AWS DOP-C01 Certification Exam Sample Questions

DOP-C01 Braindumps, DOP-C01 Exam Dumps, DOP-C01 Examcollection, DOP-C01 Questions PDF, DOP-C01 Sample Questions, AWS-DevOps Dumps, AWS-DevOps Official Cert Guide PDF, AWS-DevOps VCEWe have prepared AWS DevOps Engineer Professional (DOP-C01) certification sample questions to make you aware of actual exam properties. This sample question set provides you with information about the AWS-DevOps exam pattern, question formate, a difficulty level of questions and time required to answer each question. To get familiar with AWS Certified DevOps Engineer - Professional exam, we suggest you try our Sample AWS DOP-C01 Certification Practice Exam in simulated AWS certification exam environment.

To test your knowledge and understanding of concepts with real-time scenario based AWS DOP-C01 questions, we strongly recommend you to prepare and practice with Premium AWS-DevOps Certification Practice Exam. The premium AWS-DevOps certification practice exam helps you identify topics in which you are well prepared and topics in which you may need further training to achieving great score in actual AWS Certified DevOps Engineer - Professional exam.

AWS DOP-C01 Sample Questions:

01. A company is designing a cross-region disaster recovery solution for an Amazon RDS PostgreSQL Multi-AZ DB instance. The disaster recovery solution requires an RPO of 4 hours and an RTO of 2 hours.
Which solution meets the requirements in the MOST cost-effective manner?
a) Create an AWS Lambda function that creates an RDS snapshot and copies it to another region. Create an Amazon CloudWatch Events scheduled event to trigger the Lambda function every 4 hours. Create an RDS notification event to publish an Amazon SNS message for database availability events. Subscribe a Lambda function to the SNS topic that will restore the snapshot to a new instance in the disaster recovery region, and update the connection string for the application.
b) Create an AWS Lambda function that generates a SQL dump file and saves it in an Amazon S3 bucket in another region. Create an Amazon CloudWatch Events scheduled event to trigger the Lambda function every 4 hours. Create an RDS notification event to publish an Amazon SNS message for database availability events. Subscribe a Lambda function to the SNS topic that will launch a new database instance, execute the SQL dump file, and update the connection string for the application.
c) Create an AWS Lambda function that copies the latest automated snapshot to another region. Create an Amazon CloudWatch Events scheduled event to trigger the Lambda function every 4 hours. Create an RDS notification event to publish an Amazon SNS message for database availability events. Subscribe a Lambda function to the SNS topic that will restore the snapshot to a new instance in the disaster recovery region, and update the connection string for the application.
d) Configure a read replica for the database instance in a different region. Create an RDS notification event to publish an Amazon SNS message for database availability events. Create an AWS Lambda function that will promote the read replica and update the connection string for the application. Subscribe the Lambda function to the SNS topic.
 
02. A devops engineer wants to implement a blue/green deployment process for an application on AWS and be able to gradually shift the traffic between the environments.
The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an EC2 Auto Scaling group. Data is stored in an Amazon RDS Multi-AZ DB instance. External DNS is provided by Amazon Route 53.
Which combination of steps will implement the blue/green process?
(Select THREE.)
a) Create a second Auto Scaling group behind the same Application Load Balancer.
b) Create a second Application Load Balancer and Auto Scaling group.
c) Create a second alias record in Route 53 pointing to the new environment and use a failover routing policy between the two records.
d) Create a second alias record in Route 53 pointing to the new environment and use a weighted routing policy between the two records.
e) Configure the new EC2 instances to use the same RDS database instance.
f) Configure the new EC2 instances to use the failover node of the RDS database instance.
 
03. A company is using AWS CodeBuild to build its application. Company policy requires that all build artifacts be encrypted at rest. Access to the artifacts must be limited to IAM users with permission to assume the operations role.
How can these requirements be met?
a) Add a post-build command to the CodeBuild build specification that pushes build objects to an Amazon S3 bucket. Set a bucket policy that prevents upload to the bucket unless the request includes the header x-amz-server-side-encryption. Add a Deny statement for all actions with the NotPrincipal section referencing the operations IAM group.
b) Add a post-build command to the CodeBuild build specification that pushes build objects to an Amazon S3 bucket. Configure an S3 event notification to trigger an AWS Lambda function to get the object, encrypt it, then put it back into the S3 bucket with an encrypted tag key and a true tag value. Add an S3 bucket policy with a Deny statement for all actions with the NotPrincipal section referencing the operations IAM group, and a Condition section referencing the Encrypted tag.
c) Add a post-build command to the CodeBuild build specification that pushes build objects to an Amazon S3 bucket that has S3 default encryption enabled. Set an S3 bucket policy containing a Deny statement for all actions with the NotPrincipal section referencing the operations IAM role.
d) Add a post-build command to the CodeBuild build specification that calls the AWS KMS Encrypt API call, passing the artifact to AWS KMS for encryption with a specified customer master key (CMK). Push the encrypted artifact to an Amazon S3 bucket, then set up the IAM operations group as the only key user for that CMK in AWS KMS.
 
04. A development team wants to set up an AWS CodeCommit repository. Developers should be able push changes to their own branches, but they should not be allowed to push commits or merge pull requests into the master branch.
Additionally, whenever a commit or merge occurs into the master branch, the project manager needs to receive a notification.
Which combination of steps will protect the master branch and send the alert with the shortest delay?
(Select TWO.)
a) Attach an AWS IAM policy to the developer IAM group that denies the actions of pushing commits, merging pull requests, and adding files to the master branch.
b) Attach a resource policy to the CodeCommit repository that denies members of the IAM developer group the actions of pushing commits, merging pull requests, and adding files to the master branch.
c) Set up a an AWS Lambda function that runs every 15 minutes to check for repository changes and publishes a notification to an Amazon SNS topic.
d) Set up an Amazon CloudWatch Events rule triggered by a CodeCommit Repository State Change event for the master branch and add an Amazon SNS topic as a target.
e) Configure AWS CloudTrail to send log events to Amazon CloudWatch Logs. Define a metric filter to identify repository events. Create a CloudWatch alarm with an Amazon SNS topic as a target.
 
05. A company is migrating more than 100 internal applications to AWS. The applications are independent, but all use similar corporate standard architectures. Key areas of the architectures that vary are:
- Some applications have both web and application tiers, while others just have a web tier.
- If there is a database, it is MySQL, SQL Server or PostgreSQL. (The company plans to manage all databases with Amazon RDS.)
- Some applications are built on a LAMP stack, while others are built on a .NET stack.
The devops team wants to enable each application team to launch the infrastructure to deploy their own application.
At the same time, the devops team wants to limit each team's ability to launch infrastructure outside of the corporate standard.
Which approach will allow the teams to launch the infrastructure for their applications with the minimum privileges?
a) Create two AWS Service Catalog products: one that creates a two-tier architecture and one that creates a three-tier architecture. Pass in the technology stack and the database technology as parameters. Grant the application teams the rights needed to launch the products.
b) Create two AWS CloudFormation templates: one that creates a two-tier architecture and one that creates a three-tier architecture. Pass in the technology stack and the database technology as parameters. Grant the application teams the rights needed to create the CloudFormation stacks.
c) Create an AWS CloudFormation template that launches an AWS Elastic Beanstalk web server environment application. Pass in the number of tiers, the technology stack, and the database technology as parameters. Grant the application teams the rights needed to create the CloudFormation stacks.
d) Create an AWS Service Catalog product that launches an AWS Elastic Beanstalk web server environment application. Pass in the number of tiers, the technology stack, and the database technology as parameters. Grant the application teams the rights needed to launch the product.
 
06. A devops engineer has been asked to automate security compliance for a company. The company has developed custom AWS Config rules to detect non-compliant security configurations.
When compliance issues are detected, the company wants issues to be automatically remediated and the security team to be notified over the internal security message channel. The message board has a REST interface that publishes the body of HTTPS POST requests over the channel.
Which combination of steps would successfully meet these requirements in the MOST cost-effective way?
(Select THREE.)
a) Create an Amazon CloudWatch Events rule that publishes configuration item change notifications to an Amazon SNS topic.
b) Create an Amazon CloudWatch Events rule that publishes compliance change notifications to an Amazon SNS topic.
c) Configure AWS Config to publish configuration item change notifications to an Amazon SNS topic.
d) Create an Amazon API Gateway RESTful API with AWS integration to AWS Config. Subscribe the API to the Amazon SNS topic.
e) Subscribe the message channel HTTPS endpoint to the Amazon SNS topic.
f) Write an AWS Lambda function that addresses the non-compliant security configuration. Subscribe the function to the Amazon SNS topic.
 
07. A devops engineer wrote an AWS Lambda function, defined it in an AWS CloudFormation template snippet (shown below), and stored it in an Amazon S3 bucket.
MyLambdaFunctionV1:
Type: "AWS::Lambda::Function"
Properties:
Handler: "index.handler"
Role: "arn:aws:iam::515290864834:role/AccountScanner"
Code:
S3Bucket: "johndoe-com-lambda-source"
S3Key: "AccountScanner.zip"
Runtime: "dotnetcore2.1"
Timeout: 60
The CloudFormation stack has been created and the Lambda function is working as expected.
The Engineer has obtained a new version of the function code and wants to ensure that this new version will be executed immediately following the stack update.
Which deployment procedures will accomplish this?
(Select THREE.)
a) Update the logical name of the Lambda function in the CloudFormation template from MyLambdaFunctionV1 to MyLambdaFunctionV2, then perform a CloudFormation stack update.
b) Enable versioning on the existing S3 bucket. Upload the new code to the existing S3 bucket. Specify the version ID of the S3 object in the S3ObjectVersion property of the Lambda function in the CloudFormation template, then perform a CloudFormation stack update.
c) Using AWS SAM, issue a sam deploy command to the CloudFormation template to perform a Lambda function version update.
d) Update the S3 bucket property of the Lambda function in the CloudFormation template to point to a different bucket location. Upload the new code to the new S3 bucket location, then perform a CloudFormation stack update.
e) Update the S3Key property of the Lambda function in the CloudFormation template to indicate a different location and name of the .zip file. Upload the new code to the S3 bucket, noting the location and name change of the .zip file, then perform a CloudFormation stack update.
f) Using the serverless framework, issue a serverless deploy function -f MyLambdaFunctionV1 command to perform an update to the existing Lambda function.
 
08. A company controls the source code for its product in AWS CodeCommit. The company is creating a CI/CD pipeline for the product using AWS CodePipeline.
The pipeline must automatically start on changes to the master branch of the CodeCommit repository. Changes are made to the application every day, so the pipeline needs to be as responsive as possible.
Which actions should the devops engineer take to meet these requirements?
a) Configure the pipeline to periodically check the repository. Start the pipeline when changes are detected.
b) Configure the repository to generate an Amazon CloudWatch Events event upon changes. Configure the pipeline to start in response to the event.
c) Configure the repository to periodically run an AWS Lambda function. The function should check the repository and start the pipeline when changes are detected.
d) Configure the repository to publish an SNS notification upon changes. Subscribe the pipeline to the Amazon SNS topic.
 
09. An operator is managing a legacy application on AWS. The application is a monolithic Microsoft Windows program running on a single Amazon EC2 instance. The source code for the application is not available, so the application cannot be modified.
The application has a memory leak and malfunctions when memory utilization on the instance goes above 90%. The operator has configured the uniform Amazon CloudWatch agent on the EC2 instance to collect the memory utilization Performance Monitor counter.
Which actions should the operator take to prevent the application from malfunctioning?
(Select TWO.)
a) Create an Amazon CloudWatch Events event that publishes to an Amazon SNS topic when memory utilization goes above 80%.
b) Create a metric filter on memory utilization in Amazon CloudWatch Logs. Create a CloudWatch alarm on the memory utilization filter that publishes to an Amazon SNS topic when the memory utilization goes above 80%.
c) Create a CloudWatch alarm on the memory utilization metric that publishes to an Amazon SNS topic when the memory utilization goes above 80%.
d) Subscribe an Amazon Lambda function to the Amazon SNS topic that restarts the application with an AWS Systems Manager Run Command.
e) Subscribe the EC2 instance to the Amazon SNS topic and run a script that restarts the application.
 
10. A company runs an application on Amazon EC2 instances running the latest version of the Amazon Linux AMI. When applying new security patches, Server administrators manually remove affected instances from service, patch them, and then place them back into service.
A new company security policy requires that security patches be applied within 7 days of the patch being released.
The security team must verify that all instances are in compliance. Patching should be done during a time that has the least impact on users.
How can administrators automate security policy compliance?
a) Configure an AWS CodeBuild project to download and apply patches to all machines over SSH. Use an Amazon CloudWatch Events scheduled event to run the CodeBuild project during a maintenance window.
b) Use AWS Systems Manager Patch Manager to create a patch baseline. Create a script on the EC2 instances that uses the CLI to pull the latest patches from Patch Manager. Create a cron job to schedule the script to run during a maintenance window.
c) Create a script that applies any available security patches. Create a cron job to schedule the script to run during a maintenance window. Install the script and cron job on the application AMI and redeploy the application.
d) Enlist all application EC2 instances in a patch group. Use AWS Systems Manager Patch Manager to create a patch baseline. Configure a maintenance window to apply the patch baseline.

Answers:

Question: 01
Answer: a
Question: 02
Answer: b, d, e
Question: 03
Answer: c
Question: 04
Answer: a, d
Question: 05
Answer: a
Question: 06
Answer: b, e, f
Question: 07
Answer: b, d, e
Question: 08
Answer: b
Question: 09
Answer: c, d
Question: 10
Answer: d

Note: Please update us by writing an email on feedback@vmexam.com for any error in AWS Certified DevOps Engineer - Professional certification exam sample questions

Your rating: None Rating: 4.9 / 5 (62 votes)