Big Black Friday Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

DOP-C02 Exam Dumps : AWS Certified DevOps Engineer - Professional

PDF
DOP-C02 pdf
 Real Exam Questions and Answer
 Last Update: Nov 23, 2025
 Question and Answers: 366 With Explanation
 Compatible with all Devices
 Printable Format
 100% Pass Guaranteed
$25.5  $84.99
DOP-C02 exam
PDF + Testing Engine
DOP-C02 PDF + engine
 Both PDF & Practice Software
 Last Update: Nov 23, 2025
 Question and Answers: 366
 Discount Offer
 Download Free Demo
 24/7 Customer Support
$40.5  $134.99
Testing Engine
DOP-C02 Engine
 Desktop Based Application
 Last Update: Nov 23, 2025
 Question and Answers: 366
 Create Multiple Test Sets
 Questions Regularly Updated
  90 Days Free Updates
  Windows and Mac Compatible
$30  $99.99

Verified By IT Certified Experts

CertsTopics.com Certified Safe Files

Up-To-Date Exam Study Material

99.5% High Success Pass Rate

100% Accurate Answers

Instant Downloads

Exam Questions And Answers PDF

Try Demo Before You Buy

Certification Exams with Helpful Questions And Answers

AWS Certified DevOps Engineer - Professional Questions and Answers

Question 1

A company uses AWS Secrets Manager to store a set of sensitive API keys that an AWS Lambda function uses. When the Lambda function is invoked, the Lambda function retrieves the API keys and makes an API call to an external service. The Secrets Manager secret is encrypted with the default AWS Key Management Service (AWS KMS) key.

A DevOps engineer needs to update the infrastructure to ensure that only the Lambda function's execution role can access the values in Secrets Manager. The solution must apply the principle of least privilege.

Which combination of steps will meet these requirements? (Select TWO.)

Options:

A.

Update the default KMS key for Secrets Manager to allow only the Lambda function's execution role to decrypt.

B.

Create a KMS customer managed key that trusts Secrets Manager and allows the Lambda function's execution role to decrypt. Update Secrets Manager to use the new customer managed key.

C.

Create a KMS customer managed key that trusts Secrets Manager and allows the account's :root principal to decrypt. Update Secrets Manager to use the new customer managed key.

D.

Ensure that the Lambda function's execution role has the KMS permissions scoped on the resource level. Configure the permissions so that the KMS key can encrypt the Secrets Manager secret.

E.

Remove all KMS permissions from the Lambda function's execution role.

Buy Now
Question 2

A security review has identified that an AWS CodeBuild project is downloading a database population script from an Amazon S3 bucket using an unauthenticated request. The security team does not allow unauthenticated requests to S3 buckets for this project.

How can this issue be corrected in the MOST secure manner?

Options:

A.

Add the bucket name to the AllowedBuckets section of the CodeBuild project settings. Update the build spec to use the AWS CLI to download the database population script.

B.

Modify the S3 bucket settings to enable HTTPS basic authentication and specify a token. Update the build spec to use cURL to pass the token and download the database population script.

C.

Remove unauthenticated access from the S3 bucket with a bucket policy. Modify the service role for the CodeBuild project to include Amazon S3 access. Use the AWS CLI to download the database population script.

D.

Remove unauthenticated access from the S3 bucket with a bucket policy. Use the AWS CLI to download the database population script using an IAM access key and a secret access key.

Question 3

A company updated the AWS Cloud Formation template for a critical business application. The stack update process failed due to an error in the updated template and AWS CloudFormation automatically began the stack rollback process Later a DevOps engineer discovered that the application was still unavailable and that the stack was in the UPDATE_ROLLBACK_FAILED state.

Which combination of actions should the DevOps engineer perform so that the stack rollback can complete successfully? (Select TWO.)

Options:

A.

Attach the AWSC loud Formation FullAccess IAM policy to the AWS CtoudFormation role.

B.

Automatically recover the stack resources by using AWS CloudFormation drift detection.

C.

Issue a ContinueUpdateRollback command from the AWS CloudFormation console or the AWS CLI.

D.

Manually adjust the resources to match the expectations of the stack.

E.

Update the existing AWS CloudFormation stack by using the original template.