Free Practice Questions for Amazon Web Services DOP-C02 Exam

To analyze and find the number of logins for a specific user from the past 7 days, a CloudWatch Logs Insights query is the most suitable solution. CloudWatch Logs Insights enables you to interactively search and analyze your log data in Amazon CloudWatch Logs. You can use the query language to perform queries that contain multiple commands, including aggregation functions, which can count the occurrences of logins for a specific username over a specified time period. This approach is more direct and efficient than creating a metric filter or subscription, which would require additional steps to publish and sum a metric. References: AWS Certified DevOps Engineer - Professional, CloudWatch Logs Insights query syntax, Tutorial: Run a query with an aggregation function, Add or remove a number widget from a CloudWatch dashboard.

 Step 1: Creating a Centralized Domain in the Shared Services Account

To manage application package dependencies across multiple accounts, the most efficient solution is to create a centralized domain in the shared services account. This allows all application teams to access and manage package repositories within the same domain, ensuring consistency and centralization.

Action: Create a domain in the shared services account.

Why: A single, centralized domain reduces the need for redundant management in each application team's account.

 The UserData property of the AWS: AutoScaling: LaunchConfiguration resource can be used to specify a script that runs when the EC2 instances are launched. This script can include the ECS cluster name as an environment variable for the ECS agent running on the EC2 instances. This way, the EC2 instances will register with the correct ECS cluster. Option A is incorrect because the AWS: ECS: Cluster resource does not have a property to reference the EC2 instances. Option C is incorrect because the EC2 instances are launched by the Auto Scaling group, not by the AWS: EC2: Instance resource. Option D is incorrect because using a custom resource and a Lambda function is unnecessary and overly complex for this scenario. References: AWS::AutoScaling::LaunchConfiguration, Amazon ECS Container Agent Configuration

ECR Lifecycle Policies automatically manage image retention based on tag status, age, or count. They execute natively within the ECR service, requiring no external management or scripts — the least overhead and AWS-recommended cleanup method.

AWS X-Ray provides distributed tracing, which allows visualization of latencies and errors within microservices, pinpointing bottlenecks or delays.

Instrumenting application code with the X-Ray SDK and running the X-Ray daemon as a DaemonSet in EKS ensures tracing data is collected cluster-wide.

Container Insights (Option B) provides resource-level metrics but not detailed request tracing.

CloudWatch alarms and alerts (Option C) detect symptoms but don't provide root cause tracing.

Increasing timeouts (Option D) only masks the issue and does not diagnose it.

 Step 1: Attaching the CloudWatchAgentServerPolicy to the IAM Role

The CloudWatch agent needs permissions to collect and send metrics, including memory metrics, to Amazon CloudWatch. You can attach the CloudWatchAgentServerPolicy managed IAM policy to the IAM instance profile or service account role to grant these permissions.

Action: Attach the CloudWatchAgentServerPolicy managed IAM policy to the IAM instance profile that the EKS cluster uses.

Why: This ensures the CloudWatch agent has the necessary permissions to collect memory metrics.

The root cause of the problem is that the RDS PostgreSQL instance is exceeding its database connection limit due to high volumes of concurrent GET requests. The most efficient and lowest-effort remediation is to reduce the number of connections that reach the database and serve as many reads as possible from a cache layer. Option B accomplishes both goals with minimal changes to the existing architecture.

First, RDS Proxy manages database connections efficiently by pooling and reusing them. This reduces connection churn and prevents the Lambda function from opening excessive concurrent connections during traffic spikes. RDS Proxy is natively integrated with RDS and requires only minor configuration changes without altering application logic.

Second, enabling API Gateway caching allows caching GET responses directly at the API layer. Because over 90% of requests are GET operations, enabling caching drastically reduces traffic hitting both Lambda and RDS, significantly improving performance and lowering connection pressure.

Option C also improves read scaling, but adding ElastiCache introduces additional infrastructure and requires modifying application code to query Redis before querying the database. This is more complex than enabling API Gateway caching. Options A and D require full database migration, which is far more labor-intensive.

Option B is the simplest, most effective, and most aligned with AWS best practices for reducing RDS connection saturation.

 To optimize the Macie costs for the account without compromising the account’s functionality, the DevOps engineer needs to exclude S3 buckets that do not contain sensitive data from automated discovery. S3 buckets that contain CloudTrail logs are unlikely to have sensitive data, and Macie charges for scanning and monitoring data in S3 buckets. Therefore, excluding S3 buckets that contain CloudTrail logs from automated discovery can reduce Macie costs. Similarly, configuring discovery jobs to include S3 objects based on the last modified criterion can also reduce Macie costs, as it will only scan and monitor new or updated objects, rather than all objects in the bucket.

The company needs multi-Region data persistence with immediate propagation and minimal operational overhead. For S3, the correct mechanism is S3 replication (Cross-Region Replication or Same-Region Replication), which continuously and asynchronously replicates new objects as they are written. Configuring two-way replication between the primary and secondary Region buckets ensures that objects written in either Region are replicated to the other automatically without custom code.

For DynamoDB, the native solution for multi-Region replication is DynamoDB global tables. Global tables provide multi-master, multi-Region replication with low-latency reads and writes in each Region and automatic propagation of changes. Converting existing tables into global tables and adding the secondary Region as a replica gives immediate, managed cross-Region replication with minimal maintenance.

Option A combines these two fully managed features: two-way S3 replication and DynamoDB global tables. This yields the highest operational efficiency.

Options B, C, and D rely on S3 Batch Operations or DynamoDB Streams + Lambda to manually copy data cross-Region. These approaches add complexity, custom code, and operational risk, and they are less suitable when AWS provides managed replication mechanisms specifically designed for this purpose.

Therefore, Option A is the correct and most efficient solution.