Free Practice Questions for AWS Certified DevOps Engineer - Professional (DOP-C02) Certification

Knowledge of:

- Software development lifecycle (SDLC) concepts, phases, and models - Pipeline deployment patterns for single- and multi-account environments

Skills in:

- Configuring code, image, and artifact repositories - Using version control to integrate pipelines with application environments - Setting up build processes (for example, AWS CodeBuild) - Managing build and deployment secrets (for example, AWS Secrets Manager, AWS Systems Manager Parameter Store) - Determining appropriate deployment strategies (for example, AWS CodeDeploy)

Knowledge of:

- Different types of tests (for example, unit tests, integration tests, acceptance tests, user interface tests, security scans) - Reasonable use of different types of tests at different stages of the CI/CD pipeline

Skills in:

- Running builds or tests when generating pull requests or code merges (for example, CodeBuild) - Running load/stress tests, performance benchmarking, and application testing at scale - Measuring application health based on application exit codes - Automating unit tests and code coverage - Invoking AWS services in a pipeline for testing

Knowledge of:

- Artifact use cases and secure management - Methods to create and generate artifacts - Artifact lifecycle considerations

Skills in:

- Creating and configuring artifact repositories (for example, AWS CodeArtifact, Amazon S3, Amazon Elastic Container Registry [Amazon ECR]) - Configuring build tools for generating artifacts (for example, CodeBuild, AWS Lambda) - Automating Amazon EC2 instance and container image build processes (for example, EC2 Image Builder)

Knowledge of:

- Deployment methodologies for various platforms (for example, Amazon EC2, Amazon Elastic Container Service [Amazon ECS], Amazon Elastic Kubernetes Service [Amazon EKS], Lambda) - Application storage patterns (for example, Amazon Elastic File System [Amazon EFS], Amazon S3, Amazon Elastic Block Store [Amazon EBS]) - Mutable deployment patterns in contrast to immutable deployment patterns - Tools and services available for distributing code (for example, CodeDeploy, Image Builder)

Skills in:

- Configuring security permissions to allow access to artifact repositories (for example, AWS Identity and Access Management [IAM], CodeArtifact) - Configuring deployment agents (for example, CodeDeploy agent) - Troubleshooting deployment issues - Using different deployment methods (for example, blue/green, canary)

Knowledge of:

- Infrastructure as code (IaC) options and tools for AWS - Change management processes for IaC-based platforms - Configuration management services and strategies

Skills in:

- Composing and deploying IaC templates (for example, AWS Serverless Application Model [AWS SAM], AWS CloudFormation, AWS Cloud Development Kit [AWS CDK]) - Applying CloudFormation stack sets across multiple accounts and AWS Regions - Determining optimal configuration management services (for example, AWS OpsWorks, AWS Systems Manager, AWS Config, AWS AppConfig) - Implementing infrastructure patterns, governance controls, and security standards into reusable IaC templates (for example, AWS Service Catalog, CloudFormation modules, AWS CDK)

Knowledge of:

- AWS account structures, best practices, and related AWS services

Skills in:

- Standardizing and automating account provisioning and configuration - Creating, consolidating, and centrally managing accounts (for example, AWS Organizations, AWS Control Tower) - Applying IAM solutions for multi-account and complex organization structures (for example, SCPs, assuming roles) - Implementing and developing governance and security controls at scale (AWS Config, AWS Control Tower, AWS Security Hub, Amazon Detective, Amazon GuardDuty, Service Catalog, SCPs)

Knowledge of:

- AWS services and solutions to automate tasks and processes - Methods and strategies to interact with the AWS software-defined infrastructure

Skills in:

- Automating system inventory, configuration, and patch management (for example, Systems Manager, AWS Config) - Developing AWS Lambda function automations for complex scenarios (for example, AWS SDKs, Lambda, AWS Step Functions) - Automating the configuration of software applications to the desired state (for example, OpsWorks, Systems Manager State Manager) - Maintaining software compliance (for example, Systems Manager)

Knowledge of:

- Multi-AZ and multi-Region deployments (for example, compute layer, data layer) - SLAs - Replication and failover methods for stateful services - Techniques to achieve high availability (for example, Multi-AZ, multi-Region)

Skills in:

- Translating business requirements into technical resiliency needs - Identifying and remediating single points of failure in existing workloads - Enabling cross-Region solutions where available (for example, Amazon DynamoDB, Amazon RDS, Amazon Route 53, Amazon S3, Amazon CloudFront) - Configuring load balancing to support cross-AZ services - Configuring applications and related services to support multiple Availability Zones and AWS Regions while minimizing downtime

Knowledge of:

- Appropriate metrics for scaling services - Loosely coupled and distributed architectures - Serverless architectures - Container platforms

Skills in:

- Identifying and remediating scaling issues - Identifying and implementing appropriate auto scaling, load balancing, and caching solutions - Deploying container-based applications (for example, Amazon Elastic Container Service [Amazon ECS], Amazon Elastic Kubernetes Service [Amazon EKS]) - Deploying workloads in multiple Regions for global scalability - Configuring serverless applications (for example, Amazon API Gateway, AWS Lambda, AWS Fargate)

Knowledge of:

- Disaster recovery concepts (for example, RTO, RPO) - AWS Backup and recovery strategies (for example, pilot light, warm standby) - Recovery procedures

Skills in:

- Testing failover of Multi-AZ and multi-Region workloads (for example, Amazon RDS, Amazon Aurora, Route 53, CloudFront) - Identifying and implementing appropriate cross-Region AWS Backup and recovery strategies (for example, AWS Backup, Amazon S3, AWS Systems Manager) - Configuring a load balancer to recover from backend failure

Knowledge of:

- How to monitor applications and infrastructure - Amazon CloudWatch metrics (for example, namespaces, metrics, dimensions, and resolution) - Real-time log ingestion - Encryption options for at-rest and in-transit logs and metrics (for example, client-side and server-side, AWS Key Management Service [AWS KMS]) - Security configurations (for example, IAM roles and permissions to allow for log collection)

Skills in:

- Securely storing and managing logs - Creating CloudWatch metrics from log events by using metric filters - Creating CloudWatch metric streams (for example, Amazon S3 or Amazon Kinesis Data Firehose options) - Collecting custom metrics (for example, using the CloudWatch agent) - Managing log storage lifecycles (for example, Amazon S3 lifecycles, CloudWatch log group retention) - Processing log data by using CloudWatch log subscriptions (for example, Amazon Kinesis, AWS Lambda, Amazon OpenSearch Service) - Searching log data by using filter and pattern syntax or Amazon CloudWatch Logs Insights - Configuring encryption of log data (for example, AWS KMS)

Knowledge of:

- Anomaly detection alarms (for example, CloudWatch anomaly detection) - Common CloudWatch metrics and logs (for example, CPU utilization with Amazon EC2, queue length with Amazon RDS, 5xx errors with an Application Load Balancer [ALB]) - Amazon Inspector and common assessment templates - AWS Config rules - AWS CloudTrail log events

Skills in:

- Building CloudWatch dashboards and Amazon QuickSight visualizations - Associating CloudWatch alarms with CloudWatch metrics (standard and custom) - Configuring AWS X-Ray for different services (for example, containers, Amazon API Gateway, Lambda) - Analyzing real-time log streams (for example, using Amazon Kinesis Data Streams) - Analyzing logs with AWS services (for example, Amazon Athena, CloudWatch Logs Insights)

Knowledge of:

- Event-driven, asynchronous design patterns (for example, S3 Event Notifications or Amazon EventBridge events to Amazon Simple Notification Service [Amazon SNS] or Lambda) - Capabilities of auto scaling for a variety of AWS services (for example, EC2 Auto Scaling groups, RDS storage auto scaling, Amazon DynamoDB, Amazon Elastic Container Service [Amazon ECS] capacity provider, Amazon Elastic Kubernetes Service [Amazon EKS] autoscalers) - Alert notification and action capabilities (for example, CloudWatch alarms to Amazon SNS, Lambda, EC2 automatic recovery) - Health check capabilities in AWS services (for example, ALB target groups, Amazon Route 53)

Skills in:

- Configuring solutions for auto scaling (for example, DynamoDB, EC2 Auto Scaling groups, RDS storage auto scaling, ECS capacity provider) - Creating CloudWatch custom metrics and metric filters, alarms, and notifications (for example, Amazon SNS, Lambda) - Configuring S3 events to process log files (for example, by using Lambda) and deliver log files to another destination (for example, OpenSearch Service, CloudWatch Logs) - Configuring EventBridge to send notifications based on a particular event pattern - Installing and configuring agents on EC2 instances (for example, AWS Systems Manager Agent [SSM Agent], CloudWatch agent) - Configuring AWS Config rules to remediate issues - Configuring health checks (for example, Route 53, ALB)

Knowledge of:

- AWS services that generate, capture, and process events (for example, AWS Health, Amazon EventBridge, AWS CloudTrail) - Event-driven architectures (for example, fan out, event streaming, queuing)

Skills in:

- Integrating AWS event sources (for example, AWS Health, EventBridge, CloudTrail) - Building event processing workflows (for example, Amazon Simple Queue Service [Amazon SQS], Amazon Kinesis, Amazon Simple Notification Service [Amazon SNS], AWS Lambda, AWS Step Functions)

Knowledge of:

- Fleet management services (for example, AWS Systems Manager, AWS Auto Scaling) - Configuration management services (for example, AWS Config)

Skills in:

- Applying configuration changes to systems - Modifying infrastructure configurations in response to events - Remediating a non-desired system state

Knowledge of:

- AWS metrics and logging services (for example, Amazon CloudWatch, AWS X-Ray) - AWS service health services (for example, AWS Health, CloudWatch, Systems Manager OpsCenter) - Root cause analysis

Skills in:

- Analyzing failed deployments (for example, AWS CodePipeline, AWS CodeBuild, AWS CodeDeploy, AWS CloudFormation, CloudWatch synthetic monitoring) - Analyzing incidents regarding failed processes (for example, auto scaling, Amazon Elastic Container Service [Amazon ECS], Amazon Elastic Kubernetes Service [Amazon EKS])

Knowledge of:

- Appropriate usage of different IAM entities for human and machine access (for example, users, groups, roles, identity providers, identity-based policies, resource-based policies, session policies) - Identity federation techniques (for example, using IAM identity providers and AWS IAM Identity Center) - Permission management delegation by using IAM permissions boundaries - Organizational SCPs

Skills in:

- Designing policies to enforce least privilege access - Implementing role-based and attribute-based access control patterns - Automating credential rotation for machine identities (for example, AWS Secrets Manager) - Managing permissions to control access to human and machine identities (for example, enabling multi-factor authentication [MFA], AWS Security Token Service [AWS STS], IAM profiles)

Knowledge of:

- Network security components (for example, security groups, network ACLs, routing, AWS Network Firewall, AWS WAF, AWS Shield) - Certificates and public key infrastructure (PKI) - Data management (for example, data classification, encryption, key management, access controls)

Skills in:

- Automating the application of security controls in multi-account and multi-Region environments (for example, AWS Security Hub, AWS Organizations, AWS Control Tower, AWS Systems Manager) - Combining security controls to apply defense in depth (for example, AWS Certificate Manager [ACM], AWS WAF, AWS Config, AWS Config rules, Security Hub, Amazon GuardDuty, security groups, network ACLs, Amazon Detective, Network Firewall) - Automating the discovery of sensitive data at scale (for example, Amazon Macie) - Encrypting data in transit and data at rest (for example, AWS Key Management Service [AWS KMS], AWS CloudHSM, ACM)

Knowledge of:

- Security auditing services and features (for example, AWS CloudTrail, AWS Config, VPC Flow Logs, AWS CloudFormation drift detection) - AWS services for identifying security vulnerabilities and events (for example, GuardDuty, Amazon Inspector, IAM Access Analyzer, AWS Config) - Common cloud security threats (for example, insecure web traffic, exposed AWS access keys, S3 buckets with public access enabled or encryption disabled)

Skills in:

- Implementing robust security auditing - Configuring alerting based on unexpected or anomalous security events - Configuring service and application logging (for example, CloudTrail, Amazon CloudWatch Logs) - Analyzing logs, metrics, and security findings