Certification Practice Test | PDF Questions | Actual Questions | Test Engine | Pass4Sure
DOP-C02 : AWS Certified DevOps Engineer - Professional Exam
Amazon DOP-C02 Questions & Answers
Full Version: 121 Q&A
DOP-C02 Dumps
DOP-C02 Braindumps
DOP-C02 Real Questions
DOP-C02 Practice Test
DOP-C02 Actual Questions
Amazon
DOP-C02
AWS Certified DevOps Engineer - Professional
https://killexams.com/pass4sure/exam-detail/DOP-C02
Question: 12
A company runs an application on Amazon EC2 instances. The company uses a series of AWS CloudFormation stacks
to define the application resources. A developer performs updates by building and testing the application on a laptop
and then uploading the build output and CloudFormation stack templates to Amazon S3. The developer's peers review
the changes before the developer performs the CloudFormation stack update and installs a new version of the
application onto the EC2 instances.
The deployment process is prone to errors and is time-consuming when the developer updates each EC2 instance with
the new application. The company wants to automate as much of the application deployment process as possible while
retaining a final manual approval step before the modification of the application or resources.
The company already has moved the source code for the application and the CloudFormation templates to AWS
CodeCommit. The company also has created an AWS CodeBuild project to build and test the application.
Which combination of steps will meet the companyâs requirements? (Choose two.)
A. Create an application group and a deployment group in AWS CodeDeploy. Install the CodeDeploy agent on the
EC2 instances.
B. Create an application revision and a deployment group in AWS CodeDeploy. Create an environment in
CodeDeploy. Register the EC2 instances to the CodeDeploy environment.
C. Use AWS CodePipeline to invoke the CodeBuild job, run the CloudFormation update, and pause for a manual
approval step. After approval, start the AWS CodeDeploy deployment.
D. Use AWS CodePipeline to invoke the CodeBuild job, create CloudFormation change sets for each of the
application stacks, and pause for a manual approval step. After approval, run the CloudFormation change sets and start
the AWS CodeDeploy deployment.
E. Use AWS CodePipeline to invoke the CodeBuild job, create CloudFormation change sets for each of the application
stacks, and pause for a manual approval step. After approval, start the AWS CodeDeploy deployment.
Answer: A,D
Question: 13
A company is implementing an Amazon Elastic Container Service (Amazon ECS) cluster to run its workload. The
company architecture will run multiple ECS services on the cluster. The architecture includes an Application Load
Balancer on the front end and uses multiple target groups to route traffic.
A DevOps engineer must collect application and access logs. The DevOps engineer then needs to send the logs to an
Amazon S3 bucket for near-real-time analysis.
Which combination of steps must the DevOps engineer take to meet these requirements? (Choose three.)
A. Download the Amazon CloudWatch Logs container instance from AW
B. Configure this instance as a task. Update the application service definitions to include the logging task.
C. Install the Amazon CloudWatch Logs agent on the ECS instances. Change the logging driver in the ECS task
definition to awslogs.
D. Use Amazon EventBridge to schedule an AWS Lambda function that will run every 60 seconds and will run the
Amazon CloudWatch Logs create-export-task command. Then point the output to the logging S3 bucket.
E. Activate access logging on the AL
F. Then point the ALB directly to the logging S3 bucket.
G. Activate access logging on the target groups that the ECS services use. Then send the logs directly to the logging S3
bucket.
H. Create an Amazon Kinesis Data Firehose delivery stream that has a destination of the logging S3 bucket. Then
create an Amazon CloudWatch Logs subscription filter for Kinesis Data Firehose.
Answer: A,B,D,F
Question: 14
A company has an on-premises application that is written in Go. A DevOps engineer must move the application to
AWS. The company's development team wants to enable blue/green deployments and perform A/B testing.
Which solution will meet these requirements?
A. Deploy the application on an Amazon EC2 instance, and create an AMI of the instance. Use the AMI to create an
automatic scaling launch configuration that is used in an Auto
Scaling group. Use Elastic Load Balancing to distribute traffic. When changes are made to the application, a new AMI
will be created, which will initiate an EC2 instance refresh.
B. Use Amazon Lightsail to deploy the application. Store the application in a zipped format in an Amazon S3 bucket.
Use this zipped version to deploy new versions of the application to Lightsail. Use Lightsail deployment options to
manage the deployment.
C. Use AWS CodeArtifact to store the application code. Use AWS CodeDeploy to deploy the application to a fleet of
Amazon EC2 instances. Use Elastic Load Balancing to distribute the traffic to the EC2 instances. When making
changes to the application, upload a new version to CodeArtifact and create a new CodeDeploy deployment.
D. Use AWS Elastic Beanstalk to host the application. Store a zipped version of the application in Amazon S3. Use
that location to deploy new versions of the application. Use Elastic Beanstalk to manage the deployment options.
Answer: D
Question: 15
A company runs an application on one Amazon EC2 instance. Application metadata is stored in Amazon S3 and must
be retrieved if the instance is restarted. The instance must restart or relaunch automatically if the instance becomes
unresponsive.
Which solution will meet these requirements?
A. Create an Amazon CloudWatch alarm for the StatusCheckFailed metric. Use the recover action to stop and start the
instance. Use an S3 event notification to push the metadata to the instance when the instance is back up and running.
B. Configure AWS OpsWorks, and use the auto healing feature to stop and start the instance. Use a lifecycle event in
OpsWorks to pull the metadata from Amazon S3 and update it on the instance.
C. Use EC2 Auto Recovery to automatically stop and start the instance in case of a failure. Use an S3 event
notification to push the metadata to the instance when the instance is back up and running.
D. Use AWS CloudFormation to create an EC2 instance that includes the UserData property for the EC2 resource.
Add a command in UserData to retrieve the application metadata from Amazon S3.
Answer: D
Question: 16
An ecommerce company has chosen AWS to host its new platform. The company's
DevOps team has started building an AWS Control Tower landing zone. The DevOps team has set the identity store
within AWS IAM Identity Center (AWS Single Sign-On) to external identity provider (IdP) and has configured SAML
2.0.
The DevOps team wants a robust permission model that applies the principle of least privilege. The model must allow
the team to build and manage only the team's own resources.
Which combination of steps will meet these requirements? (Choose three.)
A. Create IAM policies that include the required permissions. Include the aws:PrincipalTag condition key.
B. Create permission sets. Attach an inline policy that includes the required permissions and uses the aws:PrincipalTag
condition key to scope the permissions.
C. Create a group in the Id
D. Place users in the group. Assign the group to accounts and the permission sets in IAM Identity Center.
E. Create a group in the Id
F. Place users in the group. Assign the group to OUs and IAM policies.
G. Enable attributes for access control in IAM Identity Center. Apply tags to users. Map the tags as key-value pairs.
H. Enable attributes for access control in IAM Identity Center. Map attributes from the IdP as key-value pairs.
Answer: A,B,C,E
Question: 17
A DevOps engineer at a company is supporting an AWS environment in which all users use AWS IAM Identity
Center (AWS Single Sign-On). The company wants to immediately disable credentials of any new IAM user and
wants the security team to receive a notification.
Which combination of steps should the DevOps engineer take to meet these requirements? (Choose three.)
A. Create an Amazon EventBridge rule that reacts to an IAM CreateUser API call in AWS CloudTrail.
B. Create an Amazon EventBridge rule that reacts to an IAM GetLoginProfile API call in AWS CloudTrail.
C. Create an AWS Lambda function that is a target of the EventBridge rule. Configure the Lambda function to disable
any access keys and delete the login profiles that are associated with the IAM user.
D. Create an AWS Lambda function that is a target of the EventBridge rule. Configure the Lambda function to delete
the login profiles that are associated with the IAM user.
E. Create an Amazon Simple Notification Service (Amazon SNS) topic that is a target of the EventBridge rule.
Subscribe the security team's group email address to the topic.
F. Create an Amazon Simple Queue Service (Amazon SQS) queue that is a target of the Lambda function. Subscribe
the security team's group email address to the queue.
Answer: A,C,E
Question: 18
A company's developers use Amazon EC2 instances as remote workstations. The company is concerned that users can
create or modify EC2 security groups to allow unrestricted inbound access.
A DevOps engineer needs to develop a solution to detect when users create unrestricted security group rules. The
solution must detect changes to security group rules in near real time, remove unrestricted rules, and send email
notifications to the security team. The DevOps engineer has created an AWS Lambda function that checks for security
group ID from input, removes rules that grant unrestricted access, and sends notifications through Amazon Simple
Notification Service (Amazon SNS).
What should the DevOps engineer do next to meet the requirements?
A. Configure the Lambda function to be invoked by the SNS topic. Create an AWS CloudTrail subscription for the
SNS topic. Configure a subscription filter for security group modification events.
B. Create an Amazon EventBridge scheduled rule to invoke the Lambda function. Define a schedule pattern that runs
the Lambda function every hour.
C. Create an Amazon EventBridge event rule that has the default event bus as the source. Define the ruleâs event
pattern to match EC2 security group creation and modification events. Configure the rule to invoke the Lambda
function.
D. Create an Amazon EventBridge custom event bus that subscribes to events from all AWS services. Configure the
Lambda function to be invoked by the custom event bus.
Answer: C
Question: 19
A company is hosting a web application in an AWS Region. For disaster recovery purposes, a second region is being
used as a standby. Disaster recovery requirements state that session data must be replicated between regions in near-
real time and 1% of requests should route to the secondary region to continuously verify system functionality.
Additionally, if there is a disruption in service in the main region, traffic should be automatically routed to the
secondary region, and the secondary region must be able to scale up to handle all traffic.
How should a DevOps engineer meet these requirements?
A. In both regions, deploy the application on AWS Elastic Beanstalk and use Amazon DynamoDB global tables for
session data. Use an Amazon Route 53 weighted routing policy with health checks to distribute the traffic across the
regions.
B. In both regions, launch the application in Auto Scaling groups and use DynamoDB for session data. Use a Route 53
failover routing policy with health checks to distribute the traffic across the regions.
C. In both regions, deploy the application in AWS Lambda, exposed by Amazon API Gateway, and use Amazon RDS
for PostgreSQL with cross-region replication for session data. Deploy the web application with client-side logic to call
the API Gateway directly.
D. In both regions, launch the application in Auto Scaling groups and use DynamoDB global tables for session data.
Enable an Amazon CloudFront weighted distribution across regions. Point the Amazon Route 53 DNS record at the
CloudFront distribution.
Answer: A
Question: 20
A company must encrypt all AMIs that the company shares across accounts. A DevOps engineer has access to a source
account where an unencrypted custom AMI has been built. The DevOps engineer also has access to a target account
where an Amazon EC2 Auto Scaling group will launch EC2 instances from the AMI. The DevOps engineer must
share the AMI with the target account.
The company has created an AWS Key Management Service (AWS KMS) key in the source account.
Which additional steps should the DevOps engineer perform to meet the requirements? (Choose three.)
A. In the source account, copy the unencrypted AMI to an encrypted AM
B. Specify the KMS key in the copy action.
C. In the source account, copy the unencrypted AMI to an encrypted AM
D. Specify the default Amazon Elastic Block Store (Amazon EBS) encryption key in the copy action.
E. In the source account, create a KMS grant that delegates permissions to the Auto Scaling group service-linked role
in the target account.
F. In the source account, modify the key policy to give the target account permissions to create a grant. In the target
account, create a KMS grant that delegates permissions to the Auto Scaling group service-linked role.
G. In the source account, share the unencrypted AMI with the target account.
H. In the source account, share the encrypted AMI with the target account.
Answer: A,D,F
Question: 21
A DevOps engineer needs to back up sensitive Amazon S3 objects that are stored within an S3 bucket with a private
bucket policy using S3 cross-Region replication functionality. The objects need to be copied to a target bucket in a
different AWS Region and account.
Which combination of actions should be performed to enable this replication? (Choose three.)
A. Create a replication IAM role in the source account
B. Create a replication I AM role in the target account.
C. Add statements to the source bucket policy allowing the replication IAM role to replicate objects.
D. Add statements to the target bucket policy allowing the replication IAM role to replicate objects.
E. Create a replication rule in the source bucket to enable the replication.
F. Create a replication rule in the target bucket to enable the replication.
Answer: A,C,E
Question: 22
A developer is maintaining a fleet of 50 Amazon EC2 Linux servers. The servers are part of an Amazon EC2 Auto
Scaling group, and also use Elastic Load Balancing for load balancing.
Occasionally, some application servers are being terminated after failing ELB HTTP health checks. The developer
would like to perform a root cause analysis on the issue, but before being able to access application logs, the server is
terminated.
How can log collection be automated?
A. Use Auto Scaling lifecycle hooks to put instances in a Pending:Wait state. Create an Amazon CloudWatch alarm
for EC2 Instance Terminate Successful and trigger an AWS Lambda function that invokes an SSM Run Command
script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.
B. Use Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state. Create an AWS Config rule for EC2
Instance-terminate Lifecycle Action and trigger a step function
that invokes a script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are
collected.
C. Use Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state. Create an Amazon CloudWatch
subscription filter for EC2 Instance Terminate Successful and trigger a CloudWatch agent that invokes a script to
collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.
D. Use Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state. Create an Amazon EventBridge rule
for EC2 Instance-terminate Lifecycle Action and trigger an AWS Lambda function that invokes an SSM Run
Command script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.
Answer: B
Question: 23
A company has multiple accounts in an organization in AWS Organizations. The company's SecOps team needs to
receive an Amazon Simple Notification Service (Amazon SNS) notification if any account in the organization turns off
the Block Public Access feature on an Amazon S3 bucket. A DevOps engineer must implement this change without
affecting the operation of any AWS accounts. The implementation must ensure that individual member accounts in the
organization cannot turn off the notification.
Which solution will meet these requirements?
A. Designate an account to be the delegated Amazon GuardDuty administrator account. Turn on GuardDuty for all
accounts across the organization. In the GuardDuty administrator account, create an SNS topic. Subscribe the SecOps
team's email address to the SNS topic. In the same account, create an Amazon EventBridge rule that uses an event
pattern for GuardDuty findings and a target of the SNS topic.
B. Create an AWS CloudFormation template that creates an SNS topic and subscribes the SecOps teamâs email
address to the SNS topic. In the template, include an Amazon EventBridge rule that uses an event pattern of
CloudTrail activity for
s3:PutBucketPublicAccessBlock and a target of the SNS topic. Deploy the stack to every account in the organization
by using CloudFormation StackSets.
C. Turn on AWS Config across the organization. In the delegated administrator account, create an SNS topic.
Subscribe the SecOps team's email address to the SNS topic. Deploy a conformance pack that uses the s3-bucket-
level-public-access-prohibited AWS Config managed rule in each account and uses an AWS Systems Manager
document to publish an event to the SNS topic to notify the SecOps team.
D. Turn on Amazon Inspector across the organization. In the Amazon Inspector delegated administrator account, create
an SNS topic. Subscribe the SecOps teamâsemail address to the SNS topic. In the same account, create an Amazon
EventBridge rule that uses an event pattern for public network exposure of the S3 bucket and publishes an event to the
SNS topic to notify the SecOps team.
Answer: C
Question: 24
A development team is using AWS CodeCommit to version control application code and AWS CodePipeline to
orchestrate software deployments. The team has decided to use a remote main branch as the trigger for the pipeline to
integrate code changes. A developer has pushed code changes to the CodeCommit repository, but noticed that the
pipeline had no reaction, even after 10 minutes.
Which of the following actions should be taken to troubleshoot this issue?
A. Check that an Amazon EventBridge rule has been created for the main branch to trigger the pipeline.
B. Check that the CodePipeline service role has permission to access the CodeCommit repository.
C. Check that the developerâs IAM role has permission to push to the CodeCommit repository.
D. Check to see if the pipeline failed to start because of CodeCommit errors in Amazon CloudWatch Logs.
Answer: B
Question: 25
A company has an application that runs on Amazon EC2 instances that are in an Auto Scaling group. When the
application starts up. the application needs to process data from an Amazon S3 bucket before the application can start
to serve requests.
The size of the data that is stored in the S3 bucket is growing. When the Auto Scaling group adds new instances, the
application now takes several minutes to download and process the data before the application can serve requests. The
company must reduce the time that elapses before new EC2 instances are ready to serve requests.
Which solution is the MOST cost-effective way to reduce the application startup time?
A. Configure a warm pool for the Auto Scaling group with warmed EC2 instances in the Stopped state. Configure an
autoscaling:EC2_INSTANCE_LAUNCHING lifecycle hook on the Auto Scaling group. Modify the application to
complete the lifecycle hook when the application is ready to serve requests.
B. Increase the maximum instance count of the Auto Scaling group. Configure an
autoscaling:EC2_INSTANCE_LAUNCHING lifecycle hook on the Auto Scaling group.
Modify the application to complete the lifecycle hook when the application is ready to serve requests.
C. Configure a warm pool for the Auto Scaling group with warmed EC2 instances in the Running state. Configure an
autoscaling:EC2_INSTANCE_LAUNCHING lifecycle hook on the Auto Scaling group. Modify the application to
complete the lifecycle hook when the application is ready to serve requests.
D. Increase the maximum instance count of the Auto Scaling group. Configure an
autoscaling:EC2_INSTANCE_LAUNCHING lifecycle hook on the Auto Scaling group. Modify the application to
complete the lifecycle hook and to place the new instance in the Standby state when the application is ready to serve
requests.
Answer: A
User: Vitali***** I recently passed my DOP-C02 exam with Killexams, which was my primary study source, and I achieved stable average marks. This exam practice test is completely valid, and I highly recommend it to anyone pursuing IT certification. killexams.com is a reliable way to prepare and pass IT exams, as it ensures that you not only pass but also memorize and become a successful professional. In my IT organization, everyone has used or heard of the killexams.com materials. |
User: Susie***** Thanks to killexams.com, I was able to complete 75 out of 80 questions in a very short amount of time and score 80%. I had been preparing for the DOP-C02 certification exam for some time and the killexams.com Questions and Answers guide helped me to achieve my goal. I am grateful for the assistance provided by killexams.com. |
User: Latonya***** Thanks to Killexams.com, I was able to get all the information and guidance I needed to crack the dop-c02 exam. The website is a treasure trove of valuable information and resources that can help any student achieve success in the exam. I especially appreciated the dop-c02 practice software program, which outlines each subject matter and randomizes the questions to simulate the actual exam experience. The ability to get a score and evaluate myself on different parameters was extremely helpful. |
User: Svetlana***** I thank Killexams.com for providing me with high-quality training material for the DOP-C02 exam, which helped me achieve a score of 98%. By memorizing all the questions and their answers, I was able to easily mark the right answers during the exam. |
User: Jacob***** From the very beginning, I have struggled with self-doubt. However, I realized that I needed to undergo a change in my approach to the DOP-C02 exam, which will likely lead to my success. I am confident in my abilities, and I answered almost all questions in just 75 minutes with the help of Killexams.com practice tests. While no one person can change the world, they can still make their mark on it, and I hope to do so. |
Features of iPass4sure DOP-C02 Exam
- Files: PDF / Test Engine
- Premium Access
- Online Test Engine
- Instant download Access
- Comprehensive Q&A
- Success Rate
- Real Questions
- Updated Regularly
- Portable Files
- Unlimited Download
- 100% Secured
- Confidentiality: 100%
- Success Guarantee: 100%
- Any Hidden Cost: $0.00
- Auto Recharge: No
- Updates Intimation: by Email
- Technical Support: Free
- PDF Compatibility: Windows, Android, iOS, Linux
- Test Engine Compatibility: Mac / Windows / Android / iOS / Linux
Premium PDF with 121 Q&A
Get Full VersionAll Amazon Exams
Amazon ExamsCertification and Entry Test Exams
Complete exam list