1. Home
  2. Amazon
  3. DOP-C01

Amazon DOP-C01 Online Practice Questions and Exam Preparation

DOP-C01 Exam Details

  • Exam Code
    :DOP-C01
  • Exam Name
    :AWS Certified DevOps Engineer - Professional (DOP-C01)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :559 Q&As
  • Last Updated
    :Dec 22, 2024

Amazon DOP-C01 Online Questions & Answers

  • Question 451:

    When thinking of AWS Elastic Beanstalk, the 'Swap Environment URLs' feature most directly aids in what?

    A. Immutable Rolling Deployments
    B. Mutable Rolling Deployments
    C. Canary Deployments
    D. Blue-Green Deployments

  • Question 452:

    You are administering a continuous integration application that polls version control for changes and then launches new Amazon EC2 instances for a full suite of build tests. What should you do to ensure the lowest overall cost while being able to run as many tests in parallel as possible?

    A. Perform syntax checking on the continuous integration system before launching a new Amazon EC2 instance for build test, unit and integration tests.
    B. Perform syntax and build tests on the continuous integration system before launching the new Amazon EC2 instance unit and integration tests.
    C. Perform all tests on the continuous integration system, using AWS OpsWorks for unit, integration, and build tests.
    D. Perform syntax checking on the continuous integration system before launching a new AWS Data Pipeline for coordinating the output of unit, integration, and build tests.

  • Question 453:

    Your application is currently running on Amazon EC2 instances behind a load balancer. Your management has decided to use a Blue/Green deployment strategy. How should you implement this for each deployment?

    A. Set up Amazon Route 53 health checks to fail over from any Amazon EC2 instance that is currently being deployed to.
    B. Using AWS CloudFormation, create a test stack for validating the code, and then deploy the code to each production Amazon EC2 instance.
    C. Create a new load balancer with new Amazon EC2 instances, carry out the deployment, and then switch DNS over to the new load balancer using Amazon Route 53 after testing.
    D. Launch more Amazon EC2 instances to ensure high availability, de-register each Amazon EC2 instance from the load balancer, upgrade it, and test it, and then register it again with the load balancer.

  • Question 454:

    When thinking of AWS OpsWorks, which of the following is not an instance type you can allocate in a stack layer?

    A. 24/7 instances
    B. Spot instances
    C. Time-based instances
    D. Load-based instances

  • Question 455:

    A company has many applications. Different teams in the company developed the applications by using multiple languages and frameworks. The applications run on premises and on different servers with different operating systems. Each team has its own release protocol and process. The company wants to reduce the complexity of the release and maintenance of these applications.

    The company is migrating its technology stacks, including these applications, to AWS. The company wants centralized control of source code, a consistent and automatic delivery pipeline, and as few maintenance tasks as possible on the underlying infrastructure.

    What should a DevOps engineer do to meet these requirements?

    A. Create one AWS CodeCommit repository for all applications. Put each application's code in different branch. Merge the branches, and use AWS CodeBuild to build the applications. Use AWS CodeDeploy to deploy the applications to one centralized application server.
    B. Create one AWS CodeCommit repository for each of the applications Use AWS CodeBuild to build the applications one at a time. Use AWS CodeDeploy to deploy the applications to one centralized application server.
    C. Create one AWS CodeCommit repository for each of the applications. Use AWS CodeBuild to build the applications one at a time to create one AMI for each server. Use AWS CloudFormation StackSets to automatically provision and decommission Amazon EC2 fleets by using these AMIs.
    D. Create one AWS CodeCommit repository for each of the applications. Use AWS CodeBuild to build one Docker image for each application in Amazon Elastic Container Registry (Amazon ECR). Use AWS CodeDeploy to deploy the applications to Amazon Elastic Container Service (Amazon ECS) on infrastructure that AWS Fargate manages.

  • Question 456:

    Amazon Inspector agent collects telemetry data during assessment run and sends this data to Amazon Inspector dedicated S3 bucket for analysis. How can you access telemetry data out of Amazon Inspector and how can you benefit from this data in securing your resources?

    A. Telemetry data is kept in S3 and encrypted with a pre-assessment test key configured in KMS, as long as you have access to that key you can download and decrypt telemetry data.
    B. Telemetry data is stored in Amazon Inspector dedicated S3 bucket that does NOT belong to your account, Amazon Inspector currently does NOT provide an API or an S3 bucket access mechanism to collected telemetry. Data is retained temporarily only to allow for assistance with support requests.
    C. Telemetry data is saved on S3 bucket in your account, therefore telemetry data is accessible with proper permissions on that bucket.
    D. Telemetry data is deleted immediately after assessment run, therefore data can NOT be accessed or analyzed by any other tools.

  • Question 457:

    A company has mandated a global encryption-at-rest policy. A DevOps engineer has been tasked to ensure that new data uploaded to both new and existing Amazon S3 buckets is encrypted at rest across the company's AWS Organizations organization. There are a number of legacy applications deployed on AWS that use Amazon S3 and do not store data encrypted at rest. These applications MUST continue to operate. The engineer must ensure S3 encryption at rest across the organization without requiring an application code change.

    How should this be accomplished with MINIMAL effort?

    A. Develop an AWS Lambda function that lists all Amazon S3 buckets in a given account and applies default encryption to all S3 buckets that either do not have it enabled or to those with an S3 bucket policy that do not explicitly deny put-object requests without server-side encryption. Deploy the Lambda function along with an Amazon EventBridge (Amazon CloudWatch Events) scheduled rule with AWS CloudFormation StackSets to all accounts within the organization.
    B. Enable the AWS Config s3-bucket-server-side-encryption-enabled managed rule that checks for S3 bucket that either do not have S3 default encryption enabled or those with an S3 bucket policy that does not explicitly deny put-object requests without server-side encryption. Add the AWS- EnabledS3BucketEncryption remediation action to the AWS Config rule to enable default encryption on any S3 buckets that are not complaint. Use AWS Config organizations integration to deploy the rule across all accounts in the organization.
    C. Enable an AWS Config custom rule that checks for S3 buckets that do not have a bucket policy denying access to s3:PutObject unless the x-amz-server-side-encryption S3 condition is met with an AES 256 value or x-amz-server-sideencryption is not present. Add a custom remediation action to the AWS Config rule that will apply the bucket policy if the S3 bucket is non-complaint. Use AWS Config organizations integration to deploy the rule across all accounts in the organization.
    D. Write an SCP that denies access to s3:PutObject unless either the x-amz-server-side-encryption S3 condition is met with an AES 256 value or x-amz-server-side-encryption is not present. Apply the SCP to the root of the organization to enforce the policy across the entire organization.

  • Question 458:

    You are getting a lot of empty receive requests when using Amazon SQS. This is making a lot of unnecessary network load on your instances. What can you do to reduce this load?

    A. Subscribe your queue to an SNS topic instead.
    B. Use as long of a poll as possible, instead of short polls.
    C. Alter your visibility timeout to be shorter.
    D. Use sqsd on your EC2 instances.

  • Question 459:

    A company runs an application with an Amazon EC2 and on-premises configuration. A DevOps Engineer needs to standardize patching across both environments. Company policy dictates that patching only happens during non-business hours.

    Which combination of actions will meet these requirements? (Choose three.)

    A. Add the physical machines into AWS Systems Manager using Systems Manager Hybrid Activations.
    B. Attach an IAM role to the EC2 instances, allowing them to be managed by AWS Systems Manager.
    C. Create IAM access keys for the on-premises machines to interact with AWS Systems Manager.
    D. Execute an AWS Systems Manager Automation document to patch the systems every hour.
    E. Use Amazon CloudWatch Events scheduled events to schedule a patch window.
    F. Use AWS Systems Manager Maintenance Windows to schedule a patch window.

  • Question 460:

    You are building a Docker image with the following Dockerfile. How many layers will the resulting image have?

    FROM scratch CMD /app/hello.sh

    A. 2
    B. 4
    C. 1
    D. 3

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your DOP-C01 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.