Amazon Web Services Updated DOP-C02 Exam Questions and Answers by emaan

Mutual TLS (mTLS) authentication requires two-way authentication between the client and the server. For Amazon API Gateway, you can enable mTLS for a custom domain name, which requires clients to present X.509 certificates to verify their identity to access your API. To set up mTLS, you would typically use AWS Certificate Manager (ACM) to create a private certificate authority (CA) and provision a client certificate signed by this private CA. The root CA certificate is then uploaded to an Amazon S3 bucket and configured in API Gateway as the trust store12.

Introducing mutual TLS authentication for Amazon API Gateway1.

Configuring mutual TLS authentication for a REST API2.

AWS Private Certificate Authority details3.

AWS Certificate Manager Private Certificate Authority updates4.

S3 cross-Region replication (CRR) automatically replicates data between buckets across different AWS Regions. To enable CRR, you need to add a replication configuration to your source bucket that specifies the destination bucket, the IAM role, and the encryption type (optional). You also need to grant permissions to the IAM role to perform replication actions on both the source and destination buckets. Additionally, you can choose the destination storage class and enable additional replication options such as S3 Replication Time Control (S3 RTC) or S3 Batch Replication. https://medium.com/cloud-techies/s3-same-region-replication-srr-and-cross-region-replication-crr-34d446806bab https://aws.amazon.com/getting-started/hands-on/replicate-data-using-amazon-s3-replication/ https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html

CodeDeploy deployment failures must be diagnosed using deployment-specific logs and related application logs. CodeDeploy writes detailed logs on the target EC2 instances under /opt/codedeploy-agent/deployment-root/ (for example in logs and deployment-logs subdirectories). These logs include information about lifecycle events (BeforeInstall, AfterInstall, ApplicationStart, etc.), script execution failures, permissions issues, and any exit codes returned by deployment hooks.

Option C correctly points to CodeDeploy agent logs on the EC2 instances as the primary source for root cause analysis. Additionally, application-level logs streamed to Amazon CloudWatch Logs help validate whether the application itself is working correctly after deployment. For complex, multi-tier applications, AWS X-Ray can trace requests end to end, helping determine if issues are caused by downstream dependencies instead of the deployment process.

Options A, B, and D focus on network flow, generic performance, or high-level checks, none of which provide sufficient, deployment-level detail for CodeDeploy. Trusted Advisor and AWS Health do not surface step-by-step deployment log data. Therefore, the combination of CodeDeploy logs on the instances, CloudWatch Logs, and (optionally) X-Ray is the correct troubleshooting approach.

https://docs.aws.amazon.com/cli/latest/reference/cloudformation/continue-update-rollback.html For a specified stack that is in the UPDATE_ROLLBACK_FAILED state, continues rolling it back to the UPDATE_ROLLBACK_COMPLETE state. Depending on the cause of the failure, you can manually fix the error and continue the rollback. By continuing the rollback, you can return your stack to a working state (the UPDATE_ROLLBACK_COMPLETE state), and then try to update the stack again.