Amazon DOP-C01 Online Practice Questions and Exam Preparation

Amazon DOP-C01 Online Questions & Answers

• Question 311:

  A web application for healthcare services runs on Amazon EC2 instances behind an ELB Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. A DevOps Engineer must create a mechanism in which an EC2 instance can be taken out of production so its system logs can be analyzed for issues to quickly troubleshoot problems on the web tier.

  How can the Engineer accomplish this task while ensuring availability and minimizing downtime?

  A. Implement EC2 Auto Scaling groups cooldown periods. Use EC2 instance metadata to determine the instance state, and an AWS Lambda function to snapshot Amazon EBS volumes to preserve system logs.
  B. Implement Amazon CloudWatch Events rules. Create an AWS Lambda function that can react to an instance termination to deploy the CloudWatch Logs agent to upload the system and access logs to Amazon S3 for analysis.
  C. Terminate the EC2 instances manually. The Auto Scaling service will upload all log information to CloudWatch Logs for analysis prior to instance termination.
  D. Implement EC2 Auto Scaling groups with lifecycle hooks. Create an AWS Lambda function that can modify an EC2 instance lifecycle hook into a standby state, extract logs from the instance through a remote script execution, and place them in an Amazon S3 bucket for analysis.
  D. Implement EC2 Auto Scaling groups with lifecycle hooks. Create an AWS Lambda function that can modify an EC2 instance lifecycle hook into a standby state, extract logs from the instance through a remote script execution, and place them in an Amazon S3 bucket for analysis.

• Question 312:

  If I want CloudFormation stack status updates to show up in a continuous delivery system in as close to real time as possible, how should I achieve this?

  A. Use a long-poll on the Resources object in your CloudFormation stack and display those state changes in the UI for the system.
  B. Use a long-poll on the ListStacksAPI call for your CloudFormation stack and display those state changes in the UI for the system.
  C. Subscribe your continuous delivery system to an SNS topic that you also tell your CloudFormation stack to publish events into.
  D. Subscribe your continuous delivery system to an SQS queue that you also tell your CloudFormation stack to publish events into.
  C. Subscribe your continuous delivery system to an SNS topic that you also tell your CloudFormation stack to publish events into.

  ---

  Use NotificationARNs.member.N when making a CreateStack call to push stack events into SNS in nearly real-time. Reference: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-monitor-s tack.html

• Question 313:

  A company runs an application consisting of an AWS CodeDeploy deployment group that uses Auto Scaling and an Application Load Balancer. The application deployments are automated using AWS CodePipeline, which consists of AWS CodeCommit as the source and AWS CodeDeploy as the deployment provider.

  After a recent successful deployment, the application experienced an outage for several minutes until the deployment was manually rolled back. A DevOps engineer verified that the pipeline was successful and did not indicate any errors, but found that the code caused the application to become unresponsive after several hours.

  Which actions will help to prevent future downtime in similar situations? (Choose two.)

  A. Configure a TCP health check for the Auto Scaling target group on a listening port of the application.
  B. Configure an HTTP or HTTPS health check for the Auto Scaling target group to check a specific application path.
  C. Create a script to test the application health and execute the script during the BeforeInstall lifecycle hook in the CodeDeploy appspec.yml file.
  D. Update the CodeDeploy deployment group to roll back automatically to the previous version if the deployment fails.
  E. Update the CodeDeploy deployment group to roll back based on a custom Amazon CloudWatch alarm using an application status metric.
  C. Create a script to test the application health and execute the script during the BeforeInstall lifecycle hook in the CodeDeploy appspec.yml file.
  E. Update the CodeDeploy deployment group to roll back based on a custom Amazon CloudWatch alarm using an application status metric.

• Question 314:

  You want to build a new search tool feature for your monitoring system that will allow your information security team to quickly audit all API calls in your AWS accounts. What combination of AWS services can you use to develop and automate the backend processes supporting this tool? (Choose three.)

  A. Create an Amazon CloudSearch domain for API call logs. Configure the search domain so that it can be used to index API call logs for the search tool.
  B. Use AWS CloudTrail to store API call logs in an Amazon S3 bucket. Configure an Amazon Simple Notification Service topic called "log-notification" that notifies subscribers when new logs are available. Subscribe an Amazon SQS queue to the topic.
  C. Use Amazon Cloudwatch to ship AWS CloudTrail logs to your monitoring system.
  D. Create an AWS Elastic Beanstalk application in worker role mode that uses an Amazon Simple Email Service (SES) domain to facilitate batch processing new API call log files retrieved from an Amazon S3 bucket into a search index.
  E. Use AWS CloudTrail to store API call logs in an Amazon S3 bucket. Configure Amazon Simple Email Service (SES) to notify subscribers when new logs are available. Subscribe an Amazon SQS queue to the email domain.
  F. Create Amazon Cloudwatch custom metrics for the API call logs. Configure a Cloudwatch search domain so that it can be used to index API call logs for the search tool.
  G. Create an AWS Elastic Beanstalk application in worker role mode that uses an Amazon SQS queue to facilitate batch processing new API call log files retrieved from an Amazon S3 bucket into a search index.
  A. Create an Amazon CloudSearch domain for API call logs. Configure the search domain so that it can be used to index API call logs for the search tool.
  B. Use AWS CloudTrail to store API call logs in an Amazon S3 bucket. Configure an Amazon Simple Notification Service topic called "log-notification" that notifies subscribers when new logs are available. Subscribe an Amazon SQS queue to the topic.
  G. Create an AWS Elastic Beanstalk application in worker role mode that uses an Amazon SQS queue to facilitate batch processing new API call log files retrieved from an Amazon S3 bucket into a search index.

• Question 315:

  A company runs a production application workload in a single AWS account that uses Amazon Route 53, AWS Elastic Beanstalk, and Amazon RDS. In the event of a security incident, the Security team wants the application workload to fail

  over to a new AWS account. The Security team also wants to block all access to the original account immediately, with no access to any AWS resources in the original AWS account, during forensic analysis.

  What is the most cost-effective way to prepare to fail over to the second account prior to a security incident?

  A. Migrate the Amazon Route 53 configuration to a dedicated AWS account. Mirror the Elastic Beanstalk configuration in a different account. Enable RDS Database Read Replicas in a different account.
  B. Migrate the Amazon Route 53 configuration to a dedicated AWS account. Save/copy the Elastic Beanstalk configuration files in a different AWS account. Copy snapshots of the RDS Database to a different account.
  C. Save/copy the Amazon Route 53 configurations for use in a different AWS account after an incident. Save/copy Elastic Beanstalk configuration files to a different account. Enable the RDS database read replica in a different account.
  D. Save/copy the Amazon Route 53 configurations for use in a different AWS account after an incident. Mirror the configuration of Elastic Beanstalk in a different account. Copy snapshots of the RDS database to a different account.
  A. Migrate the Amazon Route 53 configuration to a dedicated AWS account. Mirror the Elastic Beanstalk configuration in a different account. Enable RDS Database Read Replicas in a different account.

• Question 316:

  A DevOps engineer is currently running a container-based workload on-premises The engineer wants to move the application to AWS, but needs to keep the on-premises solution active because not all APIs will move at the same time. The

  traffic between AWS and the on-premises network should be secure and encrypted at all times. Low management overload is also a requirement.

  Which combination of actions will meet these criteria? (Select THREE.)

  A. Create a Network Load Balancer and. for each service, create a listener that points to the correct set of containers either in AWS or on-premises.
  B. Create an Application Load Balancer and, for each service, create a listener that points to the correct set of containers either in AWS or on-premises.
  C. Host the AWS containers in Amazon ECS with an EC2 launch type.
  D. Host the AWS containers in Amazon ECS with a Fargate launch type.
  E. Use Amazon API Gateway to front the workload, and create a VPC link so API Gateway can forward API calls to the on-premises network through a VPN connection.
  F. Use Amazon API Gateway to front the workload, and set up public endpoints for the onpremises APIs so API Gateway can access them.
  B. Create an Application Load Balancer and, for each service, create a listener that points to the correct set of containers either in AWS or on-premises.
  D. Host the AWS containers in Amazon ECS with a Fargate launch type.
  F. Use Amazon API Gateway to front the workload, and set up public endpoints for the onpremises APIs so API Gateway can access them.

• Question 317:

  A security review has identified that an AWS CodeBuild project is downloading a database population script from an Amazon S3 bucket using an unauthenticated request. The Security team does not allow unauthenticated requests to S3 buckets for this project.

  How can this issue be corrected in the MOST secure manner?

  A. Add the bucket name to the AllowedBuckets section of the CodeBuild project settings. Update the build spec to use the AWS CLI to download the database population script.
  B. Modify the S3 bucket settings to enable HTTPS basic authentication and specify a token. Update the build spec to use cURL to pass the token and download the database population script.
  C. Remove unauthenticated access from the S3 bucket with a bucket policy. Modify the service role for the CodeBuild project to include Amazon S3 access. Use the AWS CLI to download the database population script.
  D. Remove unauthenticated access from the S3 bucket with a bucket policy. Use the AWS CLI to download the database population script using an IAM access key and a secret access key.
  C. Remove unauthenticated access from the S3 bucket with a bucket policy. Modify the service role for the CodeBuild project to include Amazon S3 access. Use the AWS CLI to download the database population script.

• Question 318:

  When running a playbook on a remote target host you receive a Python error similar to "[Errno 13] Permission denied: `/home/nick/.ansible/tmp'. What would be the most likely cause of this problem?

  A. The user's home or `.ansible' directory on the Ansible system is not writeable by the user running the play.
  B. The specified user does not exist on the remote system.
  C. The user running `ansible-playbook' must run it from their own home directory.
  D. The user's home or `.ansible' directory on the Ansible remote host is not writeable by the user running the play
  D. The user's home or `.ansible' directory on the Ansible remote host is not writeable by the user running the play

  ---

  Each task that Ansible runs calls a module. When Ansible uses modules, it copies the module to the remote target system. In the error above it attempted to copy it to the remote user's home directory and found that either the home directory or the `.ansible' directory were not writeable and thus could not continue.

  Reference: http://docs.ansible.com/ansible/modules_intro.html

• Question 319:

  A company is implementing an Amazon ECS cluster to run its workload. The company architecture will run multiple ECS services on the cluster, with an Application Load Balancer on the front end, using multiple target groups to route traffic. The Application Development team has been struggling to collect logs that must be collected and sent to an Amazon S3 bucket for near-real time analysis What must the DevOps Engineer configure in the deployment to meet these requirements? (Choose three.)

  A. Install the Amazon CloudWatch Logs logging agent on the ECS instances. Change the logging driver in the ECS task definition to 'awslogs'.
  B. Download the Amazon CloudWatch Logs container instance from AWS and configure it as a task. Update the application service definitions to include the logging task.
  C. Use Amazon CloudWatch Events to schedule an AWS Lambda function that will run every 60 seconds running the create-export -task CloudWatch Logs command, then point the output to the logging S3 bucket.
  D. Enable access logging on the Application Load Balancer, then point it directly to the S3 logging bucket.
  E. Enable access logging on the target groups that are used by the ECS services, then point it directly to the S3 logging bucket.
  F. Create an Amazon Kinesis Data Firehose with a destination of the S3 logging bucket, then create an Amazon CloudWatch Logs subscription filter for Kinesis.
  A. Install the Amazon CloudWatch Logs logging agent on the ECS instances. Change the logging driver in the ECS task definition to 'awslogs'.
  D. Enable access logging on the Application Load Balancer, then point it directly to the S3 logging bucket.
  F. Create an Amazon Kinesis Data Firehose with a destination of the S3 logging bucket, then create an Amazon CloudWatch Logs subscription filter for Kinesis.

• Question 320:

  You have written a server-side Node.Js application and a web application with an HTML/JavaScript front end that uses the Angular.js framework. The server-side application connects to an Amazon Redshift cluster, issues queries, and then returns the results to the front end for display. Your user base is very large and distributed, but it is important to keep the cost of running this application low. Which deployment strategy is both technically valid and the most cost-effective?

  A. Deploy an AWS Elastic Beanstalk application with two environments: one for the Node.js application and another for the web front end. Launch an Amazon Redshift cluster, and point your application to its Java Database Connectivity (JDBC) endpoint.
  B. Deploy an AWS OpsWorks stack with three layers: a static web server layer for your front end, a Node.js app server layer for your server-side application, and a Redshift DB layer for your Amazon Redshift duster.
  C. Upload the HTML, CSS, images, and JavaScript for the front end to an Amazon Simple Storage Service (S3) bucket. Create an Amazon CloudFront distribution with this bucket as its origin. Use AWS Elastic Beanstalk to deploy the Node.js application. Launch an Amazon Redshift cluster, and point your application to its JDBC endpoint.
  D. Upload the HTML, CSS, images, and JavaScript for the front end, plus the Node.js code for the server- side application, to an Amazon S3 bucket. Create a CloudFront distribution with this bucket as its origin. Launch an Amazon Redshift cluster, and point your application to its JDBC endpoint.
  E. Upload the HTML, CSS, images, and JavaScript for the front end to an Amazon S3 bucket. Use AWS Elastic Beanstalk to deploy the Node.js application. Launch an Amazon Redshift cluster, and point your application to its JDBC endpoint.
  C. Upload the HTML, CSS, images, and JavaScript for the front end to an Amazon Simple Storage Service (S3) bucket. Create an Amazon CloudFront distribution with this bucket as its origin. Use AWS Elastic Beanstalk to deploy the Node.js application. Launch an Amazon Redshift cluster, and point your application to its JDBC endpoint.