Amazon DOP-C01 Exam Dumps

A Development team uses AWS CodeCommit for source code control. Developers applytheir changes to various feature branches and create pull requests to move those changesto the master branch when they are ready for production. A direct push to the masterbranch should not be allowed. The team applied theAWS managed policy AWSCodeCommitPowerUser to the Developers' IAM Rote, but nowmembers are able to push to the master branch directly on every repository in the AWSaccount.What actions should be taken to restrict this?

A. Create an additional policy to include a deny rule for the codecommit:GitPush action,and include a restriction for the specific repositories in the resource statement with acondition for the master reference
B. Remove the IAM policy and add an AWSCodeCommitReadOnly policy. Add an allow rule for the codecommit:GitPush action for the specific repositories in the resourcestatement with a condition for the master reference.
C. Modify the IAM policy and include a deny rule for the codecommit:GitPush action for thespecific repositories in the resource statement with a condition for the master reference.
D. Create an additional policy to include an allow rule for the codecommit:GitPush actionand include a restriction for the specific repositories in the resource statement with acondition for the feature branches reference.

Answer: A

An Application team is refactoring one of its internal tools to run in AWS instead of onpremises hardware. All of the code is currently written in Python and is standalone. Thereis also no external state store or relational database to be queried.Which deployment pipeline incurs the LEAST amount of changes between developmentand production?

A. Developers should use Docker for local development. Use AWS SMS to import thesecontainers as AMIs for Amazon EC2 whenever dependencies are updated. Use AWSCodePipeline to test new code changes against the Auto Scaling group.
B. Developers should use their native Python environment. When Dependencies arechanged and a new container is ready, use AWS CodePipeline and AWS CodeBuild toperform functional tests and then upload the new container to the Amazon ECR. Use AWSCloudFormation with the custom container to deploy the new Amazon ECS.
C. Developers should use their native Python environment. When Dependencies arechanged and a new code is ready, use AWS CodePipeline and AWS CodeBuild to performfunctional tests and then upload the new container to the Amazon ECR. Use CodePipelineand CodeBuild with the custom container to test new code changes inside AWS ElasticBeanstalk

Answer: A

A company wants to implement a CI/CD pipeline for an application that is deployed onAWS. The company also has a source-code analysis tool hosted on premises that checksfor security flaws. The tool has not yet been migrated to AWS and can be accessed only onpremises. The company wants to run checks against the source code as part of thepipeline before the code is compiled. The checks take anywhere from minutes to an hour tocomplete.How can a DevOps Engineer meet these requirements?

A. Use AWS CodePipeline to create a pipeline. Add an action to the pipeline to invoke anAWS Lambda function after the source stage. Have the Lambda function invoke thesource-code analysis tool on premises against the source input from CodePipeline. Thefunction then waits for the execution to complete and places the output in a specifiedAmazon S3 location.
B. Use AWS CodePipeline to create a pipeline, then create a custom action type. Create ajob worker for the custom action that runs on hardware hosted on premises. The job workerhandles running security checks with the on-premises code analysis tool and then returnsthe job results to CodePipeline. Have the pipeline invoke the custom action after the sourcestage.
C. Use AWS CodePipeline to create a pipeline. Add a step after the source stage to makean HTTPS request to the on-premises hosted web service that invokes a test with thesource code analysis tool. When the analysis is complete, the web service sends theresults back by putting the results in an Amazon S3 output location provided byCodePipeline.
D. Use AWS CodePipeline to create a pipeline. Create a shell script that copies the inputsource code to a location on premises. Invoke the source code analysis tool and return theresults to CodePipeline. Invoke the shell script by adding a custom script action after thesource stage.

Answer: B

You have an application consisting of a stateless web server tier running on Amazon EC2 instances behind load balancer, and are using Amazon RDS with read replicas. Which of the following methods should you use to implement a self-healing and cost-effective architecture? Choose 2 answers from the optionsgiven below

A. Set up a third-party monitoring solution on a cluster of Amazon EC2 instances in orderto emit custom Cloud Watch metrics to trigger the termination of unhealthy Amazon EC2instances.
B. Set up scripts on each Amazon EC2 instance to frequently send ICMP pings to the loadbalancer in order to determine which instance is unhealthy and replace it.
C. Set up an Auto Scalinggroup for the web server tier along with an Auto Scaling policythat uses the Amazon RDS DB CPU utilization Cloud Watch metric to scale the instances.
D. Set up an Auto Scalinggroup for the web server tier along with an Auto Scaling policythat uses the Amazon EC2 CPU utilization CloudWatch metric to scale the instances.
E. Use a larger Amazon EC2 instance type for the web server tier and a larger DB instancetype for the data storage layer to ensure that they don't become unhealthy.
F. Set up an Auto Scalinggroup for the database tier along with an Auto Scaling policy thatuses the Amazon RDS read replica lag CloudWatch metric to scale out the Amazon RDSread replicas.
G. Use an Amazon RDS Multi-AZ deployment.

Answer: D,G

A web application for healthcare services runs on Amazon EC2 instances behind an ELBApplication Load Balancer. The instances run in an Amazon EC2 AutoScaling group across multiple Availability Zones. A DevOps Engineer must create amechanism in which an EC2 instance can be taken out of production so its system logs canbe analyzed for issues to quickly troubleshot problems on the web tier.How can the Engineer accomplish this task while ensuring availability and minimizingdowntime?

A. Implement EC2 Auto Scaling groups cooldown periods. Use EC2 instance metadata todetermine the instance state, and an AWS Lambda function to snapshot Amazon EBSvolumes to preserve system logs.
B. Implement Amazon CloudWatch Events rules. Create an AWS Lambda function that canreact to an instance termination to deploy the CloudWatch Logs agent to upload the systemand access logs to Amazon S3 for analysis.
C. Terminate the EC2 instances manually. The Auto Scaling service will upload all loginformation to CloudWatch Logs for analysis prior to instance termination.
D. Implement EC2 Auto Scaling groups with lifecycle hooks. Create an AWS Lambdafunction that can modify an EC2 instance lifecycle hook into a standby state, extract logsfrom the instance through a remote script execution, and place them in an Amazon S3bucket for analysis.

Answer: D

A defect was discovered in production and a new sprint item has been created fordeploying a hotfix. However, any code change must go through the following steps beforegoing into production:*Scan the code for security breaches, such as password and access key leaks.Run the code through extensive, long running unit tests.Which source control strategy should a DevOps Engineer use in combination with AWSCodePipeline to complete this process?

A. Create a hotfix tag on the last commit of the master branch. Trigger the developmentpipeline from the hotfix tag. Use AWS CodeDeploy with Amazon ECS to do a content scanand run unit tests. Add a manual approval stage that merges the hotfix tag into the masterbranch.
B. Create a hotfix branch from the master branch. Triger the development pipeline from thehotfix branch. Use AWS CodeBuild to do a content scan and run unit tests. Add a manualapproval stage that merges the hotfix branch into the master branch.
C. Create a hotfix branch from the master branch. Triger the development pipeline from thehotfix branch. Use AWS Lambda to do a content scan and run unit tests. Add a manualapproval stage that merges the hotfix branch into the master branch.
D. Create a hotfix branch from the master branch. Create a separate source stage for thehotfix branch in the production pipeline. Trigger the pipeline from the hotfix branch. UseAWS Lambda to do a content scan and use AWS CodeBuild to run unit tests. Add amanual approval stage that merges the hotfix branch into the master branch.

Answer: B

A DevOps engineer is deploying a new version of a company's application in an AWSCodeDeploy deployment group associated with its Amazon EC2 instances. After sometime, the deployment fails. The engineer realizes that all the events associated with thespecific deployment ID are in a Skipped status, and code was not deployed in theinstances associated with the deployment group.What are valid reasons for this failure? (Select TWO.)

A. The networking configuration does not allow the EC2 instances to reach the internet viaa NAT gateway or internet gateway, and the CodeDeploy endpoint cannot be reached.
B. The IAM user who triggered the application deployment does not have permission tointeract with the CodeDeploy endpoint.
C. The target EC2 instances were not properly registered with the CodeDeploy endpoint.
D. An instance profile with proper permissions was not attached to the target EC2instances.
E. The appspec.yrnl file was not included in the application revision.

Answer: B,D

An online retail company based in the United States plans to expand its operations toEurope and Asia in the next six months. Its product currently runs onAmazon EC2 instances behind an Application Load Balancer. The instances run in anAmazon EC2 Auto Scaling group across multiple Availability Zones. All data is stored in anAmazon Aurora database instance.When the product is deployed in multiple regions, the company wants a single productcatalog across all regions, but for compliance purposes, its customer information andpurchases must be kept in each region.How should the company meet these requirements with the LEAST amount of applicationchanges?

A. Use Amazon Redshift for the product catalog and Amazon DynamoDB tables for thecustomer information and purchases. 
B. Use Amazon DynamoDB global tables for the product catalog and regional tables for thecustomer information and purchases
C. Use Aurora with read replicas for the product catalog and additional local Aurorainstances in each region for the customer information and purchases.
D. Use Aurora for the product catalog and Amazon DynamoDB global tables for thecustomer information and purchases.

Answer: C

A security review has identified that an AWS CodeBuild project is downloading a databasepopulation script from an Amazon S3 bucket using an unauthenticated request. Thesecurity team does not allow unauthenticated requests to S3 buckets for this project.How can this issue be corrected in the MOST secure manner?

A. Add the bucket name to the AllowedBuckets section of the CodeBuild project settings.Update the build spec to use the AWS CLI to download the databasepopulation script.
B. Modify the S3 bucket settings to enable HTTPS basic authentication and specify atoken. Update the build spec to use cURL to pass the token and download the databasepopulation script.
C. Remove unauthenticated access from the S3 bucket with a bucket policy. Modify theservice role for the CodeBuild project to include Amazon S3 access. Use the AWS CLI todownload the database population script.
D. Remove unauthenticated access from the S3 bucket with a bucket policy. Use the AWSCLI to download the database population script using an IAM access key and a secretaccess key.

Answer: C

A company is using AWS CodePipeline to automate its release pipeline. AWS CodeDeploy is being used in the pipeline to deploy an application to Amazon ECS using the blue/green deployment model. The company wants to implement scripts to shifting traffic. These scripts will complete in 5 minutes or less If errors are discovered during these tests, the application must be rolled back. Which strategy will meet these requirements?

A. Add a stage to the CodePipeline pipeline between the source and deploy stages UseAWS CodeBuild to create an execution environment and build commands in the buildspecfile to invoke test scripts If errors are found, use the aws deploy stop-deployment commandto stop the deployment
B. Add a stage to the CodePipeline pipeline between the source and deploy stages Usethis stage to execute an AWSLambda function that will run the test scripts If errors are found, use the aws deploy stopdeployment command to stop the deployment.
C. Add a hooks section to the CodeDeploy AppSpec file Use the AfterAllowTestTrafficlifecycle event to invoke an AWS Lambda function to run the test scripts. If errors arefound, exit the Lambda function with an error to trigger rollback.
D. Add a hooks section to the CodeDeploy AppSpec file Use the AfterAllowTraffic lifecycleevent to invoke the test scripts. If errors are found, use the aws deploy stop-deploymentCLI command to stop the deployment.

Answer: A

A company has deployed several applications globally. Recently, Security Auditors found that few Amazon EC2 instances were launched without Amazon EBS disk encryption. The Auditors have requested a report detailing all EBS volumes that were not encrypted in multiple AWS accounts and regions. They also want to be notified whenever this occurs in future.How can this be automated with the LEAST amount of operational overhead? 

A. Create an AWS Lambda function to set up an AWS Config rule on all the targetaccounts. Use AWS Config aggregators to collect data from multiple accounts and regions.Export the aggregated report to an Amazon S3 bucket and use Amazon SNS to deliver thenotifications.
B. Set up AWS CloudTrail to deliver all events to an Amazon S3 bucket in a centralizedaccount. Use the S3 event notification feature to invoke an AWS Lambda function to parseAWS CloudTrail logs whenever logs are delivered to the S3 bucket. Publish the output toan Amazon SNS topic using the same Lambda function.
C. Create an AWS CloudFormation template that adds an AWS Config managed rule forEBS encryption. Use a CloudFormation stack set to deploy the template across allaccounts and regions. Store consolidated evaluation results from config rules in AmazonS3. Send a notification using Amazon SNS when non- compliant resources are detected.
D. Using AWS CLI, run a script periodically that invokes the aws ec2 describe-volumesquery with a JMESPATH query filter. Then, write the output to an Amazon S3 bucket. Setup an S3 event notification to send events using Amazon SNS when new data is written tothe S3 bucket

Answer: C

A company's application is running on Amazon EC2 instances in an Auto Scaling group. A DevOps engineer needs to ensure there are at least four application servers running at all times. Whenever an update has to be made to the application, the engineer creates a new AMI with the updated configuration and updates the AWS CloudFormation template with the new AMI ID. After the stack update finishes, the engineer manually terminates the old instances one by one. verifying that the new instance is operational before proceeding. The engineer needs to automate this process.Which action will allow for the LEAST number of manual steps moving forward?  

A. Update the CloudFormation template to include the UpdatePolicy attribute with theAutoScalingRollingUpdate policy.
B. Update the CloudFormation template to include the UpdatePolicy attribute with theAutoScalingReplacingUpdate policy.
C. Use an Auto Scaling lifecycle hook to verify that the previous instance is operationalbefore allowing the DevOps engineer's selected instance to terminate.
D. Use an Auto Scaling lifecycle hook to confirm there are at least four running instancesbefore allowing the DevOps engineer's selected instance to terminate.

Answer: A

A highly regulated company has a policy that DevOps Engineers should not log in to theirAmazon EC2 instances except in emergencies. If a DevOps Engineer does log in, theSecurity team must be notified within 15 minutes of the occurrence.Which solution will meet these requirements?

A. Install the Amazon Inspector agent on each EC2 instance. Subscribe to AmazonCloudWatch Events notifications. Trigger an AWS Lambda function to check if a messageis about user logins. If it is, send a notification to the Security team using Amazon SNS.
B. Install the Amazon CloudWatch agent on each EC2 instance. Configure the agent topush all logs to Amazon CloudWatch Logs and set up a CloudWatch metric filter thatsearches for user logins. If a login is found, send a notification to the Security team usingAmazon SNS.
C. Set up AWS CloudTrail with Amazon CloudWatch Logs. Subscribe CloudWatch Logs toAmazon Kinesis. Attach AWS Lambda to Kinesis to parse and determine if a log contains auser login. If it does, send a notification to the Security team using Amazon SNS.
D. Set up a script on each Amazon EC2 instance to push all logs to Amazon S3. Set up anS3 event to trigger an AWS Lambda function, which triggers an Amazon Athena query torun. The Athena query checks for logins and sends the output to the Security team usingAmazon SNS. 

Answer: B

An IT team has built an AWS CloudFormation template so others in the company canquickly and reliably deploy and terminate an application. The template creates an AmazonEC2 instance with a user data script to install the application and an Amazon S3 bucketthat the application uses to serve static webpages while it is running.All resources should be removed when the CloudFormation stack is deleted. However, theteam observes that CloudFormation reports an error during stack deletion, and the S3bucket created by the stack is not deleted.How can the team resolve the error in the MOST efficient manner to ensure that allresources are deleted without errors?

A. Add Deletion Policy attribute to the S3 bucket resource, with the value Delete forcing thebucket to be removed when the stack is deleted.
B. Add a custom resource when an AWS Lambda function with the DependsOn attributespecifying the S3 bucket, and an IAM role. Writhe the Lambda function to delete all objectsfrom the bucket when the RequestType is Delete.
C. Identify the resource that was not deleted. From the S3 console, empty the S3 bucketand then delete it.
D. Replace the EC2 and S3 bucket resources with a single AWS OpsWorks Stacksresource. Define a custom recipe for the stack to create and delete the EC2 instance andthe S3 bucket.

Answer: C

A DevOps Engineer is designing a deployment strategy for a web application. Theapplication will use an Auto Scaling group to launch Amazon EC2 instances using an AMI.The same infrastructure will be deployed in multiple environments (development, test, andquality assurance). The deployment strategy should meet the following requirements: "¢Minimize the startup time for the instance "¢ Allow the same AMI to work in multipleenvironments "¢ Store secrets for multiple environments securelyHow should this be accomplished?

A. Preconfigure the AMI using an AWS Lambda function that launches an Amazon EC2instance, and then runs a script to install the software and create the AMI. Configure anAuto Scaling lifecycle hook to determine which environment the instance is launched in,and, based on that finding, run a configuration script. Save the secrets on an .ini file andstore them in Amazon S3. Retrieve the secrets using a configuration script in EC2 user data.
B. Preconfigure the AMI by installing all the software using AWS Systems Managerautomation and configure Auto Scaling to tag the instances at launch with their specificenvironment. Then use a bootstrap script in user data to read the tags and configuresettings for the environment. Use the AWS Systems Manager Parameter Store to store thesecrets using AWS KMS.
C. Use a standard AMI from the AWS Marketplace. Configure Auto Scaling to detect thecurrent environment. Install the software using a script in Amazon EC2 user data. UseAWS Secrets Manager to store the credentials for all environments.
D. Preconfigure the AMI by installing all the software and configuration for all environments.Configure Auto Scaling to tag the instances at launch with their environment. Use theAmazon EC2 user data to trigger an AWS Lambda function that reads the instance ID andthen reconfigures the setting for the proper environment. Use the AWS Systems ManagerParameter Store to store the secrets using AWS KMS.

Answer: A

A company's web application will be migrated to AWS. The application is designed so thatthere is no server-side code required. As part of the migration, the company would like toimprove the security of the application by adding HTTP response headers, following theOpen Web Application Security Project (OWASP) secure headers recommendations.How can this solution be implemented to meet the security requirements using bestpractices?

A. Use an Amazon S3 bucket configured for website hosting, then set up server accesslogging on the S3 bucket to track user activity. Then configure the static website hostingand execute a scheduled AWS Lambda function to verify, and if missing, add securityheaders to the metadata.
B. Use an Amazon S3 bucket configured for website hosting, then set up server accesslogging on the S3 bucket to track user activity. Configure the static website hosting toreturn the required security headers.
C. Use an Amazon S3 bucket configured for website hosting. Create an AmazonCloudFront distribution that refers to this S3 bucket, with the origin response event set totrigger a Lambda@Edge Node.js function to add in the security headers.
D. set an Amazon S3 bucket configured for website hosting. Create an Amazon CloudFrontdistribution that refers to this S3 bucket. Set "Cache Based on Selected Request Headers"to "Whitelist," and add the security headers into the whitelist.

Answer: C

An application's users ate encountering bugs immediately after Amazon API Gateway deployments. The development team deploys once or twice a day and uses a blue/green deployment strategy with custom health checks and automated rollbacks. The team wantsto limit the number of users affected by deployment bugs and receive notifications whenrollbacks are needed.Which combination of steps should a DevOps engineer use to meet these requests?(Select TWO.)

A. Implement a blue/green strategy using path mappings.
B. Implement a canary deployment strategy.
C. Implement a rolling deployment strategy using multiple stages.
D. Use Amazon CloudWatch alarms to notify the development team.
E. Use Amazon CloudWatch Events to notify the development team.

Answer: B,D

After presenting a working proof of concept for a new application that uses AWS APIGateway, a Developer must set up a team development environment for the project. Due toa tight timeline, the Developer wants to minimize time spent on infrastructure setup, andwould like to reuse the code repository created for the proof of concept. Currently, allsource code is stored in AWS CodeCommit.Company policy mandates having alpha, beta, and production stages with separateJenkins servers to build code and run tests for every stage. The DevelopmentManager must have the ability to block code propagation between admins at any time. TheSecurity team wants to make sure that users will not be able to modify the environmentwithout permission.How can this be accomplished?

A. Create API Gateway alpha, beta, and production stages. Create a CodeCommit triggerto deploy code to the different stages using an AWS Lambda function.
B. Create API Gateway alpha, beta, and production stages. Create an AWS CodePipelinethat pulls code from the CodeCommit repository. Create CodePipeline actions to deploycode to the API Gateway stages.
C. Create Jenkins servers for the alpha, beta, and production stages on Amazon EC2instances. Create multiple CodeCommit triggers to deploy code to different stages using anAWS Lambda function.
D. Create an AWS CodePipeline pipeline that pulls code from the CodeCommit repository.Create alpha, beta, and production stages with Jenkins servers on CodePipeline.

Answer: D

A retail company wants to use AWS Elastic Beanstalk to host its online sales websiterunning on Java. Since this will be the production website, the CTO has the followingrequirements for the deployment strategy:*Zero downtime. While the deployment is ongoing, the current Amazon EC2 instances inservice should remain in service. No deployment or any other action should be performedon the EC2 instances because they serve production traffic.*A new fleet of instances should be provisioned for deploying the new application version.*Once the new application version is deployed successfully in the new fleet of instances,the new instances should be placed in service and the old ones should be removed.*The rollback should be as easy as possible. If the new fleet of instances fail to deploy thenew application version, they should be terminated and the current instances shouldcontinue serving traffic as normal.*The resources within the environment (EC2 Auto Scaling group, Elastic Load Balancing,Elastic Beanstalk DNS CNAME) should remain the same and no DNS change should bemade.Which deployment strategy will meet the requirements?

A. Use rolling deployments with a fixed amount of one instance at a time and set thehealthy threshold to OK.
B. Use rolling deployments with additional batch with a fixed amount of one instance at atime and set the healthy threshold to OK.
C. launch a new environment and deploy the new application version there, then perform aCNAME swap between environments.
D. Use immutable environment updates to meet all the necessary requirements.

Answer: D