New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

  1. Home
  2. Amazon Web Services
  3. AWS Certified Professional
  4. DOP-C01 - AWS Certified DevOps Engineer - Professional
Note! Following DOP-C01 Exam is Retired now. Please select the alternative replacement for your Exam Certification. The new exam code is DOP-C02

DOP-C01 Exam Dumps - AWS Certified DevOps Engineer - Professional

Go to page:
Question # 4

A DevOps engineer is using AWS CodeBuild. AWS CodeDeploy. and Amazon S3 to build a centralized CI/CD pipeline. The DevOps engineer must implement least privilege access and encryption at rest for all artifacts in Amazon S3. The DevOps engineer must be able to prune old artifacts without having the ability to download or read them.

The DevOps engineer already has completed the following steps

1. Create a unique AWS Key Management Service (AWS KMS) CMK and S3 bucket for each project's builds 2 Update the S3 bucket policy to only allow uploads that use the associated KMS encryption

Which final step should the DevOps engineer take to meet these requirements?

A.

Update the attached IAM policies to allow access to the appropriate KMS key from the CodeDeploy role where the application will be deployed.

B.

Update the attached IAM policies to allow access to the appropriate KMS key from the EC2 instance roles where the application will be deployed

C.

Update the CMK's key policy to allow access to the appropriate KMS key from the CodeDeploy role where the application will be deployed.

D.

Update the CMK's key policy to allow access to the appropriate KMS key from the EC2 instance roles where the application will be deployed

Full Access
Question # 5

A company is using AWS Organizations to create separate AWS accounts for each of its departments. It needs to automate the following tasks:

Updating the Linux AMIs with new patches periodically and generating a golden image

Installing a new version of Chef agents in the golden image, if available

Enforcing the use of the newly generated golden AMIs in the department's account

Which option requires the LEAST management overhead?

A.

Write a script to launch an Amazon EC2 instance from the previous golden AMI, apply the patch updates, install the new version of the Chef agent, generate a new golden AMI, and then modify the AMI permissions to share only the new image with the departments’ accounts.

B.

Use an AWS Systems Manager Run Command to update the Chef agent first, use Amazon EC2 Systems Manager Automation to generate an updated AMI, and then assume an IAM role to copy the new golden AMI into the departments’ accounts.

C.

Use AWS Systems Manager Automation to update the Linux AMI using the previous image, provide the URL for the script that will update the Chef agent, and then use AWS Organizations to replace the previous golden AMI into the departments’ accounts.

D.

Use AWS Systems Manager Automation to update the Linux AMI from the previous golden image, provide the URL for the script that will update the Chef agent, and then share only the newly generated AMI with the departments’ accounts.

Full Access
Question # 6

A company has thousands of Amazon EC2 instances as well as hundreds of virtual machines on-premises. Developers routinely sign in to the console for on-premises systems to perform troubleshooting. The developers want to sign in to AWS instances to run performance tools, but are unable to due to the lack of a central console logging system. A DevOps engineer wants to ensure that console access is logged on all systems.

Which combination of steps will meet these requirements? (Select TWO.)

A.

Attach a role to all AWS instances that contains the appropriate permissions. Create an AWS Systems Manager managed-instance activation. Install and configure Systems Manager Agent on on-premises machines.

B.

Enable AWS Systems Manager Session Manager logging to an Amazon S3 bucket. Direct developers to connect to the systems with Session Manager only.

C.

Enable AWS Systems Manager Session Manager logging to AWS CloudTrail. Direct developers to continue normal sign-in procedures for on-premises. Use Session Manager for AWS instances.

D.

Install and configure an Amazon CloudWatch Logs agent on all systems. Create an AWS Systems Manager managed-instance activation.

E.

Set up a Site-to-Site VPN connection between the on-premises and AWS networks. Set up a bastion instance to allow developers to sign in to the AWS instances.

Full Access
Question # 7

A DevOps Engineer must create a Linux AMI in an automated fashion. The newly created AMI identification must be stored in a location where other build pipelines can access the new identification programmatically

What is the MOST cost-effective way to do this?

A.

Build a pipeline in AWS CodePipeline to download and save the latest operating system Open Virtualization Format (OVF) image to an Amazon S3 bucket, then customize the image using the guestfish utility. Use the virtual machine (VM) import command to convert the OVF to an AMI, and store the AMI identification output as an AWS Systems Manager parameter.

B.

Create an AWS Systems Manager automation document with values instructing how the image should be created. Then build a pipeline in AWS CodePipeline to execute the automation document to build the AMI when triggered. Store the AMI identification output as a Systems Manager parameter.

C.

Build a pipeline in AWS CodePipeline to take a snapshot of an Amazon EC2 instance running the latest version of the application. Then start a new EC2 instance from the snapshot and update the running instance using an AWS Lambda function. Take a snapshot of the updated instance, then convert it to an AMI. Store the AMI identification output in an Amazon DynamoDB table.

D.

Launch an Amazon EC2 instance and install Packer. Then configure a Packer build with values defining how the image should be created. Build a Jenkins pipeline to invoke the Packer build when triggered to build an AMI. Store the AMI identification output in an Amazon DynamoDB table.

Full Access
Question # 8

To run an application, a DevOps Engineer launches an Amazon EC2 instances with public IP addresses in a public subnet. A user data script obtains the application artifacts and installs them on the instances upon launch. A change to the security classification of the application now requires the instances to run with no access to the Internet. While the instances launch successfully and show as healthy, the application does not seem to be installed.

Which of the following should successfully install the application while complying with the new rule?

A.

Launch the instances in a public subnet with Elastic IP addresses attached. Once the application is installed and running, run a script to disassociate the Elastic IP addresses afterwards.

B.

Set up a NAT gateway. Deploy the EC2 instances to a private subnet. Update the private subnet's route table to use the NAT gateway as the default route.

C.

Publish the application artifacts to an Amazon S3 bucket and create a VPC endpoint for S3. Assign an IAM instance profile to the EC2 instances so they can read the application artifacts from the S3 bucket.

D.

Create a security group for the application instances and whitelist only outbound traffic to the artifact repository. Remove the security group rule once the install is complete.

Full Access
Go to page:

Hot Exams

ADM-201 Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
350-701 Dumps
SY0-601 Dumps
NCSE-Core Dumps
PDP9 Dumps
DP-203 Dumps
AZ-700 Dumps
NSE7_EFW-7.0 Dumps
Integration-Architect Dumps
CS0-003 Dumps