Amazon DOP-C01 Online Practice
Questions and Exam Preparation
DOP-C01 Exam Details
Exam Code
:DOP-C01
Exam Name
:AWS Certified DevOps Engineer - Professional (DOP-C01)
Certification
:Amazon Certifications
Vendor
:Amazon
Total Questions
:559 Q&As
Last Updated
:Dec 22, 2024
Amazon DOP-C01 Online Questions &
Answers
Question 31:
A DevOps Engineer must implement monitoring for a workload running on Amazon EC2 and Amazon RDS MySQL. The monitoring must include:
1.
Application logs and operating system metrics for the Amazon EC2 instances
2.
Database logs and operating system metrics for the Amazon RDS database
Which steps should the Engineer take?
A. Install an Amazon CloudWatch agent on the EC2 and RDS instances. Configure the agent to send the operating system metrics and application and database logs to CloudWatch. B. Install an Amazon CloudWatch agent on the EC2 instance, and configure the agent to send the application logs and operating system metrics to CloudWatch. Enable RDS Enhanced Monitoring, and modify the RDS instance to publish database logs to CloudWatch Logs. C. Install an Amazon CloudWatch Logs agent on the EC2 instance and configure it to send application logs to CloudWatch. D. Set up scheduled tasks on the EC2 and RDS instances to put operating system metrics and application and database logs into an Amazon S3 bucket. Set up an event on the bucket to invoke an AWS Lambda function to monitor for errors each time an object is put into the bucket.
B. Install an Amazon CloudWatch agent on the EC2 instance, and configure the agent to send the application logs and operating system metrics to CloudWatch. Enable RDS Enhanced Monitoring, and modify the RDS instance to publish database logs to CloudWatch Logs.
Question 32:
A company's application is currently deployed to a single AWS Region. Recently, the company opened a new office on a different continent. The users in the new office are experiencing high latency. The company's application runs on Amazon EC2 instances behind an Application Load Balancer (ALB) and uses Amazon DynamoDB as the database layer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. A DevOps Engineer is tasked with minimizing application response times and improving availability for users in both Regions.
Which combination of actions should be taken to address the latency issues? (Choose three.)
A. Create a new DynamoDB table in the new Region with cross-Region replication enabled. B. Create new ALB and Auto Scaling group global resources and configure the new ALB to direct traffic to the new Auto Scaling group. C. Create new ALB and Auto Scaling group resources in the new Region and configure the new ALB to direct traffic to the new Auto Scaling group. D. Create Amazon Route 53 records, health checks, and latency-based routing policies to route to the ALB. E. Create Amazon Route 53 aliases, health checks, and failover routing policies to route to the ALB. F. Convert the DynamoDB table to a global table.
C. Create new ALB and Auto Scaling group resources in the new Region and configure the new ALB to direct traffic to the new Auto Scaling group. D. Create Amazon Route 53 records, health checks, and latency-based routing policies to route to the ALB. F. Convert the DynamoDB table to a global table.
Question 33:
A company is using AWS CodePipeline to deploy an application. A recent policy change requires that a member of the company's security team sign off on any application changes before they are deployed into production. The approval should be recorded and retained.
Which combination of actions will meet these new requirements? (Choose two.)
A. Configure CodePipeline with Amazon CloudWatch Logs to retain data. B. Configure CodePipeline to deliver action logs to Amazon S3. C. Create an AWS CloudTrail trail to deliver logs to Amazon S3. D. Create a custom CodePipeline action to invoke an AWS Lambda function for approval. Create a policy that gives the security team access to manage custom CodePipeline actions. E. Create a manual approval CodePipeline action before the deployment step. Create a policy that grants the security team access to approve manual approval stages.
C. Create an AWS CloudTrail trail to deliver logs to Amazon S3. E. Create a manual approval CodePipeline action before the deployment step. Create a policy that grants the security team access to approve manual approval stages.
Question 34:
A Development team uses AWS CodeCommit for source code control. Developers apply their changes to various feature branches and create pull requests to move those changes to the master branch when they are ready for production. A
direct push to the master branch should not be allowed. The team applied the AWS managed policy AWSCodeCommitPowerUser to the Developers' IAM Rote, but now members are able to push to the master branch directly on every
repository in the AWS account.
What actions should be taken to restrict this?
A. Create an additional policy to include a deny rule for the codecommit:GitPush action, and include a restriction for the specific repositories in the resource statement with a condition for the master reference. B. Remove the IAM policy and add an AWSCodeCommitReadOnly policy. Add an allow rule for the codecommit:GitPush action for the specific repositories in the resource statement with a condition for the master reference. C. Modify the IAM policy and include a deny rule for the codecommit:GitPush action for the specific repositories in the resource statement with a condition for the master reference. D. Create an additional policy to include an allow rule for the codecommit:GitPush action and include a restriction for the specific repositories in the resource statement with a condition for the feature branches reference.
A. Create an additional policy to include a deny rule for the codecommit:GitPush action, and include a restriction for the specific repositories in the resource statement with a condition for the master reference.
You have been asked to de-risk deployments at your company. Specifically, the CEO is concerned about outages that occur because of accidental inconsistencies between Staging and Production, which sometimes cause unexpected
behaviors in Production even when Staging tests pass. You already use Docker to get high consistency between Staging and Production for the application environment on your EC2 instances.
How do you further de-risk the rest of the execution environment, since in AWS, there are many service components you may use beyond EC2 virtual machines?
A. Develop models of your entire cloud system in CloudFormation. Use this model in Staging and Production to achieve greater parity. B. Use AWS Config to force the Staging and Production stacks to have configuration parity. Any differences will be detected for you so you are aware of risks. C. Use AMIs to ensure the whole machine, including the kernel of the virual machines, is consistent, since Docker uses Linux Container (LXC) technology, and we need to make sure the container environment is consistent. D. Use AWS ECS and Docker clustering. This will make sure that the AMIs and machine sizes are the same across both environments.
A. Develop models of your entire cloud system in CloudFormation. Use this model in Staging and Production to achieve greater parity.
Only CloudFormation's JSON Templates allow declarative version control of repeatably deployable models of entire AWS clouds.
A. Availability Zone B. Placement Group C. Region D. VPC
C. Region
A security group is tied to a region and can be assigned only to instances in the same region. You can't enable an instance to communicate with an instance outside its region using security group rules. Traffic from an instance in another region is seen as WAN bandwidth. Reference: http://docs.aws.amazon.com/ AWSEC2/latest/UserGuide/resources.html
Question 38:
A Security team requires all Amazon EBS volumes that are attached to an Amazon EC2 instance to have AWS Key Management Service (AWS KMS) encryption enabled. If encryption is not enabled, the company's policy requires the EBS volume to be detached and deleted. A DevOps Engineer must automate the detection and deletion of unencrypted EBS volumes.
Which method should the Engineer use to accomplish this with the LEAST operational effort?
A. Create an Amazon CloudWatch Events rule that invokes an AWS Lambda function when an EBS volume is created. The Lambda function checks the EBS volume for encryption. If encryption is not enabled and the volume is attached to an instance, the function deletes the volume. B. Create an AWS Lambda function to describe all EBS volumes in the region and identify volumes that are attached to an EC2 instance without encryption enabled. The function then deletes all non- compliant volumes. The AWS Lambda function is invoked every 5 minutes by an Amazon CloudWatch Events scheduled rule. C. Create a rule in AWS Config to check for unencrypted and attached EBS volumes. Subscribe an AWS Lambda function to the Amazon SNS topic that AWS Config sends change notifications to. The Lambda function checks the change notification and deletes any EBS volumes that are non-compliant. D. Launch an EC2 instance with an IAM role that has permissions to describe and delete volumes. Run a script on the EC2 instance every 5 minutes to describe all EBS volumes in all regions and identify volumes that are attached without encryption enabled. The script then deletes those volumes.
C. Create a rule in AWS Config to check for unencrypted and attached EBS volumes. Subscribe an AWS Lambda function to the Amazon SNS topic that AWS Config sends change notifications to. The Lambda function checks the change notification and deletes any EBS volumes that are non-compliant.
Question 39:
Which statement is true about configuring proxy support for Amazon Inspector agent on a Windows-based system?
A. Amazon Inspector agent supports proxy usage on Windows-based systems through the use of the WinHTTP proxy. B. Amazon Inspector agent supports proxy usage on Linux-based systems but not on Windows. C. Amazon Inspector proxy support on Windows-based systems is achieved through installing proxy-enabled version of the agent which comes with preconfigured files that you need to edit to match your environment. D. Amazon Inspector agent supports proxy usage on Windows-based systems through awsagent.env configuration file.
A. Amazon Inspector agent supports proxy usage on Windows-based systems through the use of the WinHTTP proxy.
Proxy support for AWS agents is achieved through the use of the WinHTTP proxy.
1) An Elastic Load Balancer 2) Auto Scaling Group which launches EC2 Instances 3) AMIs with your code pre-installed You want to deploy the updates of your app to only a certain number of users. You want to have a cost-effective solution. You should also be able to revert back quickly.
Which of the below solutions is the most feasible one?
A. Create a second ELB, and a new Auto Scaling Group assigned a new Launch Configuration. Create a new AMI with the updated app. Use Route53 Weighted Round Robin records to adjust the proportion of traffic hitting the two ELBs. B. Create new AMIs with the new app. Then use the new EC2 instances in half proportion to the older instances. C. Redeploy with AWS Elastic Beanstalk and Elastic Beanstalk versions. Use Route 53 Weighted Round Robin records to adjust the proportion of traffic hitting the two ELBs D. Create a full second stack of instances, cut the DNS over to the new stack of instances, and change the DNS back if a rollback is needed.
A. Create a second ELB, and a new Auto Scaling Group assigned a new Launch Configuration. Create a new AMI with the updated app. Use Route53 Weighted Round Robin records to adjust the proportion of traffic hitting the two ELBs.
The Weighted Routing policy of Route53 can be used to direct a proportion of traffic to your application. The best option is to create a second CLB, attach the new Autoscaling Group and then use Route53 to divert the traffic. Option B is wrong because just having EC2 instances running with the new code will not help. Option C is wrong because Clastic beanstalk is good for development environments, and also there is no mention of having 2 environments where environment urls can be swapped. Option D is wrong because you still need Route53 to split the traffic.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your DOP-C01 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.