Amazon DOP-C01 Online Practice
Questions and Exam Preparation
DOP-C01 Exam Details
Exam Code
:DOP-C01
Exam Name
:AWS Certified DevOps Engineer - Professional (DOP-C01)
Certification
:Amazon Certifications
Vendor
:Amazon
Total Questions
:559 Q&As
Last Updated
:Dec 22, 2024
Amazon DOP-C01 Online Questions &
Answers
Question 101:
You need to know when you spend $1000 or more on AWS. What's the easy way for you to see that notification?
A. AWS CloudWatch Events tied to API calls, when certain thresholds are exceeded, publish to SNS. B. Scrape the billing page periodically and pump into Kinesis. C. AWS CloudWatch Metrics + Billing Alarm + Lambda event subscription. When a threshold is exceeded, email the manager. D. Scrape the billing page periodically and publish to SNS.
C. AWS CloudWatch Metrics + Billing Alarm + Lambda event subscription. When a threshold is exceeded, email the manager.
Explanation: Even if you're careful to stay within the free tier, it's a good idea to create a billing alarm to notify you if you exceed the limits of the free tier. Billing alarms can help to protect you against unknowingly accruing charges if you inadvertently use a service outside of the free tier or if traffic exceeds your expectations.
Your CTO thinks your AWS account was hacked. What is the only way to know for certain if there was unauthorized access and what they did, assuming your hackers are very sophisticated AWS engineers and doing everything they can to cover their tracks?
A. Use CloudTrail Log File Integrity Validation. B. Use AWS Config SNS Subscriptions and process events in real time. C. Use CloudTrail backed up to AWS S3 and Glacier. D. Use AWS Config Timeline forensics.
A. Use CloudTrail Log File Integrity Validation.
You must use CloudTrail Log File Validation (default or custom implementation), as any other tracking method is subject to forgery in the event of a full account compromise by sophisticated enough hackers. Validated log files are invaluable in security and forensic investigations. For example, a validated log file enables you to assert positively that the log file itself has not changed, or that particular user credentials performed specific API activity. The CloudTrail log file integrity validation process also lets you know if a log file has been deleted or changed, or assert positively that no log files were delivered to your account during a given period of time.
A company's popular global web application is hosted on Amazon EC2 instances behind an Application Load Balancer (ALB) using an Auto Scaling group. The company is launching a new feature and expects unpredictable spikes in web traffic. The site currently includes a large amount of media content, and the new feature adds the ability to submit ratings and comments that will be stored in a new Amazon DynamoDB table. A DevOps Engineer is tasked with ensuring the web application can scale with the increased traffic and workload
Which combination of steps will accomplish this? (Choose two.)
A. Configure an Amazon CloudFront distribution to cache the web application's static and dynamic content. B. Configure the web application's ALB to cache content in Amazon ElastiCache, honoring the HTTP cache headers. C. Process the new ratings and comments asynchronously using Amazon SQS. D. Replace the DynamoDB table with DynamoDB Accelerator to store the ratings and comments to reduce latency. E. Set up AWS Global Accelerator to cache static content and pass dynamic requests to the web application's ALB endpoint.
A. Configure an Amazon CloudFront distribution to cache the web application's static and dynamic content. C. Process the new ratings and comments asynchronously using Amazon SQS.
Question 104:
An application is running on Amazon EC2. It has an attached IAM role that is receiving an AccessDenied error while trying to access a SecureString parameter resource in the AWS Systems Manager Parameter Store. The SecureString parameter is encrypted with a customer-managed Customer Master Key (CMK),
What steps should the DevOps Engineer take to grant access to the role while granting least privilege? (Choose three.)
A. Set ssm:GetParamter for the parameter resource in the instance role's IAM policy. B. Set kms:Decrypt for the instance role in the customer-managed CMK policy. C. Set kms:Decrypt for the customer-managed CMK resource in the role's IAM policy. D. Set ssm:DecryptParameter for the parameter resource in the instance role IAM policy. E. Set kms:GenerateDataKey for the user on the AWS managed SSM KMS key. F. Set kms:Decrypt for the parameter resource in the customer-managed CMK policy.
A. Set ssm:GetParamter for the parameter resource in the instance role's IAM policy. B. Set kms:Decrypt for the instance role in the customer-managed CMK policy. C. Set kms:Decrypt for the customer-managed CMK resource in the role's IAM policy.
Which is the proper syntax for referencing a variable's value in an Ansible task?
A. ${variable_name} B. { variable_name } C. "{{ variable_name }}" D. @variable_name
C. "{{ variable_name }}"
We use the variable's name to reference the variable which we encapsulate in curly brackets `{{ }}'; however, the YAML syntax dictates that a string beginning with a curly bracket denotes a dictionary value. To get around this, it is proper to wrap the variable declaration in quotes.
A company is using AWS Organizations and wants to implement a governance strategy with the following requirements:
AWS resource access is restricted to the same two Regions for all accounts.
AWS services are limited to a specific group of authorized services for all accounts.
Authentication is provided by Active Directory.
Access permissions are organized by job function and are identical in each account.
Which solution will meet these requirements?
A. Establish an organizational unit (OU) with group policies in the master account to restrict Regions and authorized services. Use AWS CloudFormation StackSets to provision roles with permissions for each job function, including an IAM trust policy for IAM identity provider authentication in each account. B. Establish a permission boundary in the master account to restrict Regions and authorized services. Use AWS CloudFormation StackSet to provision roles with permissions for each job function, including an IAM trust policy for IAM identity provider authentication in each account. C. Establish a service control in the master account to restrict Regions and authorized services. Use AWS Resource Access Manager to share master account roles with permissions for each job function, including AWS SSO for authentication in each account. D. Establish a service control in the master account to restrict Regions and authorized services. Use CloudFormation StackSet to provision roles with permissions for each job function, including an IAM trust policy for IAM identity provider authentication in each account.
A. Establish an organizational unit (OU) with group policies in the master account to restrict Regions and authorized services. Use AWS CloudFormation StackSets to provision roles with permissions for each job function, including an IAM trust policy for IAM identity provider authentication in each account.
Question 107:
For AWS CloudFormation, which is true?
A. Custom resources using SNS have a default timeout of 3 minutes. B. Custom resources using SNS do not need a ServiceToken property. C. Custom resources using Lambda and Code.ZipFile allow inline nodejs resource composition. D. Custom resources using Lambda do not need a ServiceTokenproperty
C. Custom resources using Lambda and Code.ZipFile allow inline nodejs resource composition.
Code is a property of the AWS::Lambda::Function resource that enables to you specify the source code of an AWS Lambda (Lambda) function. You can point to a file in an Amazon Simple Storage Service (Amazon S3) bucket or specify your source code as inline text (for nodejs runtime environments only).
A company wants to migrate a legacy application to AWS and develop a deployment pipeline that uses AWS services only. A DevOps engineer is migrating all of the application code from a Git repository to AWS CodeCommit while preserving the history of the repository. The DevOps engineer has set all the permissions within CodeCommit, installed the Git client and the AWS CLI on a local computer, and is ready to migrate the repository.
Which actions will follow?
A. Create the CodeCommit repository using the AWS CLI. Clone the Git repository directly to CodeCommit using the AWS CLI. Validate that the files were migrated, and publish the CodeCommit repository. B. Create the CodeCommit repository using the AWS Management Console. Clone both the Git and CodeCommit repositories to the local computer. Copy the files from the Git repository to the CodeCommit repository on the local computer. Commit the CodeCommit repository. Validate that the files were migrated, and share the CodeCommit repository. C. Create the CodeCommit repository using the AWS Management Console. Use the console to clone the Git repository into the CodeCommit repository. Validate that the files were migrated, and publish the CodeCommit repository. D. Create the CodeCommit repository using the AWS Management Console or the AWS CLI. Clone the Git repository with a mirror argument to the local computer and push the repository to CodeCommit. Validate that the files were migrated, and share the CodeCommit repository.
A. Create the CodeCommit repository using the AWS CLI. Clone the Git repository directly to CodeCommit using the AWS CLI. Validate that the files were migrated, and publish the CodeCommit repository.
Question 109:
A production account has a requirement that any Amazon EC2 instance that has been logged into manually must be terminated within 24 hours. All applications in the production account are using Auto Scaling groups with Amazon
CloudWatch Logs agent configured.
How can this process be automated?
A. Create a CloudWatch Logs subscription to an AWS Step Functions application. Configure the function to add a tag to the EC2 instance that produced the login event and mark the instance to be decommissioned. Then create a CloudWatch Events rule to trigger a second AWS Lambda function once a day that will terminate all instances with this tag. B. Create a CloudWatch alarm that will trigger on the login event. Send the notification to an Amazon SNS topic that the Operations team is subscribed to, and have them terminate the EC2 instance within 24 hours. C. Create a CloudWatch alarm that will trigger on the login event. Configure the alarm to send to an Amazon SQS queue. Use a group of worker instances to process messages from the queue, which then schedules the Amazon CloudWatch Events rule to trigger. D. Create a CloudWatch Logs subscription in an AWS Lambda function. Configure the function to add a tag to the EC2 instance that produced the login event and mark the instance to be decommissioned. Create a CloudWatch Events rule to trigger a daily Lambda function that terminates all instances with this tag.
D. Create a CloudWatch Logs subscription in an AWS Lambda function. Configure the function to add a tag to the EC2 instance that produced the login event and mark the instance to be decommissioned. Create a CloudWatch Events rule to trigger a daily Lambda function that terminates all instances with this tag.
Question 110:
The Development team has grown substantially in recent months and so has the number of projects that use separate code repositories. The current process involves configuring AWS CodePipeline manually. There have been service limit alerts regarding the number of Amazon S3 buckets that exist.
Which pipeline option will reduce S3 bucket sprawl alerts?
A. Combine the multiple separate code repositories into a single one, and deploy using an AWS CodePipeline that has logic for each project. B. Create new pipelines by using the AWS API or AWS CLI, and configure them to use a single S3 bucket with separate prefixes for each project. C. Create a new pipeline in a different region for each project to bypass the service limits for S3 buckets in a single region. D. Create a new pipeline and S3 bucket for each project by using the AWS API or AWS CLI to bypass the service limits for S3 buckets in a single account.
B. Create new pipelines by using the AWS API or AWS CLI, and configure them to use a single S3 bucket with separate prefixes for each project.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your DOP-C01 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.