Amazon DOP-C01 Online Practice Questions and Exam Preparation

Amazon DOP-C01 Online Questions & Answers

• Question 291:

  How long are the messages kept on an SQS queue by default?

  A. If a message is not read, it is never deleted
  B. 2 weeks
  C. 1 day
  D. 4 days
  D. 4 days

  ---

  The SQS message retention period is configurable and can be set anywhere from 1 minute to 2 weeks. The default is 4 days and once the message retention limit is reached your messages will be automatically deleted. The option for longer message retention provides greater flexibility to allow for longer intervals between message production and consumption.

• Question 292:

  What is required to achieve gigabit network throughput on EC2? You already selected cluster-compute, 10GB instances with enhanced networking, and your workload is already network-bound, but you are not seeing 10 gigabit speeds.

  A. Enable biplex networking on your servers, so packets are non-blocking in both directions and there's no switching overhead.
  B. Ensure the instances are in different VPCs so you don't saturate the Internet Gateway on any one VPC.
  C. Select PIOPS for your drives and mount several, so you can provision sufficient disk throughput.
  D. Use a placement group for your instances so the instances are physically near each other in the same Availability Zone.
  D. Use a placement group for your instances so the instances are physically near each other in the same Availability Zone.

  ---

  You are not guaranteed 10gigabit performance, except within a placement group. A placement group is a logical grouping of instances within a single Availability Zone. Using placement groups enables applications to participate in a low-latency, 10 Gbps network. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both. Reference: http:// docs.aws.amazon.com/AWSEC2/latest/UserGuide/placementgroups.html

• Question 293:

  When thinking of DynamoDB, what are true of Global Secondary Key properties?

  A. The partition key and sort key can be different from the table.
  B. Only the partition key can be different from the table.
  C. Either the partition key or the sort key can be different from the table, but not both.
  D. Only the sort key can be different from the table.
  A. The partition key and sort key can be different from the table.

  ---

  Global secondary index ?an index with a partition key and a sort key that can be different from those on the table. A global secondary index is considered "global" because queries on the index can span all of the data in a table, across all partitions.

  Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/SecondaryIndexes.html

• Question 294:

  A Developer is maintaining a fleet of 50 Amazon EC2 Linux servers. The servers are part of an Amazon EC2 Auto Scaling group, and also use Elastic Load Balancing for load balancing. Occasionally, some application servers are being

  terminated after failing ELB HTTP health checks. The Developer would like to perform a root cause analysis on the issue, but before being able to access application logs, the server is terminated.

  How can log collection be automated?

  A. Use Auto Scaling lifecycle hooks to put instances in a Pending:Wait state. Create an Amazon CloudWatch Alarm for EC2 Instance Terminate Successful and trigger an AWS Lambda function that executes an SSM Run Command script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.
  B. Use Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state. Create a Config rule for EC2 Instance-terminate Lifecycle Action and trigger a step function that executes a script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.
  C. Use Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state. Create an Amazon CloudWatch subscription filter for EC2 Instance Terminate Successful and trigger a CloudWatch agent that executes a script to called logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.
  D. Use Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state. Create an Amazon CloudWatch Events rule for EC2 Instance-terminate Lifecycle Action and trigger an AWS Lambda function that executes a SSM Run Command script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.
  D. Use Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state. Create an Amazon CloudWatch Events rule for EC2 Instance-terminate Lifecycle Action and trigger an AWS Lambda function that executes a SSM Run Command script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.

• Question 295:

  The resources for a business-critical, three-tier web application are expressed in a series of AWS CloudFormation templates. The application is using Amazon RDS for data and Amazon ElastiCache for session state. Users have reported degraded performance in the application. A DevOps Engineer notices that the T2 instance type is being used for the application tier and CPU usage is at 100% in Amazon CloudWatch.

  What process should the Engineer follow to restore operations with the LEAST amount of disruption to the end users?

  A. Write a new CloudFormation template to include Amazon CloudFront in the environment, launch the stack, and update the Amazon Route 53 A record
  B. Launch a new CloudFormation stack for the application tier using the M4 instance type, run acceptance tests against the new stack, and update the Amazon Route 53 A record
  C. Update the CloudFormation stack for the application tier using the T2 Unlimited option, run acceptance tests against the new stack, and update the Amazon Route 53 A record
  D. Launch a new CloudFormation stack for all tiers of the application in a different region, run acceptance tests against the new stack, and update the Amazon Route 53 A record
  B. Launch a new CloudFormation stack for the application tier using the M4 instance type, run acceptance tests against the new stack, and update the Amazon Route 53 A record

• Question 296:

  A software company wants to automate the build process for a project where the code is stored in GitHub. When the repository is updated, source code should be compiled, tested, and pushed to Amazon S3.

  Which combination of steps would address these requirements? (Choose three.)

  A. Add a buildspec.yml file to the source code with build instructions.
  B. Configure a GitHub webhook to trigger a build every time a code change is pushed to the repository.
  C. Create an AWS CodeBuild project with GitHub as the source repository.
  D. Create an AWS CodeDeploy application with the Amazon EC2/On-Premises compute platform.
  E. Create an AWS OpsWorks deployment with the install dependencies command.
  F. Provision an Amazon EC2 instance to perform the build.
  A. Add a buildspec.yml file to the source code with build instructions.
  B. Configure a GitHub webhook to trigger a build every time a code change is pushed to the repository.
  C. Create an AWS CodeBuild project with GitHub as the source repository.

• Question 297:

  A company gives its employees limited rights to AWS. DevOps engineers have the ability to assume an administrator role. For tracking purposes, the security team wants to receive a near-real-time notification when the administrator role is assumed.

  How should this be accomplished?

  A. Configure AWS Config to publish logs to an Amazon S3 bucket. Use Amazon Athena to query the logs and send a notification to the security team when the administrator role is assumed.
  B. Configure Amazon GuardDuty to monitor when the administrator role is assumed and send a notification to the security team.
  C. Create an Amazon EventBridge (Amazon CloudWatch Events) event rule using an AWS Management Console sign-in events event pattern that publishes a message to an Amazon SNS topic if the administrator role is assumed.
  D. Create an Amazon EventBridge (Amazon CloudWatch Events) events rule using an AWS API call that uses an AWS CloudTrail event pattern to trigger an AWS Lambda function that publishes a message to an Amazon SNS topic if the administrator role is assumed.
  C. Create an Amazon EventBridge (Amazon CloudWatch Events) event rule using an AWS Management Console sign-in events event pattern that publishes a message to an Amazon SNS topic if the administrator role is assumed.

  ---

  Reference: https://docs.aws.amazon.com/eventbridge/latest/userguide/user-guide.pdf

• Question 298:

  A company is required to collect user consent to a privacy agreement. An application is deployed in six AWS Regions with two in North America, two in Europe, and two in Asia with a user base of 20-30 million users. The company needs to read and write data related to each user's response, and ensure the responses are available in all six Regions.

  What solution will satisfy these requirements while MINIMIZING latency?

  A. Implement Amazon Aurora Global Database in each of the six Regions.
  B. Implement Amazon DocumentDB (with MongoDB compatibility) in each of the six Regions.
  C. Implement Amazon DynamoDB global tables in each of the six Regions.
  D. Implement Amazon ElastiCache for Redis replication group in each of the six Regions.
  C. Implement Amazon DynamoDB global tables in each of the six Regions.

• Question 299:

  A legacy web application stores access logs in a proprietary text format. One of the security requirements is to search application access events and correlate them with access data from many different systems.

  These searches should be near-real time.

  Which solution offloads the processing load on the application server and provides a mechanism to search the data in near-real time?

  A. Install the Amazon CloudWatch Logs agent on the application server and use CloudWatch Events rules to search logs for access events. Use Amazon CloudSearch as an interface to search for events.
  B. Use the third-party file-input plugin Logstash to monitor the application log file, then use a custom dissect filter on the agent to parse the log entries into the JSON format. Output the events to Amazon ES to be searched. Use the Elasticsearch API for querying the data.
  C. Upload the log files to Amazon S3 by using the S3 sync command. Use Amazon Athena to define the structure of the data as a table, with Athena SQL queries to search for access events.
  D. Install the Amazon Kinesis Agent on the application server, configure it to monitor the log files, and send it to a Kinesis stream. Configure Kinesis to transform the data by using an AWS Lambda function, and forward events to Amazon ES for analysis. Use the Elasticsearch API for querying the data.
  D. Install the Amazon Kinesis Agent on the application server, configure it to monitor the log files, and send it to a Kinesis stream. Configure Kinesis to transform the data by using an AWS Lambda function, and forward events to Amazon ES for analysis. Use the Elasticsearch API for querying the data.

• Question 300:

  From a compliance and security perspective, which of these statements is true?

  A. You do not ever need to rotate access keys for AWS IAM Users.
  B. You do not ever need to rotate access keys for AWS IAM Roles, nor AWS IAM Users.
  C. None of the other statements are true.
  D. You do not ever need to rotate access keys for AWS IAM Roles.
  D. You do not ever need to rotate access keys for AWS IAM Roles.

  ---

  IAM Role Access Keys are auto-rotated by AWS on your behalf; you do not need to rotate them. The application is granted the permissions for the actions and resources that you've defined for the role through the security credentials associated with the role. These security credentials are temporary and we rotate them automatically. We make new credentials available at least five minutes prior to the expiration of the old credentials. Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html