Amazon Web Services DOP-C02 Exam With Confidence Using Practice Dumps

To achieve multi-Region high availability for a serverless API-based application, the architecture must be duplicated in the second Region and supported by a multi-Region data layer and appropriate DNS routing. Option A provides the required multi-Region data layer using DynamoDB global tables , which replicate data automatically and asynchronously between Regions. This allows reads and writes in either Region and prevents cross-Region latency bottlenecks.

Option C ensures that the compute components—API Gateway REST API and AWS Lambda functions—are deployed in both Regions. Each Region operates independently, providing true active-active redundancy and allowing Route 53 to route traffic directly to either Region without dependency on the other.

Option E selects Route 53 latency-based routing , which directs each user to the Region with the lowest round-trip latency. This meets the requirement to route traffic based on the Region providing the best response time rather than only providing active-passive failover.

Option D (failover routing) supports active-standby topologies, not active-active. Option B creates a global secondary index, which does not provide multi-Region replication. Option F (multivalue routing) distributes traffic randomly and does not account for latency or Region placement.

Thus, combining DynamoDB global tables, duplicated serverless architecture, and latency-based routing fully satisfies the requirements.

Amazon ECR enhanced scanning uses Amazon Inspector for vulnerability detection.

EventBridge can capture Inspector scan findings.

Lambda can process scan findings and reject manual approval if critical vulnerabilities exist.

Options A and C use incorrect or less integrated services (basic scanning or Detective).

Option B adds unnecessary complexity with SBOM and Athena.

The correct answer is C. Allowing users to deploy CloudFormation stacks using AWS Service Catalog only and enforcing the use of a launch constraint is the best way to ensure that the internal business teams launch resources through pre-approved CloudFormation templates only. AWS Service Catalog is a service that enables organizations to create and manage catalogs of IT services that are approved for use on AWS. A launch constraint is a rule that specifies the role that AWS Service Catalog assumes when launching a product. By using a launch constraint, the DevOps engineer can control the permissions that the users have when launching a product. Using AWS Config rules to detect when resources have drifted from their expected state is the best way to automate the monitoring of the resources. AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. AWS Config rules are custom or managed rules that AWS Config uses to evaluate whether your AWS resources comply with your desired configurations. By using AWS Config rules, the DevOps engineer can track the changes in the resources and identify any non-compliant resources.

Option A is incorrect because allowing users to deploy CloudFormation stacks using a CloudFormation service role only is not the best way to ensure that the internal business teams launch resources through pre-approved CloudFormation templates only. A CloudFormation service role is an IAM role that CloudFormation assumes to create, update, or delete the stack resources. By using a CloudFormation service role, the DevOps engineer can control the permissions that CloudFormation has when acting on the resources, but not the permissions that the users have when launching a stack. Therefore, option A does not prevent the users from launching resources that are not approved by the company. Using CloudFormation drift detection to detect when resources have drifted from their expected state is a valid way to monitor the resources, but it is not as automated and scalable as using AWS Config rules. CloudFormation drift detection is a feature that enables you to detect whether a stack’s actual configuration differs, or has drifted, from its expected configuration. To use this feature, the DevOps engineer would need to manually initiate a drift detection operation on the stack or the stack resources, and then view the drift status and details in the CloudFormation console or API.

Option B is incorrect because allowing users to deploy CloudFormation stacks using a CloudFormation service role only is not the best way to ensure that the internal business teams launch resources through pre-approved CloudFormation templates only, as explained in option A. Using AWS Config rules to detect when resources have drifted from their expected state is a valid way to monitor the resources, as explained in option C.

Option D is incorrect because enforcing the use of a template constraint is not the best way to ensure that the internal business teams launch resources through pre-approved CloudFormation templates only. A template constraint is a rule that defines the values or properties that users can specify when launching a product. By using a template constraint, the DevOps engineer can control the parameters that the users can provide when launching a product, but not the permissions that the users have when launching a product. Therefore, option D does not prevent the users from launching resources that are not approved by the company. Using Amazon EventBridge notifications to detect when resources have drifted from their expected state is a less reliable and consistent solution than using AWS Config rules. Amazon EventBridge is a service that enables you to connect your applications with data from a variety of sources. Amazon EventBridge can deliver a stream of real-time data from event sources, such as AWS services, and route that data to targets, such as AWS Lambda functions. However, to use this solution, the DevOps engineer would need to configure the event source, the event bus, the event rule, and the event target for each resource type that needs to be monitored, which is more complex and error-prone than using AWS Config rules.