Note! Following DOP-C01 Exam is Retired now. Please select the alternative replacement for your Exam Certification. The new exam code is DOP-C02

DOP-C01 Exam Dumps - AWS Certified DevOps Engineer - Professional

Go to page:

Question # 33

A company uses AWS Organizations lo manage multiple accounts. Information security policies require that all unencrypted Amazon EBS volumes be marked as non-compliant. A DevOps engineer needs to automatically deploy the solution and ensure that this compliance check is always present.

Which solution will accomplish this?

Create an AWS CloudFormation template that defines an AWS Inspector rule to check whether EBS encryption is enabled. Save the template to an Amazon S3 bucket that has been shared with all accounts within the company. Update the account creation script pointing to the CloudFormation template in Amazon S3.

Create an AWS Config organizational rule lo check whether EBS encryption is enabled and deploy the rule using the AWS CLI. Create and apply an SCP lo prohibit slopping and deleting AWS Config across the organization.

Create an SCP in Organizations. Set the policy to prevent the launch of Amazon EC2 instances without encryption on the EBS volumes using a conditional expression Apply the SCP to all AWS accounts. Use Amazon Athena to analyze the AWS CloudTrail output, looking for events that deny an ec2: Run instances action.

Deploy an IAM role to all accounts from a single trusted account. Build a pipeline with AWS CodePipeline with a stage m AWS Lambda to assume (he IAM role, and list all EBS volumes in the account Publish a report to Amazon S3.

Full Access

Question # 34

A company has developed a static website hosted on an Amazon S3 bucket. The website is deployed using AWS CloudFormation. The CloudFormation template defines an S3 bucket and a custom resource that copies content into the bucket from a source location.

The company has decided that it needs to move the website to a new location, so the existing CloudFormation stack must be deleted and re-created. However,

CloudFormation reports that the stack could not be deleted cleanly.

What is the MOST likely cause and how can the DevOps Engineer mitigate this problem for this and future versions of the website?

Deletion has failed because the S3 bucket has an active website configuration. Modify the CloudFormation template to remove the Website Configuration property from the S3 bucket resource.

Deletion has failed because the S3 bucket is not empty. Modify the custom resource's AWS Lambda function code to recursively empty the bucket when is Delete. RequestType

Deletion has failed because the custom resource does not define a deletion policy. Add a Deletion Policy property to the custom resource definition with a value of RemoveOnDeletion.

Deletion has failed because the S3 bucket is not empty. Modify the S3 bucket resource in the CloudFormation template to add a Deletion Policy property with a value of Empty.

Full Access

Question # 35

A DevOps Engineer wants to prevent Developers from pushing updates directly to the companyâ€™s master branch in AWS CodeCommit. These updates should be approved before they are merged.

Which solution will meet these requirements?

Configure an IAM role for the Developers with access to CodeCommit and an explicit deny for write actions when the reference is the master. Allow Developers to use feature branches and create a pull request when a feature is complete. Allow an approver to use CodeCommit to view the changes and approve the pull requests.

Configure an IAM role for the Developers to use feature branches and create a pull request when a feature is complete. Allow CodeCommit to test all code in the feature branches, and dynamically modify the IAM role to allow merging the feature branches into the master. Allow an approver to use CodeCommit to view the changes and approve the pull requests.

Configure an IAM role for the Developers to use feature branches and create a pull request when a feature is complete. Allow CodeCommit to test all code in the feature branches, and issue a new AWS Security Token Service (STS) token allowing a one-time API call to merge the feature branches into the master. Allow an approver to use CodeCommit to view the changes and approve the pull requests.

Configure an IAM role for the Developers with access to CodeCommit and attach an access policy to the CodeCommit repository that denies the Developers role access when the reference is master. Allow Developers to use feature branches and create a pull request when a feature is complete. Allow an approver to use CodeCommit to view the changes and approve the pull requests.

Full Access

Question # 36

Your application is currently running on Amazon EC2 instances behind a load balancer. Your management has decided to use a Blue/Green deployment strategy. How should you implement this for each deployment?

Set up Amazon Route 53 health checks to fail over from any Amazon EC2 instance that is currently being deployed to.

Using AWS CloudFormation, create a test stack for validating the code, and then deploy the code to each production Amazon EC2 instance.

Create a new load balancer with new Amazon EC2 instances, carry out the deployment, and then switch DNS over to the new load balancer using Amazon Route 53 after testing.

Launch more Amazon EC2 instances to ensure high availability, de-register each Amazon EC2 instance from the load balancer, upgrade it, and test it, and then register it again with the load balancer.

Full Access

Question # 37

A company recently launched an application that is more popular than expected. The company wants to ensure the application can scale to meet increasing demands and provide reliability using multiple Availability Zones (AZs) The application runs on a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB) A DevOps engineer has created an Auto Scaling group across multiple AZs for the application Instances launched in the newly added AZs are not receiving any traffic for the application.

What is likely causing this issue?

Auto Scaling groups can create new instances in a single AZ only.

The EC2 instances have not been manually associated to the ALB

The ALB should be replaced with a Network Load Balancer (NLB).

The new AZ has not been added to the ALB

Full Access

Question # 38

A company wants to migrate its content sharing web application hosted on Amazon EC2 to a serverless architecture. The company currently deploys changes to its application by creating a new Auto Scaling group of EC2 instances and a new Elastic Load Balancer and then shifting the traffic away using an Amazon Route 53 weighted routing policy

For its new serverless application, the company is planning to use Amazon API Gateway and AWS Lambda The company will need to update its deployment processes to work with the new application. It will also need to retain the ability to test new features on a small number of users before rolling the features out to the entire user base

Which deployment strategy will meet these requirements?

Use AWS CDK to deploy API Gateway and Lambda functions. When code needs to be changed, update the AWS

CloudFormation stack and deploy the new version of the APIs and Lambda functions. Use a Route 53 failover routing policy for the canary release strategy.

Use AWS CloudFormation to deploy API Gateway and Lambda functions using Lambda function versions When code needs to be changed, update the CloudFormation stack with the new Lambda code and update the API versions using a canary release strategy Promote the new version when testing is complete.

Use AWS Elastic Beanstalk to deploy API Gateway and Lambda functions When code needs to be changed, deploy a new version of the API and Lambda functions. Shift traffic gradually using an Elastic Beanstalk blue/green deployment.

Use AWS OpsWorks to deploy API Gateway in the service layer and Lambda functions in a custom layer. When code needs to be changed, use OpsWorks to perform a blue/green deployment and shift traffic gradually

Full Access

Question # 39

A company has an application that is using a MySQL -compatible Amazon Aurora Multi-AZ DB cluster as the database A cross-Region read replica has been created for disaster recovery purposes A DevOps engineer wants to automate the promotion of the replica so it becomes the primary database instance in the event of a failure

Which solution will accomplish this?

Configure a latency-based Amazon Route 53 CNAME with health checks so it points to both the primary and replica endpoints Subscribe an Amazon SNS topic to Amazon RDS failure notifications from AWS CloudTrail and use that topic to trigger an AWS Lambda function that will promote the replica instance as the master.

Create an Aurora custom endpoint to point to the primary database instance Configure the application to use this endpoint Configure AWS CloudTrail to run an AWS Lambda function to promote the replica instance and modify the custom endpoint to point to the newly promoted instance.

Create an AWS Lambda function to modify the application's AWS CloudFormation template to promote the replica, apply the template to update the stack, and pout the application to the newly promoted instance Create an Amazon CloudWatch alarm to trigger this Lambda function after the failure event occurs

Store the Aurora endpoint in AWS Systems Manager Parameter Store Create an Amazon EventBridge (Amazon CloudWatch Events) event that detects the database failure and runs an AWS Lambda function to promote the replica instance and update the endpoint URL stored in AWS Systems Manager Parameter Store Code the application to reload the endpoint from Parameter Store if a database connection fails.

Full Access

Go to page: