Amazon Web Services DOP-C02 Online Access

B. Update the CodeBuild project role with the necessary permissions and then remove the AWS credentials from the environment variable. C. Store the DB_PASSWORD as a SecureString value in AWS Systems Manager Parameter Store and then remove the DB_PASSWORD from the environment variables. E. Use AWS Systems Manager run command versus scp and ssh commands directly to the instance.

The requirements demand very low data loss (RPO < 1 minute) and fast recovery (RTO < 10 minutes) across Regions . Snapshot/backup-based approaches (B, D) generally cannot meet an RPO under 1 minute (and restoring snapshots/backups typically pushes RTO higher than 10 minutes for many real-world DB sizes and restore times).

Option A is the only choice that is explicitly built around near-real-time replication to another Region (cross-Region replica) and an operational pattern to promote the standby and update Route 53 to redirect applications quickly during failover.

Multi-AZ addresses in-Region high availability , while the cross-Region replica + promotion addresses cross-Region DR with low RPO and acceptable RTO when automated.

Why the others don’t meet the stated RPO/RTO:

B : Copying snapshots every 5 minutes immediately violates RPO < 1 minute .

C : DMS replication could potentially be low-latency, but the option only mentions notifications (no automated failover/redirect) and does not provide the clearest/most direct managed HA+DR pattern for the required RTO < 10 minutes .

D : “Cross-Region backups every 30 seconds ” is not a standard practical backup cadence for AWS Backup with RDS, and restore-based DR still tends to miss the RTO/RPO targets compared with replica promotion.

The correct answer is C.

Option A is incorrect because using CloudWatch metrics to create a custom expression that identifies the CloudWatch log groups that have the most data being written to them is not a valid solution. CloudWatch metrics do not provide information about the size or volume of data being ingested by CloudWatch logs. CloudWatch metrics only provide information about the number of events, bytes, and errors that occur within a log group or stream. Moreover, creating a custom expression with CloudWatch metrics would require using the search_web tool, which is not necessary for this use case.

Option B is incorrect because using CloudWatch Logs Insights to create a set of queries for the application log groups to identify the number of logs written for a period of time is not a valid solution. CloudWatch Logs Insights can help analyze and filter log events based on patterns and expressions, but it does not provide information about the cost or billing of CloudWatch logs. CloudWatch Logs Insights also charges based on the amount of data scanned by each query, which could increase the logging costs further.

Option C is correct because using AWS Cost Explorer to generate a cost report that details the cost for CloudWatch usage is a valid solution. AWS Cost Explorer is a tool that helps visualize, understand, and manage AWS costs and usage over time. AWS Cost Explorer can generate custom reports that show the breakdown of costs by service, region, account, tag, or any other dimension. AWS Cost Explorer can also filter and group costs by usage type, which can help identify the specific CloudWatch log groups that are the source of the increased logging costs.

Option D is incorrect because using AWS CloudTrail to filter for CreateLogStream events for each application is not a valid solution. AWS CloudTrail is a service that records API calls and account activity for AWS services, including CloudWatch logs. However, AWS CloudTrail does not provide information about the cost or billing of CloudWatch logs. Filtering for CreateLogStream events would only show when a new log stream was created within a log group, but not how much data was ingested or stored by that log stream.