Free DOP-C02 Practice Questions
(AWS Certified DevOps Engineer - Professional)

Explanation: AWS CodePipeline orchestrating CodeBuild, CodeDeploy for ECS, and ECR provides a fully managed, automated CI/CD pipeline with native support for blue/green deployments and rollback capabilities for ECS, ensuring zero downtime and high efficiency. Using Jenkins on EC2 for CI/CD, while possible, introduces significant operational overhead for managing the Jenkins server itself compared to AWS's managed services.

Explanation: AWS CloudFormation Hooks allow you to run custom logic before or after resource creation/update, enabling proactive enforcement of security policies like S3 encryption and public access blocking directly within the IaC deployment process with minimal operational overhead. While AWS Config rules can detect non-compliance, they are reactive and remediate after deployment, which is less efficient and secure than proactive enforcement during the deployment itself.

Explanation: Service Control Policies (SCPs) in AWS Organizations enable central control over the maximum available permissions for all accounts in an Organizational Unit (OU), effectively preventing the deployment of prohibited services at a global level with highest efficiency. IAM policies attached to individual users (the primary distractor) would be unmanageable at scale across many accounts and users, leading to significantly higher operational overhead and potential for misconfiguration.

Explanation: Using CloudWatch Alarms to detect high memory utilization (via custom metrics) and triggering an SNS topic for alerts, combined with a Systems Manager Automation document to gracefully restart instances, provides an automated, efficient, and low-overhead remediation solution. A custom Lambda function polling instance health every minute (the primary distractor) would introduce additional cost for Lambda invocations and potentially be less robust than a CloudWatch alarm's direct integration with metrics, making it less efficient.

Explanation: A Multi-Region active/standby deployment using Amazon RDS read replicas (or a similar data replication mechanism like `pg_replication` for PostgreSQL) with custom promotion logic provides the lowest RTO and RPO for cross-region disaster recovery, often achieving RTO in minutes and RPO in seconds. Daily RDS snapshots copied to another Region (the primary distractor) would result in a much higher RTO and RPO (potentially 24 hours of data loss), failing to meet the specified recovery objectives.

Explanation: Using Amazon CloudWatch Logs and CloudWatch Metrics, especially with the embedded metric format, provides a fully managed, serverless solution for centralized logging, metric extraction, and visualization with minimal operational overhead for Fargate applications. Deploying a custom ELK stack on EC2 instances (the primary distractor) introduces significant operational burden for provisioning, scaling, and maintaining the EC2 instances and the ELK stack components.

Explanation: An AWS Config rule that detects non-compliant S3 buckets and automatically triggers a Lambda function to remediate (e.g., set public access block) and send notifications provides the highest security and least operational overhead. While S3 Block Public Access settings for the entire account can prevent future public access, it might not address existing non-compliant buckets and lacks the notification and granular remediation capabilities of a Config rule with Lambda.

Explanation: Blue/green deployments managed by AWS CodeDeploy on an Auto Scaling group provide a robust strategy for zero-downtime deployments with easy rollback capabilities, significantly reducing operational overhead compared to manual methods. In-place deployments (the primary distractor) involve updating instances directly, which can lead to downtime during the update process and complex rollback procedures, making them less efficient for critical applications.

Explanation: AWS CodeArtifact is a fully managed artifact repository service that integrates seamlessly with build tools and provides secure, versioned storage for various package types, while ECR (Elastic Container Registry) is specifically for Docker images, together offering the most efficient solution for artifact management. Using Amazon S3 buckets with versioning (the primary distractor) can store artifacts but lacks the native package management features, integration with build tools, and discoverability of CodeArtifact, leading to higher operational overhead.

Explanation: A Pilot Light strategy, combined with Amazon Aurora Global Database for low RPO data replication and AMI backups for EC2, efficiently meets the RTO/RPO requirements while minimizing ongoing costs by only keeping essential resources running in the secondary Region. A Warm Standby deployment (the primary distractor) would have higher ongoing costs because more resources are fully active in the secondary Region than required by the Pilot Light model, making it less cost-efficient.