TechPracticeExams
← Back to all articles
AWSDOP-C02Practice QuestionsCertificationDevOps

DOP-C02 Practice Questions

10 June 2026·4 min read·By Jacob
25% off
$7.99$5.99
one-time payment
Start practising →

Lifetime access · No subscription

7-day money-back guarantee

One-time offer for AWS Certified DevOps Engineer Professional (DOP-C02) Practice Exams! Expires in

15:00
  • Practice question sets with real exam scenarios
  • Detailed explanations for every answer, right or wrong
  • Topic mode to drill specific exam domains
  • Exam simulator timed to match the real exam format

These questions cover CI/CD pipeline design and deployment strategies — the core of DOP-C02 and where professional-level questions test architectural reasoning rather than just service knowledge.

Question 1

A team needs a CI/CD pipeline that deploys to us-east-1 and eu-west-1 with independent rollback capability per region. Which architecture is correct?

  • A) One CodePipeline in us-east-1 with parallel action groups deploying to both regions
  • B) One CodePipeline with a cross-region action that copies artifacts and deploys to eu-west-1
  • C) A separate CodePipeline in each region, with artifacts promoted from the source region
  • D) A single CodeDeploy deployment group spanning both regions
<details> <summary>Show Answer & Explanation</summary>

Answer: C — Separate CodePipeline in each region

Independent rollback per region requires independent pipelines. If a deployment fails in eu-west-1, rolling back the pipeline in that region doesn't affect us-east-1's state. A single pipeline controlling both regions means a rollback in one affects the other.

Best practice for multi-region CI/CD:

  1. Build artifacts once in a primary region
  2. Copy to S3 buckets in each target region (CodePipeline cross-region artifact replication)
  3. Run separate pipelines in each target region using the copied artifacts
  4. Each pipeline has its own approval gates, rollback, and deployment history

CodePipeline does support cross-region actions in a single pipeline, but that doesn't provide independent rollback — rolling back the single pipeline rolls back all regions simultaneously.

</details>

Question 2

A team uses CodeDeploy to release a new version of their application. They want to shift traffic gradually over 10 minutes, with automatic rollback if error rates exceed 5%. Which deployment configuration achieves this?

  • A) In-place deployment with a OneAtATime configuration
  • B) Blue/green deployment with a Linear10PercentEvery1Minute traffic shift and CloudWatch alarm rollback
  • C) In-place deployment with AllAtOnce and a pre-deployment Lambda hook
  • D) Blue/green deployment with AllAtOnce traffic shift and manual rollback only
<details> <summary>Show Answer & Explanation</summary>

Answer: B — Blue/green with linear traffic shift and alarm-based rollback

CodeDeploy supports three traffic shifting configurations for blue/green deployments:

ConfigurationBehaviour
AllAtOnceAll traffic shifts immediately
Canary10Percent5Minutes10% first, then all after 5 min
Linear10PercentEvery1Minute10% more every minute (100% at 10 min)

Alarm-based rollback integrates CloudWatch alarms with CodeDeploy. If the configured alarm triggers (e.g., error rate > 5%), CodeDeploy automatically rolls back by shifting traffic back to the original (blue) environment.

In-place deployments replace the running application on existing instances — they don't support traffic shifting or instant rollback by keeping the old environment.

</details>

Question 3

A pipeline in Account A needs to deploy to an ECS cluster in Account B. What is the most secure way to authorise the cross-account deployment?

  • A) Store Account B IAM user credentials in CodePipeline environment variables
  • B) Create a cross-account IAM role in Account B with a trust policy for Account A's CodePipeline service role
  • C) Share Account B's root credentials with the Account A pipeline
  • D) Add the Account A pipeline's IP address to Account B's security groups
<details> <summary>Show Answer & Explanation</summary>

Answer: B — Cross-account IAM role with a trust policy

Cross-account deployments use IAM role assumption. The flow is:

  1. Create an IAM role in Account B with permissions for ECS deployments
  2. Set the role's trust policy to allow sts:AssumeRole from Account A's CodePipeline service role
  3. In Account A's pipeline, configure the deployment action to assume the Account B role
{
  "Effect": "Allow",
  "Principal": {
    "AWS": "arn:aws:iam::ACCOUNT_A_ID:role/CodePipelineServiceRole"
  },
  "Action": "sts:AssumeRole"
}

This uses temporary credentials (no long-lived keys), follows least privilege, and is fully auditable via CloudTrail. Storing IAM user credentials is an anti-pattern — static keys are a significant security risk and can't be easily rotated without pipeline downtime.

</details>

Key Takeaways

  • Multi-region independent rollback requires separate CodePipeline instances, not a single multi-region pipeline
  • Blue/green + Linear10PercentEvery1Minute + CloudWatch alarm = gradual rollout with automatic rollback
  • Cross-account deployments use IAM role assumption via trust policies — never static IAM user credentials

Ready to test your knowledge?

AWS Certified DevOps Engineer Professional (DOP-C02) Practice Exams

Put what you've learned to the test with practice questions that mirror the real exam.

Start Practising →

Related Articles

Getting Started with DOP-C02

8 min read

How Hard Is the AWS DOP-C02 Exam?

6 min read

Free AWS DOP-C02 Practice Exams

2 min read

← Back to all articles