Amazon DOP-C01 Online Practice Questions and Exam Preparation

Amazon DOP-C01 Online Questions & Answers

• Question 261:

  A DevOps engineer at a company is supporting an AWS environment in which all users use AWS Single Sign-On. The company wants to immediately disable credentials of any new IAM user and wants the security team to receive a notification.

  Which combination of steps should the DevOps engineer take to meet these requirements? (Choose three.)

  A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that reacts to an IAM CreateUser API call in AWS CloudTrail.
  B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that reacts to an IAM GetLoginProfile API call in AWS CloudTrail.
  C. Create an AWS Lambda function that is a target of the EventBridge (CloudWatch Events) rule. Configure the Lambda function to disable any access keys and delete the login profiles that are associated with the IAM user.
  D. Create an AWS Lambda function that is a target of the EventBridge (CloudWatch Events) rule. Configure the Lambda function to delete the login profiles that are associated with the IAM user.
  E. Create an Amazon Simple Notification Service (Amazon SNS) topic that is a target of the EventBridge (CloudWatch Events) rule. Subscribe the security team's group email address to the topic.
  F. Create an Amazon Simple Queue Service (Amazon SQS) queue that is a target of the Lambda function. Subscribe the security team's group email address to the queue.
  C. Create an AWS Lambda function that is a target of the EventBridge (CloudWatch Events) rule. Configure the Lambda function to disable any access keys and delete the login profiles that are associated with the IAM user.
  D. Create an AWS Lambda function that is a target of the EventBridge (CloudWatch Events) rule. Configure the Lambda function to delete the login profiles that are associated with the IAM user.
  E. Create an Amazon Simple Notification Service (Amazon SNS) topic that is a target of the EventBridge (CloudWatch Events) rule. Subscribe the security team's group email address to the topic.

• Question 262:

  What is the expected behavior if Ansible is called with `ansible-playbook -i localhost playbook.yml'?

  A. Ansible will attempt to read the inventory file named `localhost'
  B. Ansible will run the plays locally.
  C. Ansible will run the playbook on the host named `localhost'
  D. Ansible won't run, this is invalid command line syntax
  A. Ansible will attempt to read the inventory file named `localhost'

  ---

  Ansible expects an inventory filename with the `-i' option, regardless if it is a valid hostname. For this to execute on the host `localhost' resolves to, a comma needs to be appended to the end.

  Reference: http://docs.ansible.com/ansible/intro_inventory.html#inventory

• Question 263:

  A Development team is currently using AWS CodeDeploy to deploy an application revision to an Auto Scaling group. If the deployment process fails, it must be rolled back automatically and a notification must be sent. What is the MOST effective configuration that can satisfy all of the requirements?

  A. Create Amazon CloudWatch Events rules for CodeDeploy operations. Configure a CloudWatch Events rule to send out an Amazon SNS message when the deployment fails. Configure CodeDeploy to automatically roll back when the deployment fails.
  B. Use available Amazon CloudWatch metrics for CodeDeploy to create CloudWatch alarms. Configure CloudWatch alarms to send out an Amazon SNS message when the deployment fails. Use AWS CLI to redeploy a previously deployed revision.
  C. Configure a CodeDeploy agent to create a trigger that will send notification to Amazon SNS topics when the deployment fails. Configure CodeDeploy to automatically roll back when the deployment fails.
  D. Use AWS CloudTrail to monitor API calls made by or on behalf of CodeDeploy in the AWS account. Send an Amazon SNS message when deployment fails. Use AWS CLI to redeploy a previously deployed revision.
  A. Create Amazon CloudWatch Events rules for CodeDeploy operations. Configure a CloudWatch Events rule to send out an Amazon SNS message when the deployment fails. Configure CodeDeploy to automatically roll back when the deployment fails.

• Question 264:

  When Ansible's connection state is set to `remote', what method of communication does Ansible utilize to run commands on the remote target host?

  A. SSH
  B. RSH
  C. PSExec
  D. API call to Ansible client on host
  A. SSH

  ---

  Explanation: Ansible does not require a client/server architecture and makes all remote connections over SSH. Ansible utilizes the Paramiko Python libraries for SSH when the native system OpenSSH libraries do not meet the requirements. Also note, Ansible does require Python be installed on the target host. When the target host is Windows, it uses WinRS

  Reference: http://docs.ansible.com/ansible/intro_getting_started.html#remote-connection-information

• Question 265:

  A DevOps Engineer needs to design and implement a backup mechanism for Amazon EFS. The Engineer is given the following requirements:

  1. The backup should run on schedule.

  2. The backup should be stopped if the backup window expires.

  3. The backup should be stopped if the backup completes before the backup window.

  4. The backup logs should be retained for further analysis.

  5. The design should support highly available and fault-tolerant paradigms.

  6. Administrators should be notified with backup metadata.

  Which design will meet these requirements?

  A. Use AWS Lambda with an Amazon CloudWatch Events rule for scheduling the start/stop of backup activity. Run backup scripts on Amazon EC2 in an Auto Scaling group. Use Auto Scaling lifecycle hooks and the SSM Run Command on EC2 for uploading backup logs to Amazon S3. Use Amazon SNS to notify administrators with backup activity metadata.
  B. Use Amazon SWF with an Amazon CloudWatch Events rule for scheduling the start/stop of backup activity. Run backup scripts on Amazon EC2 in an Auto Scaling group. Use Auto Scaling lifecycle hooks and the SSM Run Command on EC2 for uploading backup logs to Amazon Redshift. Use CloudWatch Alarms to notify administrators with backup activity metadata.
  C. Use AWS Data Pipeline with an Amazon CloudWatch Events rule for scheduling the start/stop of backup activity. Run backup scripts on Amazon EC2 in a single Availability Zone. Use Auto Scaling lifecycle hooks and the SSM Run Command on EC2 for uploading the backup logs to Amazon RDS. Use Amazon SNS to notify administrators with backup activity metadata.
  D. Use AWS CodePipeline with an Amazon CloudWatch Events rule for scheduling the start/stop of backup activity. Run backup scripts on Amazon EC2 in a single Availability Zone. Use Auto Scaling lifecycle hooks and the SSM Run Command on Amazon EC2 for uploading backup logs to Amazon S3. Use Amazon SES to notify admins with backup activity metadata.
  A. Use AWS Lambda with an Amazon CloudWatch Events rule for scheduling the start/stop of backup activity. Run backup scripts on Amazon EC2 in an Auto Scaling group. Use Auto Scaling lifecycle hooks and the SSM Run Command on EC2 for uploading backup logs to Amazon S3. Use Amazon SNS to notify administrators with backup activity metadata.

• Question 266:

  A DevOps engineer is deploying an AWS Service Catalog portfolio using AWS CodePipeline. The pipeline should create products and templates based on a manifest file in either JSON or YAML, and should enforce security requirements on all AWS Service Catalog products managed through the pipeline.

  Which solution will meet the requirements in an automated fashion?

  A. Use the AWS Service Catalog deploy action in AWS CodeDeploy to push new versions of products into the AWS Service Catalog with verification steps in the CodeDeploy AppSpec.
  B. Use the AWS Service Catalog deploy action in AWS CodeBuild to verify and push new versions of products into the AWS Service Catalog.
  C. Use an AWS Lambda action in CodePipeline to run a Lambda function to verify and push new versions of products into the AWS Service Catalog.
  D. Use an AWS Lambda action in AWS CodeBuild to run a Lambda function to verify and push new versions of products into the AWS Service Catalog.
  A. Use the AWS Service Catalog deploy action in AWS CodeDeploy to push new versions of products into the AWS Service Catalog with verification steps in the CodeDeploy AppSpec.

• Question 267:

  You currently run your infrastructure on Amazon EC2 instances behind an Auto Scaling group. All logs for you application are currently written to ephemeral storage. Recently your company experienced a major bug in code that made it through testing and was ultimately deployed to your fleet. This bug triggered your Auto Scaling group to scale up and back down before you could successfully retrieve the logs off your server to better assist you in troubleshooting the bug. Which technique should you use to make sure you are able to review your logs after your instances have shut down?

  A. Configure the ephemeral policies on your Auto Scaling group to back up on terminate.
  B. Configure your Auto Scaling policies to create a snapshot of all ephemeral storage on terminate.
  C. Install the CloudWatch Logs Agent on your AMI, and configure CloudWatch Logs Agent to stream your logs.
  D. Install the CloudWatch monitoring agent on your AMI, and set up new SNS alert for CloudWatch metrics that triggers the CloudWatch monitoring agent to backup all logs on the ephemeral drive.
  E. Install the CloudWatch monitoring agent on your AMI, Update your Auto Scaling policy to enable automated CloudWatch Log copy.
  C. Install the CloudWatch Logs Agent on your AMI, and configure CloudWatch Logs Agent to stream your logs.

• Question 268:

  A DevOps engineer is tasked with creating a more stable deployment solution for a web application in AWS. Previous deployments have resulted in user-facing bugs, premature user traffic, and inconsistencies between web servers running behind an Application Load Balancer. The current strategy uses AWS CodeCommit to store the code for the application. When developers push to the master branch of the repository, CodeCommit triggers an AWS Lambda deploy function, which invokes an AWS Systems Manager run command to build and deploy the new code to all Amazon EC2 instances.

  Which combination of actions should be taken to implement a more stable deployment solution? (Choose two.)

  A. Create a pipeline in AWS CodePipeline with CodeCommit as a source provider. Create parallel pipeline stages to build and test the application. Pass the build artifact to AWS CodeDeploy.
  B. Create a pipeline in AWS CodePipeline with CodeCommit as a source provider. Create separate pipeline stages to build and then test the application. Pass the build artifact to AWS CodeDeploy.
  C. Create and use an AWS CodeDeploy application and deployment group to deploy code updates to the EC2 fleet. Select the Application Load Balancer for the deployment group.
  D. Create individual Lambda functions to run all build, test, and deploy actions using AWS CodeDeploy instead of AWS Systems Manager.
  E. Modify the Lambda function to build a single application package to be shared by all instances. Use AWS CodeDeploy instead of AWS Systems Manager to update the code on the EC2 fleet.
  A. Create a pipeline in AWS CodePipeline with CodeCommit as a source provider. Create parallel pipeline stages to build and test the application. Pass the build artifact to AWS CodeDeploy.
  D. Create individual Lambda functions to run all build, test, and deploy actions using AWS CodeDeploy instead of AWS Systems Manager.

• Question 269:

  A company runs several applications across multiple AWS accounts in an organization in AWS Organizations. Some of the resources are not tagged properly and the company's finance team cannot determine which costs are associated with which applications. A DevOps engineer must remediate this issue and prevent this issue from happening in the future.

  Which combination of actions should the DevOps engineer take to meet these requirements? (Choose two.)

  A. Activate the user-defined cost allocation tags in each AWS account.
  B. Create and attach an SCP that requires a specific tag.
  C. Define each line of business (LOB) in AWS Budgets. Assign the required tag to each resource.
  D. Scan all accounts with Tag Editor. Assign the required tag to each resource.
  E. Use the budget report to find untagged resources. Assign the required tag to each resource.
  C. Define each line of business (LOB) in AWS Budgets. Assign the required tag to each resource.
  D. Scan all accounts with Tag Editor. Assign the required tag to each resource.

• Question 270:

  A company has an application that is using a MySQL-compatible Amazon Aurora Multi-AZ DB cluster as the database. A cross-Region read replica has been created for disaster recovery purposes. A DevOps engineer wants to automate the promotion of the replica so it becomes the primary database instance in the event of a failure.

  Which solution will accomplish this?

  A. Configure a latency-based Amazon Route 53 CNAME with health checks so it points to both the primary and replica endpoints. Subscribe an Amazon SNS topic to Amazon RDS failure notifications from AWS CloudTrail and use that topic to trigger an AWS Lambda function that will promote the replica instance as the master.
  B. Create an Aurora custom endpoint to point to the primary database instance. Configure the application to use this endpoint. Configure AWS CloudTrail to run an AWS Lambda function to promote the replica instance and modify the custom endpoint to point to the newly promoted instance.
  C. Create an AWS Lambda function to modify the application's AWS Cloud Formation template to promote the replica, apply the template to update the stack, and point the application to the newly promoted instance. Create an Amazon CloudWatch alarm to trigger this Lambda function after the failure event occurs.
  D. Store the Aurora endpoint in AWS Systems Manager Parameter Store. Create an Amazon EventBridge (Amazon CloudWatch Events) event that defects the database failure and runs an AWS Lambda function to promote the replica instance and update the endpoint URL stored in AWS Systems Manager Parameter Store. Code the application to reload the endpoint from Parameter Store if a database connection fails.
  B. Create an Aurora custom endpoint to point to the primary database instance. Configure the application to use this endpoint. Configure AWS CloudTrail to run an AWS Lambda function to promote the replica instance and modify the custom endpoint to point to the newly promoted instance.