Amazon DOP-C01 Online Practice Questions and Exam Preparation

Amazon DOP-C01 Online Questions & Answers

• Question 341:

  A company must ensure consistent behavior of an application running on Amazon Linux in its corporate ecosystem before moving into AWS. The company has an existing automated server build system using VMware. The goal is to

  demonstrate the functionality of the application and its prerequisites on the new target operating system.

  The DevOps Engineer needs to use the existing corporate server pipeline and virtualization software to create a server image. The server image will be tested on-premises to resemble the build on Amazon EC2 as closely as possible.

  How can this be accomplished?

  A. Download and integrate the latest ISO of CentOS 7 and execute the application deployment on the resulting server.
  B. Launch an Amazon Linux AMI using an AWS OpsWorks deployment agent onto the on-premises infrastructure, then execute the application deployment.
  C. Build an EC2 instance with the latest Amazon Linux operating system, and use the AWS Import/Export service to export the EC2 image to a VMware ISO in Amazon S3. Then import the resulting ISO onto the on-premises system.
  D. Download and integrate the latest ISO of Amazon Linux 2 and execute the application deployment on the resulting server. Confirm that operating system testing results are consistent with EC2 operating system behavior.
  D. Download and integrate the latest ISO of Amazon Linux 2 and execute the application deployment on the resulting server. Confirm that operating system testing results are consistent with EC2 operating system behavior.

  ---

  Reference: https://aws.amazon.com/blogs/aws/opsworks-on-prem-and-existing-instances/

• Question 342:

  A company has thousands of Amazon EC2 instances as well as hundreds of virtual machines on- premises. Developers routinely sign in to the console for on-premises systems to perform troubleshooting. The Developers want to sign in to

  AWS instances to run performance tools, but are unable to due to the lack of a central console logging system. A DevOps Engineer wants to ensure that console access is logged on all systems.

  Which combination of steps will meet these requirements? (Choose two.)

  A. Attach a role to all AWS instances that contains the appropriate permissions. Create an AWS Systems Manager managed-instance activation. Install and configure Systems Manager Agent on on-premises machines.
  B. Enable AWS Systems Manager Session Manager logging to an Amazon S3 bucket. Direct Developers to connect to the systems with Session Manager only.
  C. Enable AWS Systems Manager Session Manager logging to AWS CloudTrail. Direct Developers to continue normal sign-in procedures for on-premises. Use Session Manager for AWS instances.
  D. Install and configure an Amazon CloudWatch Logs agent on all systems. Create an AWS Systems Manager managed-instance activation.
  E. Set up a Site-to-Site VPN connection between the on-premises and AWS networks. Set up a bastion instance to allow Developers to sign in to the AWS instances.
  A. Attach a role to all AWS instances that contains the appropriate permissions. Create an AWS Systems Manager managed-instance activation. Install and configure Systems Manager Agent on on-premises machines.
  B. Enable AWS Systems Manager Session Manager logging to an Amazon S3 bucket. Direct Developers to connect to the systems with Session Manager only.

• Question 343:

  An IT department manages a portfolio with Windows and Linux (Amazon and Red Hat Enterprise Linux) servers both on-premises and on AWS. An audit reveals that there is no process for updating OS and core application patches, and that the servers have inconsistent patch levels. Which of the following provides the MOST reliable and consistent mechanism for updating and maintaining all servers at the recent OS and core application patch levels?

  A. Install AWS Systems Manager agent on all on-premises and AWS servers. Create Systems Manager Resource Groups. Use Systems Manager Patch Manager with a preconfigured patch baseline to run scheduled patch updates during maintenance windows.
  B. Install the AWS OpsWorks agent on all on-premises and AWS servers. Create an OpsWorks stack with separate layers for each operating system, and get a recipe from the Chef supermarket to run the patch commands for each layer during maintenance windows.
  C. Use a shell script to install the latest OS patches on the Linux servers using yum and schedule it to run automatically using cron. Use Windows Update to automatically patch Windows servers.
  D. Use AWS Systems Manager Parameter Store to securely store credentials for each Linux and Windows server. Create Systems Manager Resource Groups. Use the Systems Manager Run Command to remotely deploy patch updates using the credentials in Systems Manager Parameter Store
  D. Use AWS Systems Manager Parameter Store to securely store credentials for each Linux and Windows server. Create Systems Manager Resource Groups. Use the Systems Manager Run Command to remotely deploy patch updates using the credentials in Systems Manager Parameter Store

• Question 344:

  You have been given a business requirement to retain log files for your application for 10 years. You need to regularly retrieve the most recent logs for troubleshooting. Your logging system must be cost-effective, given the large volume of

  logs.

  What technique should you use to meet these requirements?

  A. Store your log in Amazon CloudWatch Logs.
  B. Store your logs in Amazon Glacier.
  C. Store your logs in Amazon S3, and use lifecycle policies to archive to Amazon Glacier.
  D. Store your logs in HDFS on an Amazon EMR cluster.
  E. Store your logs on Amazon EBS, and use Amazon EBS snapshots to archive them.
  C. Store your logs in Amazon S3, and use lifecycle policies to archive to Amazon Glacier.

• Question 345:

  A company plans to stop using Amazon EC2 key pairs for SSH access, and instead plans to use AWS Systems Manager Session Manager. To further enhance security, access to Session Manager must take place over a private network only.

  Which combinations of actions will accomplish this? (Choose two.)

  A. Allow inbound access to TCP port 22 in all associated EC2 security groups from the VPC CIDR range.
  B. Attach an IAM policy with the necessary Systems Manager permissions to the existing IAM instance profile.
  C. Create a VPC endpoint for Systems Manager in the desired Region.
  D. Deploy a new EC2 instance that will act as a bastion host to the rest of the EC2 instance fleet.
  E. Remove any default routes in the associated route tables.
  B. Attach an IAM policy with the necessary Systems Manager permissions to the existing IAM instance profile.
  C. Create a VPC endpoint for Systems Manager in the desired Region.

• Question 346:

  A DevOps Engineer is building a continuous deployment pipeline for a serverless application using AWS CodePipeline and AWS CodeBuild. The source, build, and test stages have been created with the deploy stage remaining. The company wants to reduce the risk of an unsuccessful deployment by deploying to a small percentage of customers and monitoring this deployment prior to a full release to all customers. How should the deploy stage be configured to meet these requirements?

  A. Use AWS CloudFormation to publish a new version on every stack update. Then set up a CodePipeline approval action for a Developer to test and approve the new version. Finally, use a CodePipeline invoke action to update an AWS Lambda function to use the production alias
  B. Use CodeBuild to use the AWS CLI to update the AWS Lambda function code, then publish a new version of the function and update the production alias to point to the new version of the function.
  C. Use AWS CloudFormation to define the serverless application and AWS CodeDeploy to deploy the AWS Lambda functions using DeploymentPreference: Canary10Percent15Minutes.
  D. Use AWS CloudFormation to publish a new version on every stack update. Use the RoutingConfig property of the AWS::Lambda::Alias resource to update the traffic routing during the stack update.
  C. Use AWS CloudFormation to define the serverless application and AWS CodeDeploy to deploy the AWS Lambda functions using DeploymentPreference: Canary10Percent15Minutes.

• Question 347:

  A company is using Docker containers for an application deployment and wants to move its application to AWS. The company currently manages its own clusters on premises to manage the deployment of these containers. It wants to deploy its application to a managed service in AWS and wants the entire flow of the deployment process to be automated. In addition, the company has the following requirements:

  1.

  Focus first on the development workload.

  2.

  The environment must be easy to manage.

  3.

  Deployment should be repeatable and reusable for new environments.

  4.

  Store the code in a GitHub repository.

  Which solution will meet these requirements?

  A. Set up an Amazon ECS environment. Use AWS CodePipeline to create a pipeline that is triggered on a commit to the GitHub repository. Use AWS CodeBuild to create the container images and AWS CodeDeploy to publish the container image to the ECS environment.
  B. Use AWS CodePipeline that triggers on a commit from the GitHub repository, build the container images with AWS CodeBuild, and publish the container images to Amazon ECR. In the final stage, use AWS CloudFormation to create an Amazon ECS environment that gets the container images from the ECR repository.
  C. Create a Kubernetes Cluster on Amazon EC2. Use AWS CodePipeline to create a pipeline that is triggered when the code is committed to the repository. Create the container images with a Jenkins server on EC2 and store them in the Docker Hub. Use AWS Lambda from the pipeline to trigger the deployment to the Kubernetes Cluster.
  D. Set up an Amazon ECS environment. Use AWS CodePipeline to create a pipeline that is triggered on a commit to the GitHub repository. Use AWS CodeBuild to create the container and store it in the Docker Hub. Use an AWS Lambda function to trigger a deployment and pull the new container image from the Docker Hub.
  A. Set up an Amazon ECS environment. Use AWS CodePipeline to create a pipeline that is triggered on a commit to the GitHub repository. Use AWS CodeBuild to create the container images and AWS CodeDeploy to publish the container image to the ECS environment.

• Question 348:

  A company has 100 GB of log data in an Amazon S3 bucket stored in .csv format. SQL developers want to query this data and generate graphs to visualize it. They also need an efficient, automated way to store metadata from the .csv file. Which combination of steps should be taken to meet these requirements with the LEAST amount of effort? (Choose three.)

  A. Filter the data through AWS X-Ray to visualize the data.
  B. Filter the data through Amazon QuickSight to visualize the data.
  C. Query the data with Amazon Athena.
  D. Query the data with Amazon Redshift.
  E. Use AWS Glue as the persistent metadata store.
  F. Use Amazon S3 as the persistent metadata store.
  B. Filter the data through Amazon QuickSight to visualize the data.
  C. Query the data with Amazon Athena.
  F. Use Amazon S3 as the persistent metadata store.

• Question 349:

  A developer is building an application that must allow users to upload images to an Amazon S3 bucket. Users need to be able to sign in to the application using Facebook to upload images. How can these requirements be met?

  A. Store a user's Facebook user name and password in an Amazon DymanoDB table. Authenticate against those credentials the next time the user tries to log in.
  B. Create an Amazon Cognito identity pool using Facebook as the identity provider. Obtain temporary AWS credentials so a user can access Amazon S3.
  C. Create multiple AWS IAM users. Set the email and password to be the same as each user's Facebook login credentials.
  D. Create a new Facebook account and store its login credentials in an S3 bucket. Share that S3 bucket with a user. The user will log in to the application using those retrieved credentials.
  B. Create an Amazon Cognito identity pool using Facebook as the identity provider. Obtain temporary AWS credentials so a user can access Amazon S3.

  ---

  Reference: https://aws.amazon.com/blogs/mobile/store-your-photos-in-the-cloud-using-amazon-s3/

• Question 350:

  A Development team wants to deploy an application using AWS CloudFormation stacks, but the Developer IAM role does not currently have the required permissions to provision the resources specified in the CloudFormation template. A

  DevOps Engineer is tasked with allowing Developers to deploy the stacks while following the principal of least privilege.

  Which solution will meet these requirements?

  A. Create an IAM policy that allows Developers to provision the required resources. Attach the policy to the Developer role.
  B. Create an IAM policy that allows full access to CloudFormation. Attach the policy to the Developer role.
  C. Create a new IAM role with the required permissions to use as a CloudFormation service role. Grant the Developer role a cloudformation:* action.
  D. Create a new IAM role with the required permissions to use as a CloudFormation service role. Grant the Developer role the iam:PassRole permission.
  A. Create an IAM policy that allows Developers to provision the required resources. Attach the policy to the Developer role.