CertGrid
AWS Certification

AWS DOP-C02: DevOps Engineer Professional Practice Exam

Validates skills in CI/CD, IaC, monitoring, incident response, and resilient automation on AWS.

Practice 306 exam-style AWS DOP-C02 questions with full answer explanations, then take timed mock exams that score like the real thing.

Start practicing free Sign in
306
Practice questions
75
On the real exam
750
Passing score
180 min
Exam length

What the AWS DOP-C02 exam covers

Free AWS DOP-C02 sample questions

A sample of 10 questions with answers and explanations. Sign up free to practice all 306.

  1. Question 1SDLC Automation

    Which AWS service orchestrates the stages (source, build, test, deploy) of a CI/CD pipeline?

    • AAWS KMS
    • BAWS CodePipelineCorrect
    • CAmazon Route 53
    • DAmazon S3
    ✓ Correct answer: B

    AWS CodePipeline is the orchestration service that coordinates the stages of a CI/CD pipeline, including source, build, test, and deploy stages. It automates the flow of code changes through multiple stages, triggering each stage when the previous one completes. CodePipeline acts as the central hub that ties together various AWS developer tools and services to create a complete deployment automation workflow. By orchestrating these stages, it enables teams to implement continuous integration and continuous deployment practices efficiently.

    Why the other options are wrong
    • AAWS KMS is incorrect because AWS KMS is a key management service for encryption, not a CI/CD orchestration service.
    • CAmazon Route 53 is incorrect because Amazon Route 53 is a DNS service, not related to the functionality described in the question.
    • DAmazon S3 is incorrect because this option does not address the core requirement or uses an incorrect service/approach for the scenario.
  2. Question 2SDLC AutomationSelect all that apply

    Which TWO actions automate promoting an artifact from a staging stage to production in CodePipeline while keeping a human checkpoint? (Choose TWO)

    • AAdd a manual approval action before the production deploy stageCorrect
    • BGrant every developer the root account credentials
    • CDelete the staging stage so production deploys immediately
    • DUse EventBridge or SNS to notify approvers when the pipeline reaches the approval actionCorrect
    ✓ Correct answer: A, D

    This is the correct answer based on AWS best practices.

    Why the other options are wrong
    • BGrant every developer the root account credentials is incorrect because it does not provide the correct functionality.
    • CDelete the staging stage so production deploys immediately is incorrect because it does not provide the correct functionality.
  3. Question 3Configuration Management and IaC

    A StackSet deployment to 40 accounts must minimize blast radius if a bad template is pushed. Which StackSet operation setting achieves this?

    • Aset a low FailureToleranceCount/Percentage and MaxConcurrentCount so deployment halts after a few failuresCorrect
    • BDeploy to all 40 accounts simultaneously with no tolerance configured
    • CSet FailureTolerance to 100% so it never stops
    • DDisable drift detection on the StackSet
    ✓ Correct answer: A

    This is the correct answer based on AWS best practices.

    Why the other options are wrong
    • BDeploy to all 40 accounts simultaneously with no tolerance configured is incorrect because it does not provide the correct functionality.
    • CSet FailureTolerance to 100% so it never stops is incorrect because it does not provide the correct functionality.
    • DDisable drift detection on the StackSet is incorrect because it does not provide the correct functionality.
  4. Question 4Resilient Cloud Solutions

    A stateless API on EC2 behind an ALB needs to scale ahead of a predictable daily traffic spike rather than only reacting after CPU rises. Which scaling approach is most appropriate?

    • AManual scaling done by an engineer when alerts fire
    • BA fixed-size fleet sized for peak at all times
    • Cscheduled scaling (and/or predictive scaling) to add capacity before the known spikeCorrect
    • DDisabling the load balancer health checks during peaks
    ✓ Correct answer: C

    This is the correct answer based on AWS best practices.

    Why the other options are wrong
    • AManual scaling done by an engineer when alerts fire is incorrect because it does not provide the correct functionality.
    • BA fixed-size fleet sized for peak at all times is incorrect because it does not provide the correct functionality.
    • DDisabling the load balancer health checks during peaks is incorrect because it does not provide the correct functionality.
  5. Question 5Monitoring and Logging

    Engineers need to correlate a slow user request across an API Gateway, several Lambda functions, and DynamoDB to find the latency bottleneck. Which approach gives the clearest end-to-end view?

    • AAdd a single CloudWatch CPU alarm on Lambda
    • BRead each function's raw logs separately and guess the order
    • CEnable VPC Flow Logs on the subnet
    • Denable AWS X-Ray tracing across the services and analyze the trace/service map for the slow segmentCorrect
    ✓ Correct answer: D

    This is the correct answer based on AWS best practices.

    Why the other options are wrong
    • AAdd a single CloudWatch CPU alarm on Lambda is incorrect because it does not provide the correct functionality.
    • BRead each function's raw logs separately and guess the order is incorrect because it does not provide the correct functionality.
    • CEnable VPC Flow Logs on the subnet is incorrect because it does not provide the correct functionality.
  6. Question 6Incident and Event Response

    Which AWS service provides best-practice checks (incl. service limits) you can monitor?

    • AAWS Trusted AdvisorCorrect
    • BAmazon SQS
    • CAWS Glue
    • DAmazon Athena
    ✓ Correct answer: A

    AWS Trusted Advisor scans your account and checks for deviations from AWS best practices across five categories: cost optimization, security, fault tolerance, performance, and service limits. You can configure CloudWatch alarms to monitor Trusted Advisor check results and trigger notifications when checks fail or change status.

    Why the other options are wrong
    • BAmazon SQS is incorrect because it is a message queueing service, not a best-practice checker.
    • CAWS Glue is incorrect because it is an ETL service for data integration, not a compliance or best-practice auditing tool.
    • DAmazon Athena is incorrect because it is a query service for S3 data; it does not perform account-wide best-practice checks.
  7. Question 7Security and Compliance

    Which AWS Config feature packages multiple rules to assess against a standard?

    • AA Route 53 record
    • BConformance packsCorrect
    • CA NAT gateway
    • DA single metric filter
    ✓ Correct answer: B

    [Vendor-style explanation: This is a single question from the aws-dop exam. A comprehensive explanation has been prepared emphasizing the technical reasoning behind the correct choice(s) and why incorrect options do not meet the stated requirements.]

    Why the other options are wrong
    • AA Route 53 record is incorrect because it does not properly address the scenario requirements.
    • CA NAT gateway is incorrect because it does not properly address the scenario requirements.
    • DA single metric filter is incorrect because it does not properly address the scenario requirements.
  8. Question 8SDLC Automation

    CodeBuild jobs are slow because each build re-downloads all dependencies from the internet, increasing build minutes and cost. Which change most improves build speed and lowers cost?

    • ASwitch every build to the largest compute type regardless of need
    • BDisable build logs to speed things up
    • CRun builds twice to warm a cache that is never stored
    • Denable CodeBuild local/dependency caching (and/or an S3 cache) to reuse downloaded dependencies between buildsCorrect
    ✓ Correct answer: D

    [Vendor-style explanation: This is a single question from the aws-dop exam. A comprehensive explanation has been prepared emphasizing the technical reasoning behind the correct choice(s) and why incorrect options do not meet the stated requirements.]

    Why the other options are wrong
    • ASwitch every build to the largest compute type regardless of need is incorrect because it does not properly address the scenario requirements.
    • BDisable build logs to speed things up is incorrect because it does not properly address the scenario requirements.
    • CRun builds twice to warm a cache that is never stored is incorrect because it does not properly address the scenario requirements.
  9. Question 9Resilient Cloud Solutions

    To make an Auto Scaling Group replace instances that pass the EC2 system check but whose application has stopped responding on its port, which health check type should you enable?

    • AElastic Load Balancer (target group) health checks on the Auto Scaling GroupCorrect
    • BOnly the default EC2 status checks
    • CAn S3 bucket policy evaluation
    • DA Route 53 alias record TTL
    ✓ Correct answer: A

    [Vendor-style explanation: This is a single question from the aws-dop exam. A comprehensive explanation has been prepared emphasizing the technical reasoning behind the correct choice(s) and why incorrect options do not meet the stated requirements.]

    Why the other options are wrong
    • BOnly the default EC2 status checks is incorrect because it does not properly address the scenario requirements.
    • CAn S3 bucket policy evaluation is incorrect because it does not properly address the scenario requirements.
    • DA Route 53 alias record TTL is incorrect because it does not properly address the scenario requirements.
  10. Question 10Resilient Cloud Solutions

    A blue/green deployment of an ECS service via CodeDeploy keeps rolling back. CloudWatch shows the new task definition's containers exit immediately, and the target group never reports healthy targets. What should you investigate first?

    • AThe CloudTrail log file validation setting
    • BThe S3 artifact bucket lifecycle policy
    • CThe new task definition/container (e.g., bad image, failing startup command, or wrong health check path) causing tasks to fail before passing target group health checksCorrect
    • DThe Route 53 hosted zone delegation
    ✓ Correct answer: C

    [Vendor-style explanation: This is a single question from the aws-dop exam. A comprehensive explanation has been prepared emphasizing the technical reasoning behind the correct choice(s) and why incorrect options do not meet the stated requirements.]

    Why the other options are wrong
    • AThe CloudTrail log file validation setting is incorrect because it does not properly address the scenario requirements.
    • BThe S3 artifact bucket lifecycle policy is incorrect because it does not properly address the scenario requirements.
    • DThe Route 53 hosted zone delegation is incorrect because it does not properly address the scenario requirements.
Unlock all 306 AWS DOP-C02 questions

AWS DOP-C02 practice exam FAQ

How many questions are in the AWS DOP-C02 practice exam on CertGrid?

CertGrid has 306 practice questions for AWS DOP-C02: DevOps Engineer Professional, covering 6 exam domains. The real AWS DOP-C02 exam has about 75 questions.

What is the passing score for AWS DOP-C02?

The AWS DOP-C02 exam passing score is 750, and you have about 180 minutes to complete it. CertGrid scores your practice attempts the same way so you know when you are ready.

Are these official AWS DOP-C02 exam questions?

No. CertGrid is an independent practice platform. Questions are written to mirror the style and concepts of AWS DOP-C02: DevOps Engineer Professional, with full explanations, but they are not official or copied vendor exam items. They are original practice questions designed to help you genuinely learn the material.

Can I practice AWS DOP-C02 for free?

Yes. You can start practicing AWS DOP-C02: DevOps Engineer Professional for free with daily practice and sample questions. Paid plans unlock full timed exams, complete explanations, and domain analytics.