Updated Apr-2023 DOP-C01 Free Exam Files Downloaded Instantly [Q127-Q147]

Updated Apr-2023 DOP-C01 Free Exam Files Downloaded Instantly

Practice Exams and Training Solutions for Certifications

NEW QUESTION # 127
A security review has identified that an AWS CodeBuild project is downloading a database population script from an Amazon S3 bucket using an unauthenticated request. The Security team does not allow unauthenticated requests to S3 buckets for this project.
How can this issue be corrected in the MOST secure manner?

• A. Add the bucket name to the AllowedBuckets section of the CodeBuild project settings. Update the build spec to use the AWS CLI to download the database population script.
• B. Remove unauthenticated access from the S3 bucket with a bucket policy. Use the AWS CLI to download the database population script using an IAM access key and a secret access key.
• C. Remove unauthenticated access from the S3 bucket with a bucket policy. Modify the service role for the CodeBuild project to include Amazon S3 access. Use the AWS CLI to download the database population script.
• D. Modify the S3 bucket settings to enable HTTPS basic authentication and specify a token. Update the build spec to use cURL to pass the token and download the database population script.

Answer: B

NEW QUESTION # 128
Your company needs to automate 3 layers of a large cloud deployment. You want to be able to track this deployment's evolution as it changes over time, and carefully control any alterations. What is a good way to automate a stack to meet these requirements?

• A. Use Elastic Beanstalk Linked Applications, passing the important DNS entires between layers using the metadata interface.
• B. Use CloudFormation Nested Stack Templates, with three child stacks to represent the three logical layers of your cloud.
• C. Use OpsWorks Stacks with three layers to model the layering in your stack.
• D. Use AWS Config to declare a configuration set that AWS should roll out to your cloud.

Answer: B

Explanation:
Explanation
As your infrastructure grows, common patterns can emerge in which you declare the same components in each of your templates. You can separate out these common components and create dedicated templates for them.
That way, you can mix and match different templates but use nested stacks to create a single, unified stack. Nested stacks are stacks that create other stacks. To create nested stacks, use the AWS:: Cloud Form ation::Stackresource in your template to reference other templates.
For more information on nested stacks, please visit the below URL:
* http://docs^ws.amazon.com/AWSCIoudFormation/latest/UserGuide/best-practices.html#nested Note:
The query is, how you can automate a stack over the period of time, when changes are required, with out recreating the stack.
The function of Nested Stacks are to reuse Common Template Patterns.
For example, assume that you have a load balancer configuration that you use for most of your stacks. Instead of copying and pasting the same configurations into your templates, you can create a dedicated template for the load balancer. Then, you just use the resource to reference that template from within other templates.
Yet another example is if you have a launch configuration with certain specific configuration and you need to change the instance size only in the production environment and to leave it as it is in the development environment.
AWS also recommends that updates to nested stacks are run from the parent stack.
When you apply template changes to update a top-level stack, AWS CloudFormation updates the top-level stack and initiates an update to its nested stacks. AWS Cloud Formation updates the resources of modified nested stacks, but does not update the resources of unmodified nested stacks.

NEW QUESTION # 129
A DevOps Engineer is working on a project that is hosted on Amazon Linux and has failed a security review.
The DevOps Manager has been asked to review the company buildspec.yaml file for an AWS CodeBuild project and provide recommendations. The buildspec.yaml file is configured as follows:

What changes should be recommended to comply with AWS security best practices? (Select THREE.)

• A. Store the DB_PASSWORD as a SecureString value in AWS Systems Manager Parameter Store and then remove the DB_PASSWORD from the environment variables.
• B. Scramble the environment variables using XOR followed by Base64, add a section to install, and then run XOR and Base64 to the build phase.
• C. Use AWS Systems Manager run command versus scp and ssh commands directly to the instance.
• D. Add a post-build command to remove the temporary files from the container before termination to ensure they cannot be seen by other CodeBuild users.
• E. Move the environment variables to the "~db-deploy-bucket' Amazon S3 bucket, add a prebuild stage to download, then export the variables.
• F. Update the CodeBuild project role with the necessary permissions and then remove the AWS credentials from the environment variable.

Answer: A,C,F

Explanation:
Explanation
https://aws.amazon.com/codebuild/faqs/

NEW QUESTION # 130
You run accounting software in the AWS cloud. This software needs to be online continuously during the day every day of the week, and has a very static requirement for compute resources. You also have other, unrelated batch jobs that need to run once per day at anytime of your choosing. How should you minimize cost?

• A. Purchase a Light Utilization Reserved Instance to run the accounting software. Turn it off after hours.
  Run the batch jobs with the same instance class, so the Reserved Instance credits are also applied to the batch jobs.
• B. Purchase a Heavy Utilization Reserved Instance to run the accounting software. Turn it off after hours.
  Run the batch jobs with the same instance class, so the Reserved Instance credits are also applied to the batch jobs.
• C. Purch ase a Full Utilization Reserved Instance to run the accounting software. Turn it off after hours.
  Run the batch jobs with the same instance class, so the Reserved Instance credits are also applied to the batch jobs.
• D. Purch ase a Medium Utilization Reserved Instance to run the accounting software. Turn it off after hours. Run the batch jobs with the same instance class, so the Reserved Instance credits are also applied to the batch jobs.

Answer: B

Explanation:
Explanation
Reserved Instances provide you with a significant discount compared to On-Demand Instance pricing.
Reserved Instances are not physical instances, but rather a
billing discount applied to the use of On-Demand Instances in your account. These On-Demand Instances must match certain attributes in order to benefit from the billing discount For more information, please refer to the below link:
* https://aws.amazon.com/about-aws/whats-new/2011/12/01/New-Amazon-CC2-Reserved-lnstances-Options-Now
* https://aws.amazon.com/blogs/aws/reserved-instance-options-for-amazon-ec2/
* http://docs.aws.a
mazon.com/AWSCC2/latest/UserGuide/ec2-reserved-insta nces.html
Note:
It looks like these options are also no more available at present.
It looks like Convertible, Standard and scheduled are the new instance options. However the exams may still be referring to the old RIs. https://aws.amazon.com/ec2/pricing/reserved-instances/

NEW QUESTION # 131
You are working for a startup company that is building an application that receives large amounts of data.
Unfortunately, current funding has left the start-up short on cash, cannot afford to purchase thousands of
dollars of storage hardware, and has opted to use AWS. Which services would you implement in order to store
a virtually unlimited amount of data without any effort to scale when demand unexpectedly increases? Choose
the correct answer from the options below

• A. AmazonGlacier, to keep costs low for storage and scale infinitely
• B. AmazonS3, because it provides unlimited amounts of storage data, scales automatically highly available,
  and durable
• C. Amazonlmport/Export, because Amazon assists in migrating large amounts of data toAmazon S3
• D. AmazonEC2, because EBS volumes can scale to hold any amount of data and, when usedwith Auto
  Scaling, can be designed for fault tolerance and high availability

Answer: B

Explanation:
Explanation
The best option is to use S3 because you can host a large amount of data in S3 and is the best storage option
provided by AWS.
For more information on S3, please refer to the below link:
* http://docs.aws.a
mazon.com/AmazonS3/latest/dev/We lcome.htm I

NEW QUESTION # 132
A company has established tagging and configuration standards for its infrastructure resources running on AWS. A DevOps Engineer is developing a design that will provide a near-real-time dashboard of the compliance posture with the ability to highlight violations.
Which approach meets the stated requirements?

• A. Use AWS Config to record configuration changes and output the data to an Amazon S3 bucket. Create an Amazon QuickSight analysis of the dataset, and use the information on dashboards and mobile devices.
• B. Define the resource configurations in AWS Service Catalog, and monitor the AWS Service Catalog compliance and violations in Amazon CloudWatch. Then, set up and share a live CloudWatch dashboard. Set up Amazon SNS notifications for violations and corrections.
• C. Create a resource group that displays resources with the specified tags and those without tags. Use the AWS Management Console to view compliant and non-compliant resources.
• D. Define the compliance and tagging requirements in Amazon inspector. Output the results to Amazon CloudWatch Logs. Build a metric filter to isolate the monitored elements of interest and present the data in a CloudWatch dashboard.

Answer: A

Explanation:
Explanation
https://aws.amazon.com/about-aws/whats-new/2019/03/aws-config-now-supports-tagging-of-aws-config-resourc

NEW QUESTION # 133
Which status represents a failure state in AWS CloudFormation?

• A. <code>UPDATE_COMPLETE_CLEANUP_IN_PROGRESS</code>
• B. <code>DELETE_COMPLETE_WITH_ARTIFACTS</code>
• C. <code>ROLLBACK_FAILED</code>
• D. <code>ROLLBACK_IN_PROGRESS</code>

Answer: D

Explanation:
ROLLBACK_IN_PROGRESS means an UpdateStack operation failed and the stack is in the process of
trying to return to the valid, pre-update state. UPDATE_COMPLETE_CLEANUP_IN_PROGRESS means
an update was successful, and CloudFormation is deleting any replaced, no longer used resources.
ROLLBACK_FAILED is not a CloudFormation state (but UPDATE_ROLLBACK_FAILED is).
DELETE_COMPLETE_WITH_ARTIFACTS does not exist at all.
Reference:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html

NEW QUESTION # 134
An application runs on Amazon EC2 instances behind an Application Load Balancer. Amazon RDS MySOL is used on the backend. The instances run in an Auto Scaling group across multiple Availability Zones. The Application Load Balancer health check ensures the web servers are operating and able to make read/write SQL connections. Amazon Route 53 provides DNS functionality with a record pointing to the Application Load Balancer. A new policy requires a geographically isolated disaster recovery site with an RTO of 4 hours and an RPO of 15 minutes.
Which disaster recovery strategy will require the LEAST amount of changes to the application stack?

• A. Launch a replica stack of everything except RDS in a different Availability Zone. Create an RDS read- only replica in a new Availability Zone and configure the new stack to point to the local RDS instance.
  Add the new stack to the Route 53 record set with a failover routing policy.
• B. Launch a replica stack of everything except RDS in a different region. Create an RDS read-only replica in a new region and configure the new stack to point to the local RDS instance. Add the new stack to the Amazon Route 53 record set with a failover routing policy.
• C. Launch a replica stack of everything except RDS in a different region. Upon failure, copy the snapshot over from the primary region to the disaster recovery region. Adjust the Amazon Route 53 record set to point to the disaster recovery region's Application Load Balancer.
• D. Launch a replica stack of everything except RDS in a different region. Create an RDS read-only replica in a new region and configure the new stack to point to the local RDS instance. Add the new stack to the Route 53 record set with a latency routing policy.

Answer: A

NEW QUESTION # 135
You have decided that you need to change the instance type of your production instances which are running as part of an AutoScaling group. The entire architecture is deployed using CloudFormation Template. You currently have 4 instances in Production. You cannot have any interruption in service and need to ensure 2 instances are always runningduring the update? Which of the options below listed can be used for this?

• A. AutoScalinglntegrationUpdate
• B. AutoScalingReplacingUpdate
• C. AutoScalingRollingUpdate
• D. AutoScalingScheduledAction

Answer: C

Explanation:
Explanation
The AWS::AutoScaling::AutoScalingGroup resource supports an UpdatePoIicy attribute. This is used to define how an Auto Scalinggroup resource is updated when an update to the Cloud Formation stack occurs. A common approach to updating an Auto Scaling group is to perform a rolling update, which is done by specifying the AutoScalingRollingUpdate policy. This retains the same Auto Scaling group and replaces old instances with new ones, according to the parameters specified. For more information on Autoscaling updates, please refer to the below link:
* https://aws.amazon.com/premiumsupport/knowledge-center/auto-scaling-group-rolling-updates/

NEW QUESTION # 136
You need the absolute highest possible network performance for a cluster computing application.
You already selected homogeneous instance types supporting 10 gigabit enhanced networking, made sure that your workload was network bound, and put the instances in a placement group.
What is the last optimization you can make?

• A. Turn off SYN/ACK on your TCP stack or begin using UDP for higher throughput.
• B. Use 9001 MTU instead of 1500 for Jumbo Frames, to raise packet body to packet overhead ratios.
• C. Segregate the instances into different peered VPCs while keeping them all in a placement group, so each one has its own Internet Gateway.
• D. Bake an AMI for the instances and relaunch, so the instances are fresh in the placement group and do not have noisy neighbors.

Answer: B

Explanation:
For instances that are collocated inside a placement group, jumbo frames help to achieve the maximum network throughput possible, and they are recommended in this case.
For more information, see Placement Groups.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/network_mtu.html#jumbo_frame_instanc es

NEW QUESTION # 137
A company is using Docker containers for an application deployment and wants to move its application to AWS. The company currently manages its own clusters on premises to manage the deployment of these containers. It wants to deploy its application to a managed service in AWS and wants the entire flow of the deployment process to be automated. In addition, the company has the following requirements:
* Focus first on the development workload.
* The environment must be easy to manage.
* Deployment should be repeatable and reusable for new environments.
* Store the code in a GitHub repository.
Which solution will meet these requirements?

An internal server error occurred.

The Amazon DOP-C01 (AWS Certified DevOps Engineer - Professional) certification exam is a challenging but rewarding certification for professionals looking to take their AWS DevOps knowledge to the next level. With the increasing demand for DevOps professionals in the industry, this certification can help you stand out from the crowd and advance your career in the field of AWS DevOps.

 

Q&As with Explanations Verified & Correct Answers: https://www.latestcram.com/DOP-C01-exam-cram-questions.html

Dumps Free Test Engine Player Verified Answers: https://drive.google.com/open?id=1EFpg53CjBx2-HIYcKtF9R3DCZsNx7IKv