Amazon AWS Certified DevOps Engineer - Professional DOP-C01
Prev

There are 96 results

Next
#11 (Accuracy: 100% / 1 votes)
An Engineering team manages a Node.js e-commerce application. The current environment consists of the following components:
✑ Amazon S3 buckets for storing content
✑ Amazon EC2 for the front-end web servers
✑ AWS Lambda for image processing
✑ Amazon DynamoDB for storing session-related data
The team expects a significant increase in traffic to the site. The application should handle the additional load without interruption. The team ran initial tests by adding new servers to the EC2 front-end to handle the larger load, but the instances took up to 20 minutes to become fully configured. The team wants to reduce this configuration time.
What changes will the Engineering team need to implement to make the solution the MOST resilient and highly available while meeting the expected increase in demand?
  • A. Use AWS OpsWorks to automatically configure each new EC2 instance as it is launched. Configure the EC2 instances by using an Auto Scaling group behind an Application Load Balancer across multiple Availability Zones. Implement Amazon DynamoDB Auto Scaling. Use Amazon Route 53 to point the application DNS record to the Application Load Balancer.
  • B. Deploy a fleet of EC2 instances, doubling the current capacity, and place them behind an Application Load Balancer. Increase the Amazon DynamoDB read and write capacity units. Add an alias record that contains the Application Load Balancer endpoint to the existing Amazon Route 53 DNS record that points to the application.
  • C. Configure Amazon CloudFront and have its origin point to Amazon S3 to host the web application. Implement Amazon DynamoDB Auto Scaling. Use Amazon Route 53 to point the application DNS record to the CloudFront DNS name.
  • D. Use AWS Elastic Beanstalk with a custom AMI including all web components. Deploy the platform by using an Auto Scaling group behind an Application Load Balancer across multiple Availability Zones. Implement Amazon DynamoDB Auto Scaling. Use Amazon Route 53 to point the application DNS record to the Elastic Beanstalk load balancer.
#12 (Accuracy: 100% / 2 votes)
An ecommerce company is receiving reports that its order history page is experiencing delays in reflecting the processing status of orders. The order processing system consists of an AWS Lambda function that uses reserved concurrency. The Lambda function processes order messages from an Amazon Simple Queue Service (Amazon SQS) queue and inserts processed orders into an Amazon DynamoDB table. The DynamoDB table has auto scaling enabled for read and write capacity.

Which actions should a DevOps engineer take to resolve this delay? (Choose two.)
  • A. Check the ApproximateAgeOfOldestMessage metric for the SQS queue. Increase the Lambda function concurrency limit.
  • B. Check the ApproximateAgeOfOldestMessage metric for the SQS queue. Configure a redrive policy on the SQS queue.
  • C. Check the NumberOfMessagesSent metric for the SQS queue. Increase the SQS queue visibility timeout.
  • D. Check the WriteThrottleEvents metric for the DynamoDB table. Increase the maximum write capacity units (WCUs) for the table's scaling policy.
  • E. Check the Throttles metric for the Lambda function. Increase the Lambda function timeout.
#13 (Accuracy: 100% / 4 votes)
A DevOps engineer at a company is supporting an AWS environment in which all users use AWS IAM identity Center (AWS Single Sign-On). The company wants to immediately disable credentials of any new IAM user and wants the security team to receive a notification.

Which combination of steps should the DevOps engineer take to meet these requirements? (Choose three.)
  • A. Create an Amazon EventBridge rule that reacts to an IAM CreateUser API call in AWS CloudTrail.
  • B. Create an Amazon EventBridge rule that reacts to an IAM GetLoginProfile API call in AWS CloudTrail.
  • C. Create an AWS Lambda function that is a target of the EventBridge rule. Configure the Lambda function to disable any access keys and delete the login profiles that are associated with the IAM user.
  • D. Create an AWS Lambda function that is a target of the EventBridge rule. Configure the Lambda function to delete the login profiles that are associated with the IAM user.
  • E. Create an Amazon Simple Notification Service (Amazon SNS) topic that is a target of the EventBridge rule. Subscribe the security team’s group email address to the topic.
  • F. Create an Amazon Simple Queue Service (Amazon SQS) queue that is a target of the Lambda function. Subscribe the security team's group email address to the queue.
#14 (Accuracy: 100% / 2 votes)
A company uses AWS CloudFormation to manage an application that runs on Amazon EC2 Instances. The instances are in an Amazon EC2 Auto Scaling group. The company wants to treat its infrastructure as immutable.

A DevOps engineer must implement a solution to replace two EC2 instances at a time whenever operating system configuration updates are needed or when new Amazon Machine. Images (AMIs) are needed. A minimum of four EC2 instances must be running whenever an update is in progress.

Which solution will meet these requirements?
  • A. Modify the CloudFormation template to include an UpdatePolicy attribute for the Auto Scaling group. Include the AutoScalingRollingUpdate policy with MinInstancesInService of 4 and MaxBatchSize of 2. Whenever a software update is needed, alter either or both of the ImageId and UserData of the AWS::EC2::LaunchTemplate and update the stack.
  • B. Set the Auto Scaling group’s minimum capacity to 4. Create an AWS CodeDeploy deployment group that has an in-place deployment type. Select Amazon EC2 Auto Scaling group for the environment configuration. Whenever a new revision is available, create a new CodeDeploy deployment that has a deployment configuration of CodeDeployDefault HalfAtATime.
  • C. Set the Auto Scaling group's minimum capacity to 4. Create an AWS CodeDeploy deployment group that has a blue/green deployment type. Select Amazon EC2 Auto Scaling group for the environment configuration. Whenever a new revision is available, create a new CodeDeploy deployment that has a deployment configuration of CodeDeployDefault HalfAtATime.
  • D. Modify the CloudFormation template to include a StackPolicy. Designate an AutoScalingReplacingUpdate policy to control the update. Specify MinInstancesInService of 4 and MaxBatchSize of 2. Whenever a software update is needed, alter either or both of the ImageId and UserData of the AWS::EC2::LaunchTemplate and update the stack.
#15 (Accuracy: 100% / 3 votes)
A company needs to scan code changes for security issues before deployment and must prevent noncompliant code from being deployed. The company uses an AWS CodePipeline pipeline that starts when code changes occur. The code changes occur many times each day.

The company's security team supports a third-party application for code scans and has provided command-line integration steps to submit code scans. The code scan step requires a user name and password.

Which solution will meet these requirements in the MOST secure way?
  • A. Create a new AWS CodeBuild project. Configure the user name and password in an environment variable. Use the user name and password to run the command-line integration steps. Update the CodePipeline pipeline to include a new scan stage. In the new scan stage, include a test action that uses the newly created CodeBuild project.
  • B. Create a new AWS CodeBuild project. Store the user name and password as a secret in AWS Secrets Manager Read the secret from Secrets Manager. Use the user name and password to run the command-line integration steps. Update the CodePipeline pipeline to include a new scan stage. In the new scan stage, include a test action that uses the newly created CodeBuild project.
  • C. Create a new AWS CodeBuild project. Store the user name and password as a string in AWS Systems Manager Parameter Store. Read the string from Parameter Store. Use the user name and password to run the command-line integration steps. Update the CodePipeline pipeline to include a new scan stage. In the new scan stage, include a test action that uses the newly created CodeBuild project.
  • D. Upload the user name and password in an encrypted JSON file to an Amazon S3 bucket that has a specific policy to allow only administrators to read the file. Create a new AWS CodeBuild project. Use the user name and password from the file in Amazon S3 to run the command-line integration steps. Update the CodePipeline pipeline to include a new scan stage. In the new scan stage, include a test action that uses the newly created CodeBuild project.
#16 (Accuracy: 100% / 2 votes)
A company has migrated its container-based applications to Amazon EKS and want to establish automated email notifications. The notifications sent to each email address are for specific activities related to EKS components. The solution will include Amazon SNS topics and an AWS Lambda function to evaluate incoming log events and publish messages to the correct SNS topic.

Which logging solution will support these requirements?
  • A. Enable Amazon CloudWatch Logs to log the EKS components. Create a CloudWatch subscription filter for each component with Lambda as the subscription feed destination.
  • B. Enable Amazon CloudWatch Logs to log the EKS components. Create CloudWatch Logs Insights queries linked to Amazon EventBridge events that invoke Lambda.
  • C. Enable Amazon S3 logging for the EKS components. Configure an Amazon CloudWatch subscription filter for each component with Lambda as the subscription feed destination.
  • D. Enable Amazon S3 logging for the EKS components. Configure S3 PUT Object event notifications with AWS Lambda as the destination.
#17 (Accuracy: 100% / 4 votes)
A DevOps engineer is creating an AWS CloudFormation template to deploy a web service. The web service will run on Amazon EC2 instances in a private subnet behind an Application Load Balancer (ALB). The DevOps engineer must ensure that the service can accept requests from clients that have IPv6 addresses.

What should the DevOps engineer do with the CloudFormation template so that IPv6 clients can access the web service?
  • A. Add an IPv6 CIDR block to the VPC and the private subnet for the EC2 instances. Create route table entries for the IPv6 network, use EC2 instance types that support IPv6, and assign IPv6 addresses to each EC2 instance.
  • B. Assign each EC2 instance an IPv6 Elastic IP address. Create a target group and add the EC2 instances as targets. Create a listener on port 443 of the ALB, and associate the target group with the ALB.
  • C. Replace the ALB with a Network Load Balancer (NLB). Add an IPv6 CIDR block to the VPC and subnets for the NLB, and assign the NLB an IPv6 Elastic IP address.
  • D. Add an IPv6 CIDR block to the VPC and subnets for the ALB. Create a listener on port 443, and specify the dualstack IP address type on the ALB. Create a target group and add the EC2 instances as targets. Associate the target group with the ALB.
#18 (Accuracy: 100% / 5 votes)
A DevOps engineer is implementing governance controls for a company that requires its infrastructure to be housed within the United States. The engineer must restrict which AWS Regions can be used, and ensure an alert is sent as soon as possible if any activity outside the governance policy takes place. The controls should be automatically enabled on any new Region outside the United States (US).

Which combination of actions will meet these requirements? (Choose two.)
  • A. Create an AWS Organizations SCP that denies access to all non-global services in non-US Regions. Attach the policy to the root of the organization.
  • B. Configure AWS CloudTrail to send logs to Amazon CloudWatch Logs and enable it for all Regions. Use a CloudWatch Logs metric filter to send an alert on any service activity in non-US Regions.
  • C. Use an AWS Lambda function that checks for AWS service activity and deploy it to all Regions. Write an Amazon EventBridge rule that runs the Lambda function every hour, sending an alert if activity is found in a non-US Region.
  • D. Use an AWS Lambda function to query Amazon Inspector to look for service activity in non-US Regions and send alerts if any activity is found.
  • E. Write an SCP using the aws:RequestedRegion condition key limiting access to US Regions. Apply the policy to all users, groups and roles.
#19 (Accuracy: 100% / 5 votes)
A company is using an Amazon API Gateway API and an AWS Lambda function to host a microservice. The microservice accesses pricing data in an Amazon DynamoDB table for the company’s online store.

Interest in the online store has increased. As a result, latency issues and throttling on the DynamoDB table are occurring when a specific query runs. Some internal services access the DynamoDB table directly. No caching is enabled for the current solution.

A DevOps engineer notices that repeat requests to the API are taking the same amount of time as unique requests. The DevOps engineer must reduce the latency for the repeat requests to the API and must reduce the throttling on the DynamoDB table.

Which solution will meet these requirements?
  • A. Enable caching for API Gateway stages. Use DynamoDB Accelerator (DAX) for the DynamoDB table.
  • B. Enable caching tor API Gateway stages. Use Amazon ElastiCache for Memcached caching for the DynamoDB table.
  • C. Use provisioned concurrency for the Lambda function. Use DynamoDB Accelerator (DAX) for the DynamoDB table.
  • D. Use provisioned concurrency for the Lambda function. Increase the RCUs for the DynamoDB table.
#20 (Accuracy: 100% / 4 votes)
A company has a single AWS account where active development occurs. The company's security team has implemented Amazon GuardDuty, AWS Config, and AWS CloudTrail within the account. The security team wants to receive notifications in near real time for only high-severity findings from GuardDuty. The security team uses an Amazon Simple Notification Service (Amazon SNS) topic for notifications from other security tools in the account.

How can a DevOps engineer meet these requirements?
  • A. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule that detects GuardDuty findings. Use an input transformer to detect high-severity event patterns. Configure the rule to publish a message to the SNS topic.
  • B. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule that detects noncompliance with the guardduty-non-archived-findings AWS Config managed rule for high-severity GuardDuty findings. Configure the EventBridge (CloudWatch Events) rule to publish a message to the SNS topic.
  • C. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule with an event pattern that matches GuardDuty ListFindings API calls with a high severity level. Configure the rule to publish a message to the SNS topic.
  • D. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule with an event pattern that matches GuardOuty findings that have a high severity level within the event. Configure the rule to publish a message to the SNS topic.