DOP-C01 Practice Exam Tests Latest Updated on Oct-2021 [Q127-Q146]

DOP-C01 Practice Exam Tests Latest Updated on Oct-2021

Pass DOP-C01 Exam in First Attempt Guaranteed Dumps!

NEW QUESTION 127
You need to deploy a multi-container Docker environment on to Elastic beanstalk. Which of the following files can be used to deploy a set of Docker containers to Elastic beanstalk

• A. Dockerrun.aws.json
• B. DockerMultifile
• C. Dockerrun
• D. Dockerfile

Answer: A

Explanation:
Explanation
The AWS Documentation specifies
A Dockerrun.aws.json file is an Clastic Beanstalk-specific JSON file that describes how to deploy a set of Docker containers as an Clastic Beanstalk application. You can use aDockerrun.aws.json file for a multicontainer Docker environment.
Dockerrun.aws.json describes the containers to deploy to each container instance in the environment as well as the data volumes to create on the host instance for the containers to mount.
For more information on this, please visit the below URL:
* http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker_v2config.html

 

NEW QUESTION 128
A DevOps Engineer is working on a project that is hosted on Amazon Linux and has failed a security review.
The DevOps Manager has been asked to review the company buildspec.yaml file for an AWS CodeBuild project and provide recommendations. The buildspec.yaml file is configured as follows:

What changes should be recommended to comply with AWS security best practices? (Select THREE.)

• A. Add a post-build command to remove the temporary files from the container before termination to ensure they cannot be seen by other CodeBuild users.
• B. Move the environment variables to the "db-deploy-bucket' Amazon S3 bucket, add a prebuild stage to download, then export the variables.
• C. Scramble the environment variables using XOR followed by Base64, add a section to install, and then run XOR and Base64 to the build phase.
• D. Use AWS Systems Manager run command versus scp and ssh commands directly to the instance.
• E. Update the CodeBuild project role with the necessary permissions and then remove the AWS credentials from the environment variable.
• F. Store the DB_PASSWORD as a SecureString value in AWS Systems Manager Parameter Store and then remove the DB_PASSWORD from the environment variables.

Answer: D,E,F

Explanation:
Explanation
https://aws.amazon.com/codebuild/faqs/

 

NEW QUESTION 129
Your company has an application hosted on an Elastic beanstalk environment. You have been instructed that whenever application changes occur and new versions need to be deployed that the fastest deployment approach is employed. Which of the following deployment mechanisms will fulfil this requirement?

• A. Rolling
• B. Rollingwith batch
• C. Immutable
• D. Allatonce

Answer: D

Explanation:
Explanation
The following table from the AWS documentation shows the deployment time for each deployment methods.

For more information on Elastic beanstalk deployments, please refer to the below link:
* http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.deploy-existing-version,htmI

 

NEW QUESTION 130
A company uses AWS KMS with CMKs and manual key rotation to meet regulatory compliance requirements. The security team wants to be notified when any keys have not been rotated after 90 days.
Which solution will accomplish this?

• A. Develop an AWS Config custom rule that publishes to an Amazon SNS topic when keys are more than
  90 days old
• B. Configure AWS Security Hub to publish to an Amazon SNS topic when keys are more than 90 days old.
• C. Configure AWS KMS to publish to an Amazon SNS topic when keys are more than 90 days old.
• D. Configure an Amazon CloudWatch Events event to launch an AWS Lambda function to call the AWS Trusted Advisor API and publish to an Amazon SNS topic

Answer: C

 

NEW QUESTION 131
An Internet-facing multi-tier web application must be highly available. An ELB Classic Load Balancer is
deployed in front of the web tier. Amazon EC2 instances at the web application tier are deployed evenly
across two Availability Zones. The database is deployed using RDS Multi-AZ. A NAT instance is launched
for Amazon EC2 instances and database resources to access the Internet. These instances are not assigned with
public IP addresses.
Which component poses a potential single point of failure in this architecture?

• A. NAT instance
• B. Amazon EC2
• C. ELB Classic Load Balancer
• D. Amazon RDS

Answer: C

 

NEW QUESTION 132
A company has established tagging and configuration standards for its infrastructure resources running on AWS. A DevOps Engineer is developing a design that will provide a near-real-time dashboard of the compliance posture with the ability to highlight violations. Which approach meets the stated requirements?

• A. Use AWS Config to record configuration changes and output the data to an Amazon S3 bucket. Create an Amazon QuickSight analysis of the dataset, and use the information on dashboards and mobile devices.
• B. Create a resource group that displays resources with the specified tags and those without tags. Use the AWS Management Console to view compliant and non-compliant resources.
• C. Define the compliance and tagging requirements in Amazon inspector. Output the results to Amazon CloudWatch Logs. Build a metric filter to isolate the monitored elements of interest and present the data in a CloudWatch dashboard.
• D. Define the resource configurations in AWS Service Catalog, and monitor the AWS Service Catalog compliance and violations in Amazon CloudWatch. Then, set up and share a live CloudWatch dashboard. Set up Amazon SNS notifications for violations and corrections.

Answer: A

Explanation:
https://aws.amazon.com/about-aws/whats-new/2019/03/aws-config-now-supports-tagging-of-aws-config-resources/

 

NEW QUESTION 133
A company is running an application on Amazon EC2 instances behind an ELB Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones.
After a recent application update, users are getting HTTP 502 Bad Gateway errors from the application URL.
The DevOps Engineer cannot analyze the problem because Auto Scaling is terminating all EC2 instances shortly after launch for being unhealthy.
What steps will allow the DevOps Engineer access to one of the unhealthy instances to troubleshoot the deployed application?

• A. Add a lifecycle hook to your Auto Scaling group to move instances in the Terminatingstate to the Terminating:Waitstate.
• B. Edit the Auto Scaling group to enable termination protection as this will protect unhealthy instances from being terminated.
• C. Create an image from the terminated instance and create a new instance from that image. The Application team can then log into the new instance.
• D. As soon as a new instance is created by AutoScaling, put the instance into a Standbystate as this will prevent the instance from being terminated.

Answer: C

 

NEW QUESTION 134
You are using AWS Elastic Beanstalk to deploy your application and must make data stored on an Amazon Elastic Block Store (EBS) volume snapshot available to the Amazon Elastic Compute Cloud (EC2) instances. How can you modify your Elastic Beanstalk environment so that the data is added to the Amazon EC2 instances every time you deploy your application?

• A. Add commands to the Amazon EC2 user data that will be executed by eb-init, which uses the create- volume Amazon EC2 API or CLI to create a new Amazon EBS volume based on the specified snapshot, and then mounts the volume on launch.
• B. Add commands to the Chef recipe associated with your environment, use the create-volume Amazon EC2 API or CLI to create a new Amazon EBS volume based on the specified snapshot, and then mount the volume on launch.
• C. Add commands to a configuration file in the .ebextensions folder of your deployable archive that mount an additional Amazon EBS volume on launch.
  Also add a "BlockDeviceMappings" option, and specify the snapshot to use for the block device in the Auto Scaling launch configuration.
• D. Add commands to a configuration file in the .ebextensions folder of your deployable archive that uses the create-volume Amazon EC2 API or CLI to create a new ephemeral volume based on the specified snapshot and then mounts the volume on launch.

Answer: C

 

NEW QUESTION 135
You are in charge of designing a number of Cloudformation templates for your organization. You need to ensure that no one can accidentally update the production based resources on the stack during a stack update.
How can this be achieved in the most efficient way?

• A. Createtags for the resources and then create 1AM policies to protect the resources.
• B. Usea Stack based policy to protect the production based resources.
• C. UseS3 bucket policies to protect the resources.
• D. UseMFA to protect the resources

Answer: B

Explanation:
Explanation
The AWS Documentation mentions
When you create a stack, all update actions are allowed on all resources. By default, anyone with stack update permissions can update all of the resources in the stack. During an update, some resources might require an interruption or be completely replaced, resulting in new physical IDs or completely new storage. You can prevent stack resources from being unintentionally updated or deleted during a stack update by using a stack policy. A stack policy is a JSON document that defines the update action1.-; that car1 be performed on designated resources.
For more information on protecting stack resources, please visit the below url
http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/protect-stack-resources.html

 

NEW QUESTION 136
You have a large number of web servers in an Auto Scalinggroup behind a load balancer. On an hourly basis,
you want to filter and process the logs to collect data on unique visitors, and then put that data in a durable
data store in order to run reports. Web servers in the Auto Scalinggroup are constantly launching and
terminating based on your scaling policies, but you do not want to lose any of the log data from these servers
during a stop/termination initiated by a user or by Auto Scaling. What two approaches will meet these
requirements? Choose two answers from the optionsgiven below.

• A. Install an AWS Data Pipeline Logs Agent on every web server during the bootstrap process. Create a
  log group object in AWS Data Pipeline, and define Metric Filters to move processed log data directly
  from the web servers to Amazon Redshift and run reports every hour.
• B. Install an Amazon Cloudwatch Logs Agent on every web server during the bootstrap process. Create a
  CloudWatch log group and define
  Metric Filters to create custom metrics that track unique visitors from the streaming web server logs.
  Create a scheduled task on an Amazon EC2 instance that runs every hour to generate a new report based
  on the Cloudwatch custom metrics. ^/
• C. On the web servers, create a scheduled task that executes a script to rotate and transmit the logs to
  Amazon Glacier. Ensure that the operating system shutdown procedure triggers a logs transmission
  when the Amazon EC2 instance is stopped/terminated. Use Amazon Data Pipeline to process the data in
  Amazon Glacier and run reports every hour.
• D. On the web servers, create a scheduled task that executes a script to rotate and transmit the logs to an
  Amazon S3 bucket. Ensure that the operating system shutdown procedure triggers a logs transmission
  when the Amazon EC2 instance is stopped/terminated. Use AWS Data Pipeline to move log data from
  the Amazon S3 bucket to Amazon Redshift In order to process and run reports every hour.

Answer: B,D

Explanation:
Explanation
You can use the Cloud Watch Logs agent installer on an existing CC2 instance to install and configure the
Cloud Watch Logs agent.
For more information, please visit the below link:
* http://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Qu
ickStartCC2lnstance.html
You can publish your own metrics to Cloud Watch using the AWS CLI or an API. For more information,
please visit the below link:
* http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/publ
ishingMetrics.htm I
Amazon Redshift is a fast, fully managed data warehouse that makes it simple and cost-effective to analyze all
your data using standard SQL and your existing Business Intelligence (Bl) tools. It allows you to run complex
analytic queries against petabytes of structured data, using sophisticated query optimization, columnar storage
on high-performance local disks, and massively parallel query execution. Most results come back in seconds.
For more information on copying data from S3 to redshift, please refer to the below link:
* http://docs.aws.amazon.com/datapipeline/latest/DeveloperGuide/dp-copydata-
redshift html

 

NEW QUESTION 137
A company indexes all of its Amazon CloudWatch Logs on Amazon ES and uses Kibana to view a dashboard for actionable insight. The company wants to restrict user access to Kibana by user Which actions can a DevOps Engineer take to meet this requirement? (Select TWO.)

• A. Create a proxy server with AWS 1AM user and restrict access of the Amazon ES endpoint to the 1AM user
• B. Use AWS SSO to offer user name and password protection for Kibana
• C. Use Amazon Cognito to offer user name and password protection for Kibana
• D. Create a proxy server with user authentication in an Auto Scaling group and restrict access of the Amazon ES endpoint to an Auto Scaling group tag
• E. Create a proxy server with user authentication and an Elastic IP address and restrict access of the Amazon ES endpoint to the IP address

Answer: D,E

 

NEW QUESTION 138
You run a SIP-based telephony application that uses Amazon EC2 for its web tier and uses MySQL on Amazon RDS as its database.
The application stores only the authentication profile data for its existing users in the database and therefore is read-intensive.
Your monitoring system shows that your web instances and the database have high CPU utilization.
Which of the following steps should you take in order to ensure the continual availability of your application? Choose 2 answers

• A. Switch to General Purpose (SSD) Storage from Provisioned IOPS Storage (PIOPS) for the Amazon RDS database.
• B. Set up an Auto Scaling group for the application tier and a policy that scales based on the Amazon EC2 CloudWatch CPU utilization metric.
• C. Vertically scale up the Amazon EC2 instances manually.
• D. Use multiple Amazon RDS read replicas.
• E. Set up an Auto Scaling group for the application tier and a policy that scales based on the Amazon RDS CloudWatch CPU utilization metric.
• F. Use a CloudFront RTMP download distribution with the application tier as the origin for the distribution.

Answer: B,D

 

NEW QUESTION 139
A company wants to use a grid system for a proprietary enterprise in-memory data store on top of AWS.
This system can run in multiple server nodes in any Linux-based distribution. The system must be able to reconfigure the entire cluster every time a node is added or removed. When adding or removing nodes, an
/etc./cluster/nodes. config file must be updated, listing the IP addresses of the current node members of that cluster The company wants to automate the task of adding new nodes to a cluster.
What can a DevOps Engineer do to meet these requirements?

• A. Create an Amazon S3 bucket and upload a version of the etc/cluster/ nodes.config file. Create a crontab script that will poll for that S3 file and download it frequently. Use a process manager, such as Monit or systemd, to restart the cluster services when it detects that the new file was modified. When adding a node to the cluster, edit the file's most recent members. Upload the new file to the S3 bucket .
• B. Put the file nodes.config in version control. Create an AWS CodeDeploy deployment configuration and deployment group based on an Amazon EC2 tag value for the cluster nodes. When adding a new node to the cluster, update the file with all tagged instances, and make a commit in version control. Deploy the new file and restart the services.
• C. Use AWS OpsWorks Stacks to layer the server nodes of that cluster. Create a Chef recipe that populates the content of the/etc/cluster/nodes config file and restarts the service by using the current members of the layer. Assign that recipe to the Configure lifecycle event.
• D. Create a user data script that lists all members of the current security group of the cluster and automatically updates the /etc/cluster/nodes.config file whenever a new instance is added to the cluster

Answer: B

 

NEW QUESTION 140
You want to build a new search tool feature for your monitoring system that will allow your information security team to quickly audit all API calls in your AWS accounts.
What combination of AWS services can you use to develop and automate the backend processes supporting this tool?
Choose 3 answers.

• A. Create Amazon Cloudwatch custom metrics for the API call logs. Configure a Cloudwatch search domain so that it can be used to index API call logs for the search tool.
• B. Create an Amazon CloudSearch domain for API call logs. Configure the search domain so that it can be used to index API call logs for the search tool.
• C. Use AWS CloudTrail to store API call logs in an Amazon S3 bucket. Configure Amazon Simple Email Service (SES) to notify subscribers when new logs are available. Subscribe an Amazon SQS queue to the email domain.
• D. Create an AWS Elastic Beanstalk application in worker role mode that uses an Amazon SQS queue to facilitate batch processing new API call log files retrieved from an Amazon S3 bucket into a search index.
• E. Use AWS CloudTrail to store API call logs in an Amazon S3 bucket. Configure an Amazon Simple Notification Service topic called "log-notification" that notifies subscribers when new logs are available.
  Subscribe an Amazon SQS queue to the topic.
• F. Create an AWS Elastic Beanstalk application in worker role mode that uses an Amazon Simple Email Service (SES) domain to facilitate batch processing new API call log files retrieved from an Amazon S3 bucket into a search index.
• G. Use Amazon Cloudwatch to ship AWS CloudTrail logs to your monitoring system.

Answer: B,D,E

 

NEW QUESTION 141
A government agency is storing highly confidential files in an encrypted Amazon S3 bucket. The agency has configured federated access and has allowed only a particular on-premises Active Directory user group to access this bucket.
The agency wants to maintain audit records and automatically detect and revert any accidental changes administrators make to the IAM policies used for providing this restricted federated access. Which of the following options provide the FASTEST way to meet these requirements?

• A. Configure an AWS Config rule to detect the configuration change and execute an AWS Lambda function to revert the change.
• B. Restrict administrators in the on-premises Active Directory from changing the IAM policies.
• C. Schedule an AWS Lambda function that will scan the IAM policy attached to the federated access role for detecting and reverting any changes.
• D. Configure an Amazon CloudWatch Events Event Bus on an AWS CloudTrail API for triggering the AWS Lambda function that detects and reverts the change.

Answer: D

 

NEW QUESTION 142
You have decided to migrate your application to the cloud. You cannot afford any downtime. You want to
gradually migrate so that you can test the application with a small percentage of users and increase over time.
Which of these options should you implement?

• A. Implement a Route 53 weighted routing policy that distributes the traffic between your on-premises
  application and the AWS application depending on weight.
• B. Use Direct Connect to route traffic to the on-premise location. In DirectConnect, configure the amount
  of traffic to be routed to the on-premise location.
• C. Configure an Elastic Load Balancer to distribute the traffic between the on-premises application and the
  AWS application.
• D. Implement a Route 53 failover routing policy that sends traffic back to the on-premises application if the
  AWS application fails.

Answer: A

Explanation:
Explanation
Option A is incorrect because DirectConnect cannot control the flow of traffic.
Option B is incorrect because you want to split the percentage of traffic. Failover will direct all of the traffic to
the backup servers.
Option C is incorrect because you cannot control the percentage distribution of traffic.
Weighted routing lets you associate multiple resources with a single domain name (example.com) or
subdomain name (acme.example.com) and choose how much
traffic is routed to each resource. This can be useful for a variety of purposes, including load balancing and
testing new versions of software.
For more information on the Routing policy please refer to the below link:
* http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.
html

 

NEW QUESTION 143
A DevOps Engineer needs to deploy a scalable three-tier Node.js application in AWS. The application must have zero downtime during deployments and be able to roll back to previous versions. Other applications will also connect to the same MySQL backend database.
The CIO has provided the following guidance for logging:
*Centrally view all current web access server logs.
*Search and filter web and application logs in near-real time.
*Retain log data for three months.
How should these requirements be met?

• A. Deploy the application on Amazon EC2. Configure Elastic Load Balancing and Auto Scaling. Use an Amazon RDS MySQL instance for the database tier. Configure the application to store log files in Amazon S3. Use Amazon EMR to search and filter the data. Set an Amazon S3 lifecycle rule to expire objects after 90 days.
• B. Deploy the application using AWS Elastic Beanstalk. Configure the environment type for Elastic Load Balancing and Auto Scaling. Create an Amazon RDS MySQL instance inside the Elastic Beanstalk stack. Configure the Elastic Beanstalk log options to stream logs to Amazon CloudWatch Logs. Set retention to 90 days.
• C. Deploy the application on Amazon EC2. Configure Elastic Load Balancing and Auto Scaling. Use an Amazon RDS MySQL instance for the database tier. Configure the application to load streaming log data using Amazon Kinesis Data Firehouse into Amazon ES. Delete and create a new Amazon ES domain every 90 days.
• D. Deploy the application using AWS Elastic Beanstalk. Configure the environment type for Elastic Load Balancing and Auto Scaling. Create the Amazon RDS MySQL instance outside the Elastic Beanstalk stack. Configure the Elastic Beanstalk log options to stream logs to Amazon CloudWatch Logs. Set retention to 90 days.

Answer: A

Explanation:
Explanation
https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-debugging.html

 

NEW QUESTION 144
Which of the following tools for EC2 can be used to administer instances without the need to SSH or RDP into
the instance.

• A. EC2Config
• B. RunCommand
• C. AWSConfig
• D. AWSCodePipeline

Answer: B

Explanation:
Explanation
You can use Run Command from the Amazon L~C2 console to configure instances without having to login to
each instance
For more information on the Run Command, please visit the below URL:
* http://docs.aws.a
mazon.com/systems-manager/latest/userguide/rc-console.html

 

NEW QUESTION 145
Which of these is not an instrinsic function in AWS CloudFormation?

• A. Fn::Not
• B. Fn::If
• C. Fn::Equals
• D. Fn::Parse

Answer: D

Explanation:
This is the complete list of Intrinsic Functions...: Fn::Base64, Fn::And, Fn::Equals, Fn::If, Fn::Not, Fn::Or, Fn::FindInMap, Fn::GetAtt, Fn::GetAZs, Fn::Join, Fn::Select, Ref
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function- reference.html

 

NEW QUESTION 146
......

AWS Certified DevOps Engineer  Free Certification Exam Material from LatestCram with 275 Questions: https://www.latestcram.com/DOP-C01-exam-cram-questions.html

DOP-C01 Dumps Full Questions - Exam Study Guide: https://drive.google.com/open?id=1RBAtA61oIqSH8Iy8XuN6dDwKPk0CUgHb