• Home
  • Articles
  • Latest Verified & Correct Amazon DOP-C01 Questions & Answers Daily Updated [Q149-Q171]

Latest Verified & Correct Amazon DOP-C01 Questions & Answers Daily Updated [Q149-Q171]

Share

Latest Verified & Correct Amazon DOP-C01 Questions & Answers Daily Updated

100% Pass Guaranteed Download AWS Certified DevOps Engineer Exam PDF Q&A

NEW QUESTION 149
Your API requires the ability to stay online during AWS regional failures. Your API does not store any state, it only aggregates data from other sources - you do not have a database. What is a simple but effective way to achieve this uptime goal?

  • A. Use an ELB and a cross-zone ELB deployment to create redundancy across datacenters. Even if a region fails, the other AZ will stay online.
  • B. Create a Route53 Latency Based Routing Record with Failover and point it to two identical deployments of your stateless API in two different regions. Make sure both regions use Auto Scaling Groups behind ELBs.
  • C. Use a CloudFront distribution to serve up your API. Even if the region your API is in goes down, the edge locations CloudFront uses will be fine.
  • D. Create a Route53 Weighted Round Robin record, and if one region goes down, have that region redirect to the other region.

Answer: B

Explanation:
Latency Based Records allow request distribution when all is well with both regions, and the Failover component enables fallbacks between regions. By adding in the ELB and ASG, your system in the surviving region can expand to meet 100% of demand instead of the original fraction, whenever failover occurs.
http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html

 

NEW QUESTION 150
What is the proper (best practice) way to begin a playbook?

  • A. ###
  • B. - hosts: all
  • C. ---
  • D. ...

Answer: C

Explanation:
All YAML files can begin with `---' and end with `...' to indicate where YAML starts and ends.
While this is optional it is considered best practice.
Reference: http://docs.ansible.com/ansible/YAMLSyntax.html

 

NEW QUESTION 151
A company has established tagging and configuration standatrds for its infrastructure resources running on AWS. A DevOps Engineer is developing a design that will provide a near-real-time dashboard of the compliance posture with the ability to highlight violations.
Which approach meets the stated requirements?

  • A. Define the compliance and tagging requirements in Amazon inspector. Output the results to Amazon CloudWatch Logs. Build a metric filter to isolate the monitored elements of interest and present the data in a CloudWatch dashboard.
  • B. Create a resource group that displays resources with the specified tags and those without tags.
    Use the AWS Management Console to view compliant and non-compliant resources.
  • C. Use AWS Config to record configuration changes and output the data to an Amazon S3 bucket.
    Create an Amazon QuickSight analysis of the dataset, and use the information on dashboards and mobile devices.
  • D. Define the resource configurations in AWS Service Catalog, and monitor the AWS Service Catalog compliance and violations in Amazon CloudWatch. Then, set up and share a live CloudWatch dashboard. Set up Amazon SNS notifications for violations and corrections.

Answer: C

 

NEW QUESTION 152
How does Amazon RDS multi Availability Zone model work?

  • A. A second, standby database is deployed and maintained in a different availability zone from master, using synchronous replication.
  • B. A second, standby database is deployed and maintained in a different region from master using synchronous replication.
  • C. A second, standby database is deployed and maintained in a different availability zone from master using asynchronous replication.
  • D. A second, standby database is deployed and maintained in a different region from master using asynchronous replication.

Answer: A

Explanation:
In a Multi-AZ deployment, Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone.
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html

 

NEW QUESTION 153
A financial institution provides security-hardened AMIs of Red Hat Enterprise Linux 7.4 and Windows Server
2016 for its application teams to use in deployments. A DevOps Engineer needs to implement an automated daily check of each AMI to monitor for the latest CVE.
How should the Engineer implement these checks using Amazon Inspector?

  • A. Tag each AMI with SecurityCheck: True. Implement a scheduled Amazon Inspector assessment to run once each day for all AMIs with the tag SecurityCheck: True. Amazon Inspector should automatically launch an Amazon EC2 instance for each AMI and perform a security assessment.
  • B. Tag each AMI with SecurityCheck: True. Configure AWS Step Functions to first compose an Amazon Inspector assessment template for all AMIs that have the tag SecurityCheck: True and second to make a call to the Amazon Inspector API action StartAssessmentRun. Implement a scheduled Amazon CloudWatch Events rule that triggers Step Functions once each day.
  • C. Install the Amazon Inspector agent in each AMI. Configure AWS Step Functions to launch an Amazon EC2 instance for each operating system from the hardened AMI, and tag the instance with SecurityCheck: True. Once EC2 instances have booted up, Step Functions will trigger an Amazon Inspector assessment for all instances with the tag SecurityCheck: True. Implement a scheduled Amazon CloudWatch Events rule that triggers Step Functions once each day.
  • D. Tag each instance with SecurityCheck: True. Implement a scheduled Amazon Inspector assessment to tun once each day for all instances with the tag SecurityCheck: True. Amazon Inspector should automatically perform an in-place security assessment for each AMI.

Answer: C

 

NEW QUESTION 154
A DevOps Engineer is developing a deployment strategy that will allow for data-driven decisions before a feature is fully approved for general availability. The current deployment process uses AWS CloudFormation and blue/green-style deployments. The development team has decided that customers should be randomly assigned to groups, rather than using a set percentage, and redirects should be avoided.
What process should be followed to implement the new deployment strategy?

  • A. Configure Amazon CloudFront with an AWS Lambda@Edge function to set a cookie when CloudFront receives a request. Assign the user to a version A or B, then return the corresponding version to the viewer.
  • B. Configure Amazon Route 53 with an AWS Lambda function to set a cookie when Amazon CloudFront receives a request. Assign the user to version A or B, then return the corresponding version to the viewer.
  • C. Configure Amazon CloudFront with an AWS Lambda@Edge function to set a cookie when CloudFront receives a request. Assign the user to a version A or B, and configure the web server to redirect to version A or B.
  • D. Configure Amazon Route 53 weighted records for the blue and green stacks, with 50% of traffic configured to route to each stack.

Answer: A

 

NEW QUESTION 155
A healthcare provider has a hybrid architecture that includes 120 on-premises VMware servers running RedHat and 50 Amazon EC2 instances running Amazon Linux. The company is in the middle of an all-in migration to AWS and wants to implement a solution for collecting information from the on-premises virtual machines and the EC2 instances for data analysis. The information includes:
- Operating system type and version
- Data for installed applications
- Network configuration information, such as MAC and IP addresses
- Amazon EC2 instance AMI ID and IAM profile
How can these requirements be met with the LEAST amount of administration?

  • A. Install AWS Systems Manager agents on both the on-premises virtual machines and the EC2 instances.
    Enable inventory collection and configure resource data sync to an Amazon S3 bucket to analyze the data with Amazon Athena.
  • B. Write a shell script to run as a cron job on EC2 instances to collect and push the data to Amazon S3. For on-premises resources, use VMware vSphere to collect the data and write it into a file gateway for storing the data in S3. Finally, use Amazon Athena on the S3 bucket for analytics.
  • C. Use a script on the on-premises virtual machines as well as the EC2 instances to gather and push the data into Amazon S3, and then use Amazon Athena for analytics.
  • D. Use AWS Application Discovery Service for deploying Agentless Discovery Connector in the VMware environment and Discovery Agents on the EC2 instances for collecting the data. Then use the AWS Migration Hub Dashboard for analytics.

Answer: A

 

NEW QUESTION 156
You are using Autoscaling for managing the instances in your AWS environment. You need to deploy a new
version of your application. You'd prefer to use all new instances if possible, but you cannot have any
downtime. You also don't want to swap any environment urls. Which of the following deployment methods
would you implement

  • A. Using "Blue Green" with "All at once" deployment method.
  • B. Using "Blue Green" deployment method.
  • C. Using "All at once" deployment method.
  • D. Using"RollingUpdates"deploymentmethod.

Answer: D

Explanation:
Explanation
In Rolling deployment, you can mention a new set of servers which can replace the existing set of servers.
This replacement will happen in a phased out manner.
Since there is a requirement to not swap URL's, you must not use Blue Green deployments.
For more information on the differences between Rolling Updates and Blue Green deployments, please refer
to the below URL:
* https://cloudnative.io/docs/blue-green-deployment/

 

NEW QUESTION 157
Company policies require that information about IP traffic going between instances in the production Amazon VPC is captured. The capturing mechanism must always be enabled and the Security team must be notified when any changes in configuration occur.
What should be done to ensure that these requirements are met?

  • A. Create a flow log for the production VPC and assign an Amazon S3 bucket as a destination for delivery. Using Amazon S3 Event Notification, set up an AWS Lambda function that is triggered when a new log file gets delivered. This Lambda function updates an entry in Amazon DynamoDB, which is periodically checked by scheduling an Amazon CloudWatch Events rule to notify security when logs have not arrived.
  • B. Using the UserData section of an AWS CloudFormation template, install tcpdump on every provisioned Amazon EC2 instance. The output of the tool is sent to Amazon EFS for aggregation and querying. In addition, scheduling an Amazon CloudWatch Events rule calls an AWS Lambda function to check whether tcpdump is up and running and sends an email to the security organization when there is an exception.
  • C. Create a flow log for the production VPC. Create a new rule using AWS Config that is triggered by configuration changes of resources of type `EC2:VPC'. As part of configuring the rule, create an AWS Lambda function that looks up flow logs for a given VPC. If the VPC flow logs are not configured, return a `NON_COMPLIANT' status and notify the security organization.
  • D. Configure a new trail using AWS CloudTrail service. Using the UserData section of an AWS CloudFormation template, install tcpdump on every provisioned Amazon EC2 instance. Connect Amazon Athena to the CloudTrail and write an AWS Lambda function that monitors for a flow log disable event. Once the CloudTrail entry has been spotted, alert the security organization.

Answer: C

 

NEW QUESTION 158
A large enterprise is deploying a web application on AWS. The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application stores data in an Amazon RDS Oracle DB instance and Amazon DynamoDB. There are separate environments for development, testing, and production. What is the MOST secure and flexible way to obtain password credentials during deployment?

  • A. Launch the EC2 instances with an EC2 IAM role to access AWS services. Store the database passwords in an encrypted config file with the application artifacts.
  • B. Retrieve an access key from an AWS Systems Manager SecureString parameter to access AWS services. Retrieve the database credentials from a Systems Manager SecureString parameter.
  • C. Launch the EC2 instances with an EC2 IAM role to access AWS services. Retrieve the database credentials from AWS Secrets Manager.
  • D. Retrieve an access key from an AWS Systems Manager plaintext parameter to access AWS services. Retrieve the database credentials from a Systems Manager SecureString parameter.

Answer: C

Explanation:
https://www.1strategy.com/blog/2019/02/28/aws-parameter-store-vs-aws-secrets-manager/

 

NEW QUESTION 159
You have a code repository that uses Amazon S3 as a data store. During a recent audit of your security controls, some concerns were raised about maintaining the integrity of the data in the Amazon S3 bucket. Another concern was raised around securely deploying code from Amazon S3 to applications running on Amazon EC2 in a virtual private cloud.
What are some measures that you can implement to mitigate these concerns? Choose 2 answers.

  • A. Create an Amazon Identity and Access Management role with authorization to access the Amazon 53 bucket, and launch all of your application's Amazon EC2 instances with this role.
  • B. Use AWS Data Pipeline to lifecycle the data in your Amazon S3 bucket to Amazon Glacier on a weekly basis.
  • C. Use AWS Data Pipeline with multi-factor authentication to securely deploy code from the Amazon .5.3 bucket to your Amazon EC2 instances.
  • D. Add an Amazon S3 bucket policy with a condition statement to allow access only from Amazon EC2 instances with RFC 1918 IP addresses and enable bucket versioning.
  • E. Add an Amazon S3 bucket policy with a condition statement that requires multi-factor authentication in order to delete objects and enable bucket versioning.
  • F. Use a configuration management service to deploy AWS Identity and Access Management user credentials to the Amazon EC2 instances.
    Use these credentials to securely access the Amazon S3 bucket when deploying code.

Answer: A,E

 

NEW QUESTION 160
Which of these is not a CloudFormation Helper Script?

  • A. cfn-signal
  • B. cfn-request
  • C. cfn-get-metadata
  • D. cfn-hup

Answer: B

Explanation:
This is the complete list of CloudFormation Helper Scripts: cfn-init, cfn-signal, cfn-get-metadata, cfn-hup
Reference:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-helper-scripts-reference.html

 

NEW QUESTION 161
A DevOps Engineer must track the health of a stateless RESTful service sitting behind a Classic Load Balancer. The deployment of new application revisions is through a Cl/CD pipeline. If the service's latency increases beyond a defined threshold, deployment should be stopped until the service has recovered. Which of the following methods allow for the QUICKEST detection time?

  • A. Use AWS Lambda and Elastic Load Balancing access logs to detect average latency. Alarm and stop deployment when latency increases beyond the defined threshold.
  • B. Use Metric Filters to parse application logs in Amazon CloudWatch Logs. Create a filter for latency. Alarm and stop deployment when latency increases beyond the defined threshold.
  • C. Use Amazon CloudWatch metrics provided by Elastic Load Balancing to calculate average latency. Alarm and stop deployment when latency increases beyond the defined threshold.
  • D. Use AWS CodeDeploy's Minimum Healthy Hosts setting to define thresholds for rolling back deployments. If these thresholds are breached, roll back the deployment.

Answer: C

Explanation:
https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-cloudwatch-metrics.html https://docs.aws.amazon.com/codedeploy/latest/userguide/deployments-stop.html

 

NEW QUESTION 162
There are a number of ways to purchase compute capacity on AWS. Which orders the price per compute or memory unit from LOW to HIGH (cheapest to most expensive), on average?
A: On-Demand
B: Spot
C: Reserved

  • A. C, B, A
  • B. A, B, C
  • C. A, C, B
  • D. B, C, A

Answer: D

Explanation:
Spot instances are usually many, many times cheaper than on-demand prices.
Reserved instances, depending on their term and utilization, can yield approximately 33% to 66% cost savings.
On-Demand prices are the baseline price and are the most expensive way to purchase EC2 compute time.
https://d0.awsstatic.com/whitepapers/Cost_Optimization_with_AWS.pdf

 

NEW QUESTION 163
When deploying applications to Elastic Beanstalk, which of the following statements is false with regards to
application deployment

  • A. Canbe a war file which can be deployed to the application server
  • B. Shouldnot exceed 512 MB in size
  • C. Caninclude parent directories
  • D. Theapplication can be bundled in a zip file

Answer: C

Explanation:
Explanation
The AWS Documentation mentions
When you use the AWS Clastic Beanstalk console to deploy a new application or an application version, you'll
need to upload a source bundle. Your source bundle
must meet the following requirements:
Consist of a single ZIP file or WAR file (you can include multiple WAR files inside your ZIP file)
Not exceed 512 MB
Not include a parent folder or top-level directory (subdirectories are fine)
For more information on deploying applications to Clastic Beanstalk please see the below link:
* http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/appl
ications-sourcebundle.html

 

NEW QUESTION 164
A Security team is concerned that a Developer can unintentionally attach an Elastic IP address to an Amazon EC2 instance in production. No Developer should be allowed to attach an Elastic IP address to an instance. The Security team must be notified if any production server has an Elastic IP address at any time.
How can this task be automated?

  • A. Ensure that all IAM groups are associated with Developers do not have associate-address permissions. Create a scheduled AWS Lambda function to check whether an Elastic IP address is associated with any instance tagged as production, and alert the Security team if an instance has an Elastic IP address associated with it.
  • B. Attach an IAM policy to the Developer's IAM group to deny associate-address permissions.
    Create a custom AWS Config rule to check whether an Elastic IP address is associated with any instance tagged as production, and alert the Security team.
  • C. Use Amazon Athena to query AWS CloudTrail logs to check for any associate-address attempts.
    Create an AWS Lambda function to dissociate the Elastic IP address from the instance, and alert the Security team.
  • D. Create an AWS Config rule to check that all production instances have the EC2 IAM roles that include deny associate-address permissions. Verify whether there is an Elastic IP address associated with any instance, and alert the Security team if an instance has an Elastic IP address associated with it.

Answer: B

 

NEW QUESTION 165
Which of the following services can be used to implement DevOps in your company.

  • A. All of the above
  • B. AWS Cloudformation
  • C. AWSOpswork
  • D. AWS Elastic Beanstalk

Answer: A

Explanation:
Explanation
All of the services can be used to implement Devops in your company
1) AWS Elastic Beanstalk, an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on servers such as Apache, Nginx, Passenger, and I IS.
2) AWS Ops Works, a configuration management service that helps you configure and operate applications of all shapes and sizes using Chef
3) AWS Cloud Formation, which is an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion.
For more information on AWS Devops please refer to the below link:
* http://docs.aws.amazon.com/devops/latest/gsg/welcome.html

 

NEW QUESTION 166
A company is migrating an application to AWS that runs on a single Amazon EC2 instance. Because of licensing limitations, the application does not support horizontal scaling. The application will be using Amazon Aurora for its database. How can the DevOps Engineer architect automated healing to automatically recover from EC2 and Aurora failures, in addition to recovering across Availability Zones (AZs), in the MOST cost-effective manner?

  • A. Create an EC2 instance and enable instance recovery. Create an Aurora database with a read replica in a second AZ, and promote it to a primary database instance if the primary database instance fails.
  • B. Create an EC2 Auto Scaling group with a minimum and maximum instance count of 1, and have it span across AZs. Use a single-node Aurora instance.
  • C. Assign an Elastic IP address on the instance. Create a second EC2 instance in a second AZ. Create an Amazon CloudWatch Events rule to trigger an AWS Lambda function to move the Elastic IP address to the second instance when the first instance fails. Use a single-node Aurora instance.
  • D. Create an Amazon CloudWatch Events rule to trigger an AWS Lambda function to start a new EC2 instance in an available AZ when the instance status reaches a failure state. Create an Aurora database with a read replica in a second AZ, and promote it to a primary database instance when the primary database instance fails.

Answer: D

 

NEW QUESTION 167
You have a requirement to automate the creation of EBS Snapshots. Which of the following can be used to achieve this in the best way possible.

  • A. Use the AWS CodeDeploy service to create a snapshot of the AWS Volumes
  • B. Use the AWSConfig service to create a snapshot of the AWS Volumes
  • C. Use Cloudwatch Events to trigger the snapshots of EBS Volumes
  • D. Create a powershell script which uses the AWS CLI to get the volumes and then run the script as a cron job.

Answer: C

Explanation:
Explanation
The best is to use the inbuilt service from Cloudwatch, as Cloud watch Events to automate the creation of CBS Snapshots. With Option A, you would be restricted to running the powrshell script on Windows machines and maintaining the script itself And then you have the overhead of having a separate instance just to run that script.
When you go to Cloudwatch events, you can use the Target as EC2 CreateSnapshot API call as shown below.
Create rules to invoke Targets based on Events happening in your AWS environment.

The AWS Documentation mentions
Amazon Cloud Watch Cvents delivers a near real-time stream of system events that describe changes in Amazon Web Services (AWS) resources. Using simple rules that you can quickly set up, you can match events and route them to one or more target functions or streams.
Cloud Watch Cvents becomes aware of operational
changes as they occur. Cloud Watch Cvents responds to these operational changes and takes corrective action as necessary, by sending messages to respond to the environment, activating functions, making changes, and capturing state information.
For more information on Cloud watch Cvents, please visit the below U RL:
* http://docs.aws.amazon.com/AmazonCloudWatch/latest/events/WhatlsCloudWatchCvents.html

 

NEW QUESTION 168
You are a DevOps engineer for a company. You have been requested to create a rolling deployment solution that is cost-effective with minimal downtime. How should you achieve this? Choose two answers from the options below

  • A. After each stack is deployed, tear down the old stack
  • B. Re-deploy your application using a CloudFormation template to deploy Elastic Beanstalk
  • C. Use UpdatePolicy attribute to specify how CloudFormation handles updates to Auto Scaling Group resource.
  • D. Re-deploy with a CloudFormation template, define update policies on Auto Scalinggroups in your CloudFormation template

Answer: C,D

Explanation:
Explanation
The AWS::AutoScaling::AutoScalingGroup resource supports an UpdatePolicy attribute. This is used to define how an Auto Scalinggroup resource is updated when an update to the Cloud Formation stack occurs. A common approach to updating an Auto Scaling group is to perform a rolling update, which is done by specifying the AutoScalingRollingUpdate policy. This retains the same Auto Scalinggroup and replaces old instances with new ones, according to the parameters specified.
Option A is invalid because it is not efficient to use Cloudformation to use Clastic Beanstalk.
Option D is invalid because this is an inefficient process to tear down stacks when there are stack policies available For more information on Autoscaling Rolling Updates please refer to the below link:
* https://aws.amazon.com/premiumsupport/knowledge-center/auto-scaling-group-rolling-updates/

 

NEW QUESTION 169
The Ansible Inventory system allows many attributes to be defined within it. Which item below is not one of these?

  • A. Host groups
  • B. Include vars
  • C. Group variables
  • D. Children groups

Answer: B

Explanation:
Ansible inventory files cannot reference other files for additional data. If this functionality is needed, it must be done in as a script to create a dynamic inventory Reference: http://docs.ansible.com/ansible/intro_inventory.html

 

NEW QUESTION 170
As part of your deployment pipeline, you want to enable automated testing of your AWS CloudFormation template. What testing should be performed to enable faster feedback while minimizing costs and risk? Select three answers from the options given below

  • A. Validatethe template's is syntax using a generalJSON parser.
  • B. Usethe AWS CloudFormation Validate Template to validate the syntax of the template
  • C. When creating the stack, specify an Amazon SNS topic to which your testing system is subscribed. Your testing system runs tests when it receives notification that the stack is created or updated.
  • D. Validatethe AWS CloudFormation template against the official XSD scheme definitionpublished by Amazon Web Services.
  • E. Updatethe stack with the template. If the template fails rollback will return thestack and its resources to exactly the same state.
  • F. Usethe AWS CloudFormation Validate Template to validate the properties ofresources defined in the template.

Answer: B,C,E

Explanation:
Explanation
The AWS documentation mentions the following
The aws cloudformation validate-template command is designed to check only the syntax of your template. It does not ensure that the property values that you have specified for a resource are valid for that resource. Nor does it determine the number of resources that will exist when the stack is created.
To check the operational validity, you need to attempt to create the stack. There is no sandbox or test area for AWS Cloud Formation stacks, so you are charged for the resources you create during testing.
Option F is needed for notification.
For more information on Cloudformation template validation, please visit the link:
* http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/using-cfn-vaIidate-template.htmI

 

NEW QUESTION 171
......

DOP-C01 PDF Dumps Are Helpful To produce Your Dreams Correct QA's: https://passleader.realexamfree.com/DOP-C01-real-exam-dumps.html

Related Articles

more
Amazon DOP-C01 Certification Practice Exam

The passing rate of our valid exam braindumps for most certifications is high up to 99%. A small PDF dumps free is ready to download for new customers to tell if our exam dumps are suitable for their real exam.

Latest Exams Dumps

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 RealExamFree NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy