A is correct because the access denied error indicates the trust relationship is missing.
A company is running a critical application on an Amazon EC2 instance that needs to access an S3 bucket. The application must use temporary credentials that automatically rotate. The DevOps engineer must ensure that the credentials are never stored on disk. Which approach meets these requirements?
Trap 1: Store the credentials in AWS Secrets Manager and retrieve them at…
Retrieving from Secrets Manager requires credentials to access Secrets Manager, leading to a chicken-and-egg problem.
Trap 2: Use AWS Systems Manager Parameter Store to store the credentials…
The instance role can access Parameter Store, but the credentials themselves are not automatically rotated.
Trap 3: Generate an access key and secret key for an IAM user and store…
Access keys are long-term credentials and storing them on disk is insecure.
- A
Store the credentials in AWS Secrets Manager and retrieve them at application startup.
Why wrong: Retrieving from Secrets Manager requires credentials to access Secrets Manager, leading to a chicken-and-egg problem.
- B
Attach an IAM role to the EC2 instance and use the instance profile to obtain temporary credentials from the instance metadata service.
Instance profiles provide temporary credentials that are automatically rotated and never stored on disk.
- C
Use AWS Systems Manager Parameter Store to store the credentials and retrieve them using the EC2 instance's IAM role.
Why wrong: The instance role can access Parameter Store, but the credentials themselves are not automatically rotated.
- D
Generate an access key and secret key for an IAM user and store them in a configuration file on the EC2 instance.
Why wrong: Access keys are long-term credentials and storing them on disk is insecure.
A company is experiencing an ongoing security incident where an unauthorized user gained access to an AWS access key and is making API calls. The security team needs to immediately stop the unauthorized access and preserve evidence for investigation. Which TWO actions should the team take? (Choose TWO.)
Trap 1: Rotate the access key by creating a new key and updating the…
A is wrong because rotating does not immediately deactivate the compromised key.
Trap 2: Change the IAM policy attached to the user to deny all actions.
E is wrong because changing the policy might not take effect immediately if the key is already authenticated.
Trap 3: Contact AWS Support to have the key disabled.
C is wrong because contacting support takes time; immediate action is needed.
- A
Rotate the access key by creating a new key and updating the application.
Why wrong: A is wrong because rotating does not immediately deactivate the compromised key.
- B
Enable CloudTrail logging to capture API calls for forensic analysis.
D is correct because logging is essential for evidence preservation and investigation.
- C
Change the IAM policy attached to the user to deny all actions.
Why wrong: E is wrong because changing the policy might not take effect immediately if the key is already authenticated.
- D
Contact AWS Support to have the key disabled.
Why wrong: C is wrong because contacting support takes time; immediate action is needed.
- E
Delete the compromised access key immediately.
B is correct because deleting the key stops all API calls using that key.
A company uses AWS Organizations to manage multiple accounts. The Security team wants to prevent member accounts from disabling AWS CloudTrail or deleting CloudTrail log files. Which TWO actions should the Security team take in the organization's management account? (Choose TWO.)
Trap 1: Create an SCP to deny cloudtrail:UpdateTrail.
This prevents updating the trail but not stopping or deleting it.
Trap 2: Create an IAM policy in each member account to deny…
IAM policies can be overridden by account administrators.
Trap 3: Enable AWS CloudTrail from the management account with organization…
This creates a trail, but does not prevent member accounts from disabling it.
- A
Create an SCP to deny cloudtrail:UpdateTrail.
Why wrong: This prevents updating the trail but not stopping or deleting it.
- B
Create an IAM policy in each member account to deny cloudtrail:StopLogging.
Why wrong: IAM policies can be overridden by account administrators.
- C
Create an SCP to deny s3:DeleteObject on the CloudTrail log bucket.
This prevents deletion of log files.
- D
Enable AWS CloudTrail from the management account with organization trail.
Why wrong: This creates a trail, but does not prevent member accounts from disabling it.
- E
Create an SCP to deny cloudtrail:StopLogging and cloudtrail:DeleteTrail.
This prevents disabling or deleting the trail.
A DevOps engineer needs to ensure that all API calls made to AWS are recorded for auditing purposes. Which AWS service should be used?
Trap 1: AWS Config
AWS Config records resource configuration changes, not API calls.
Trap 2: Amazon CloudWatch Logs
CloudWatch Logs stores logs but does not automatically record API calls.
Trap 3: Amazon VPC Flow Logs
VPC Flow Logs capture IP traffic, not API calls.
- A
AWS CloudTrail
CloudTrail records all AWS API calls for auditing.
- B
AWS Config
Why wrong: AWS Config records resource configuration changes, not API calls.
- C
Amazon CloudWatch Logs
Why wrong: CloudWatch Logs stores logs but does not automatically record API calls.
- D
Amazon VPC Flow Logs
Why wrong: VPC Flow Logs capture IP traffic, not API calls.
A company has a requirement to rotate database credentials every 30 days for an Amazon RDS for MySQL instance. The credentials are currently stored in AWS Secrets Manager. The DevOps engineer needs to implement automatic rotation without modifying the application code. Which solution should be used?
Trap 1: Create a scheduled job that runs every 30 days to update the secret…
This is manual and does not handle automatic rotation of the database password.
Trap 2: Store the credentials in AWS Systems Manager Parameter Store and…
Parameter Store does not natively support rotation for RDS credentials.
Trap 3: Use the AWS RDS automatic password rotation feature, which…
RDS does not have an automatic password rotation feature without Secrets Manager.
- A
Create a scheduled job that runs every 30 days to update the secret in Secrets Manager with a new password.
Why wrong: This is manual and does not handle automatic rotation of the database password.
- B
Store the credentials in AWS Systems Manager Parameter Store and configure automatic rotation using a Lambda function.
Why wrong: Parameter Store does not natively support rotation for RDS credentials.
- C
Use the AWS RDS automatic password rotation feature, which automatically updates the password every 30 days.
Why wrong: RDS does not have an automatic password rotation feature without Secrets Manager.
- D
Configure Secrets Manager to automatically rotate the secret every 30 days using a Lambda rotation function, and have the application retrieve the secret using the Secrets Manager API.
Secrets Manager provides built-in rotation for RDS with a Lambda function, and the application can retrieve credentials on-the-fly.
A company uses AWS CloudFormation to deploy a multi-tier web application. The template includes a nested stack for the database layer. When updating the stack, the database stack fails with a 'CREATE_FAILED' status, but the parent stack continues updating other resources. What is the most likely cause and best practice to prevent this?
Trap 1: The parent stack was created without the '--capabilities'…
The capabilities parameter is for IAM resources, not related to rollback behavior.
Trap 2: The nested stack failure automatically triggers a rollback of the…
By default, CloudFormation does not roll back the parent stack when a nested stack fails; it continues.
Trap 3: The parent stack is configured with 'OnFailure' set to 'DO_NOTHING'
'DO_NOTHING' is not a valid value; default is 'ROLLBACK' for stack creation but 'CONTINUE' for updates. This is incorrect.
- A
The parent stack's update policy is set to 'CONTINUE' by default. To prevent this, set 'OnFailure' to 'ROLLBACK' in the stack update options.
Setting 'OnFailure' to 'ROLLBACK' during update ensures the entire stack rolls back if any resource fails, maintaining consistency.
- B
The parent stack was created without the '--capabilities' parameter, so it cannot roll back.
Why wrong: The capabilities parameter is for IAM resources, not related to rollback behavior.
- C
The nested stack failure automatically triggers a rollback of the parent stack, but the rollback also failed.
Why wrong: By default, CloudFormation does not roll back the parent stack when a nested stack fails; it continues.
- D
The parent stack is configured with 'OnFailure' set to 'DO_NOTHING'. Change it to 'DELETE'.
Why wrong: 'DO_NOTHING' is not a valid value; default is 'ROLLBACK' for stack creation but 'CONTINUE' for updates. This is incorrect.
A DevOps engineer manages infrastructure using Terraform. The team needs to store secrets such as database passwords in a secure manner and reference them in Terraform configurations. They have configured AWS Secrets Manager. What is the recommended approach to reference secrets in Terraform without exposing them in state files?
Trap 1: Store the secret ARN in a Terraform variable and use…
The ARN is not sensitive, but the secret value still needs retrieval; this does not address state exposure.
Trap 2: Store the secret in AWS Systems Manager Parameter Store and…
While this retrieves the secret, it can still appear in state if not handled properly; also, Secrets Manager is already in use.
Trap 3: Pass the secret as an environment variable to Terraform and…
Environment variables can be captured in state if used in resources, leading to exposure.
- A
Store the secret ARN in a Terraform variable and use 'var.secret_arn' in the resource.
Why wrong: The ARN is not sensitive, but the secret value still needs retrieval; this does not address state exposure.
- B
Store the secret in AWS Systems Manager Parameter Store and reference it using 'data.aws_ssm_parameter'.
Why wrong: While this retrieves the secret, it can still appear in state if not handled properly; also, Secrets Manager is already in use.
- C
Pass the secret as an environment variable to Terraform and reference it with 'var.secret_value'.
Why wrong: Environment variables can be captured in state if used in resources, leading to exposure.
- D
Use the 'data.aws_secretsmanager_secret_version' data source and mark the attribute as 'sensitive = true' in the output.
The data source retrieves the secret, and marking outputs as sensitive prevents them from being shown in logs or state.
A DevOps team uses AWS CodePipeline to automate deployments. The pipeline has a Deploy stage that uses AWS CloudFormation to create or update a stack. Recently, a stack update failed because the template referenced an AMI that was deprecated. The team wants to automatically roll back the stack to the last known good state if a deployment fails. What should they do?
Trap 1: Use the CodePipeline console to enable 'Automatic rollback' for the…
CodePipeline does not have an automatic rollback for stage failures; it has 'Stage transition' settings.
Trap 2: Set the stack's 'DisableRollback' parameter to 'true' in the…
Disabling rollback would cause the stack to remain in a failed state, not roll back.
Trap 3: Add a stack policy to the CloudFormation stack that denies updates…
A stack policy prevents updates to specific resources, but does not trigger rollback.
- A
Configure the CloudFormation deployment action in CodePipeline with 'ActionMode' set to 'CREATE_UPDATE' and check the 'Rollback on failure' option.
CodePipeline's CloudFormation action supports automatic rollback on failure.
- B
Use the CodePipeline console to enable 'Automatic rollback' for the Deploy stage.
Why wrong: CodePipeline does not have an automatic rollback for stage failures; it has 'Stage transition' settings.
- C
Set the stack's 'DisableRollback' parameter to 'true' in the template.
Why wrong: Disabling rollback would cause the stack to remain in a failed state, not roll back.
- D
Add a stack policy to the CloudFormation stack that denies updates to the AMI parameter.
Why wrong: A stack policy prevents updates to specific resources, but does not trigger rollback.
A developer wants to use AWS CloudFormation to create an Amazon RDS DB instance. The template includes a DB instance resource. Which property is required for the DB instance to be created successfully?
Trap 1: AllocatedStorage
This is required for some engines, but not all; for example, Aurora uses storage auto-scaling.
Trap 2: DBInstanceIdentifier
This is optional; AWS can generate a default identifier.
Trap 3: MasterUsername and MasterUserPassword
These are also required, but the question asks 'which property' singular; multiple correct properties exist, but A is a pair that is required.
- A
DBInstanceClass and Engine
These are required properties for the DB instance resource.
- B
AllocatedStorage
Why wrong: This is required for some engines, but not all; for example, Aurora uses storage auto-scaling.
- C
DBInstanceIdentifier
Why wrong: This is optional; AWS can generate a default identifier.
- D
MasterUsername and MasterUserPassword
Why wrong: These are also required, but the question asks 'which property' singular; multiple correct properties exist, but A is a pair that is required.
A company runs a critical web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The application uses an Amazon RDS for MySQL Multi-AZ DB instance for data storage. During an AWS infrastructure event, the primary Availability Zone (AZ) becomes unavailable, and the application experiences downtime. The RDS Multi-AZ failover completes automatically, but the application takes several minutes to reconnect. Which combination of actions would MOST reduce the recovery time for the application during such an event?
Trap 1: Place all EC2 instances in a single AZ and use an Amazon Route 53…
Single-AZ placement is a single point of failure; Route 53 health checks cannot failover quickly enough for database connections.
Trap 2: Deploy the RDS instance as a Single-AZ instance in the same AZ as…
Single-AZ does not provide automatic failover; read replicas require manual promotion.
Trap 3: Configure an Application Load Balancer in front of the RDS instance…
ALB is not designed for database connections; it handles HTTP/HTTPS traffic.
- A
Place all EC2 instances in a single AZ and use an Amazon Route 53 health check to reroute traffic to a standby environment in another AZ.
Why wrong: Single-AZ placement is a single point of failure; Route 53 health checks cannot failover quickly enough for database connections.
- B
Use an RDS proxy (Amazon RDS Proxy) to pool and share database connections, and ensure the application uses the RDS cluster endpoint.
RDS Proxy reduces connection disruption during failover by maintaining connections, and the cluster endpoint points to the current primary.
- C
Deploy the RDS instance as a Single-AZ instance in the same AZ as the primary EC2 instances, and use read replicas for failover.
Why wrong: Single-AZ does not provide automatic failover; read replicas require manual promotion.
- D
Configure an Application Load Balancer in front of the RDS instance to distribute connections across AZs.
Why wrong: ALB is not designed for database connections; it handles HTTP/HTTPS traffic.
A company is designing a disaster recovery (DR) strategy for a stateless web application deployed on Amazon ECS with Fargate. The application is fronted by an Application Load Balancer (ALB) and uses Amazon ElastiCache for Redis for session state. The primary region is us-east-1. The DR plan requires a Recovery Point Objective (RPO) of 15 minutes and a Recovery Time Objective (RTO) of 30 minutes. Which solution meets these requirements with the LEAST operational overhead?
Trap 1: Deploy an Active-Active configuration across two AWS regions using…
Active-Active adds complexity; ElastiCache Global Datastore supports cross-region replication but not multi-region writes natively.
Trap 2: Deploy a Pilot Light environment in us-west-2 with a scaled-down…
Manual scaling and promotion steps may exceed 30 minutes RTO.
Trap 3: Use Amazon ECS with Fargate in us-east-1 only, and schedule daily…
Snapshot restore can take longer than 30 minutes and RPO may be up to 24 hours.
- A
Deploy an ALB with a warm standby ECS service in us-west-2. Use Route 53 health checks to route traffic to the secondary region if primary fails. Use ElastiCache Global Datastore for Redis to replicate data across regions.
The warm standby approach with automatic failover and cross-region replication meets RPO and RTO with low operational overhead.
- B
Deploy an Active-Active configuration across two AWS regions using Route 53 latency routing. Use ElastiCache for Redis Global Datastore with multi-region writes.
Why wrong: Active-Active adds complexity; ElastiCache Global Datastore supports cross-region replication but not multi-region writes natively.
- C
Deploy a Pilot Light environment in us-west-2 with a scaled-down ECS service and Redis cluster. Use Route 53 DNS failover. On disaster, scale up the ECS service and promote the Redis cluster.
Why wrong: Manual scaling and promotion steps may exceed 30 minutes RTO.
- D
Use Amazon ECS with Fargate in us-east-1 only, and schedule daily snapshots of ElastiCache for Redis. In case of disaster, restore the snapshot in a new region and update DNS.
Why wrong: Snapshot restore can take longer than 30 minutes and RPO may be up to 24 hours.
A company runs a containerized microservices application on Amazon EKS. The application includes a critical service that processes real-time financial transactions. This service must be highly available and resilient to node failures. The current setup uses a Deployment with 3 replicas and a ClusterIP service. During a recent node failure, the application experienced a brief period of unavailability. Which action should the DevOps engineer take to improve resilience without changing the underlying infrastructure?
Trap 1: Change the service type from ClusterIP to NodePort and configure an…
NodePort does not improve resilience; the underlying pod distribution remains unchanged.
Trap 2: Increase the number of replicas to 10 and use a node selector to…
More replicas on one node still fail if that node fails.
Trap 3: Enable HorizontalPodAutoscaler with a target CPU utilization of 50%…
Autoscaling does not prevent downtime during a node failure; it only adds capacity based on metrics.
- A
Change the service type from ClusterIP to NodePort and configure an external load balancer.
Why wrong: NodePort does not improve resilience; the underlying pod distribution remains unchanged.
- B
Increase the number of replicas to 10 and use a node selector to schedule all pods on the largest instance type.
Why wrong: More replicas on one node still fail if that node fails.
- C
Configure a PodDisruptionBudget with a maxUnavailable of 1, and add pod anti-affinity rules to spread pods across different nodes.
These steps ensure that a single node failure does not take down all replicas, and voluntary disruptions are limited.
- D
Enable HorizontalPodAutoscaler with a target CPU utilization of 50% to automatically scale the Deployment.
Why wrong: Autoscaling does not prevent downtime during a node failure; it only adds capacity based on metrics.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.