Share Amazon DOP-C01 exam practice questions and answers from Lead4Pass latest updated DOP-C01 dumps free of charge.
Get the latest uploaded DOP-C01 dumps pdf from google driver online. To get the full Amazon DOP-C01 dumps PDF or dumps
VCE visit: https://www.leads4pass.com/aws-devops-engineer-professional.html (Q&As: 362). all Amazon DOP-C01 exam questions have been updated, the answer has been corrected!
Make sure your exam questions are real and effective to help you pass your first exam!
[Amazon DOP-C01 Dumps pdf] Latest Amazon DOP-C01 Dumps PDF collected by Lead4pass Google Drive:
https://drive.google.com/file/d/1-c_69VTCrs0DPpveFW9y6EeQMFD1MnLm/
[Amazon DOP-C01 Youtube] Amazon DOP-C01 exam questions and answers are shared free of charge from Youtube watching uploads from Lead4pass
Latest Update Amazon DOP-C01 Exam Practice Questions and Answers Online Test
QUESTION 1
The management team at a company with a large on-premises OpenStack environment wants to move non-production
workloads to AWS. An AWS Direct Connect connection has been provisioned and configured to connect the
environments. Due to contractual obligations, the production workloads must remain on-premises and will be moved to
AWS after the next contract negotiation. The company follows Center for Internet Security (CIS) standards for
hardening
images; this configuration was developed using the company\\’s configuration management system.
Which solution will automatically create an identical image in the AWS environment without the significant overhead?
A. Write an AWS CloudFormation template that will create an Amazon EC2 instance. Use cloud-unit to install the
configuration management agent, use cfn-wait to wait for configuration management to successfully apply and use an
AWS Lambda-backed custom resource to create the AMI.
B. Log in to the console, launch an Amazon EC2 instance and install the configuration management agent. When
changes are applied through the configuration management system, log in to the console and create a new AMI from
the instance.
C. Create a new AWS OpsWorks layer and mirror the image hardening standards. Use this layer as the baseline for all
AWS workloads.
D. When a change is made in the configuration management system, a job in Jenkins is triggered to use the VM Import
command to create an Amazon EC2 instance in the Amazon VPC. Use lifecycle hooks to launch an AWS Lambda
function to create the AMI.
Correct Answer: A
QUESTION 2
A company discovers that some IAM users have been storing their AWS access keys in configuration files that have
been pushed to a Git repository hosting service. Which solution will require the LEAST amount of management
overhead while preventing the exposed AWS access keys from being used?
A. Build an application that will create a list of all AWS access keys in the account and search each key on Git
repository hosting services. If a match is found, configure the application to disable the associated access key. Then
deploy the application to an AWS Elastic Beanstalk worker environment and define a periodic task to invoke the
application every hour.
B. Use Amazon Inspector to detect when a key has been exposed online. Have Amazon Inspector send a notification to
an Amazon SNS topic when a key has been exposed. Create an AWS Lambda function subscribed to the SNS topic to
disable the IAM user to whom the key belongs, and then delete the key so that it cannot be used.
C. Configure AWS Trusted Advisor and create an Amazon CloudWatch Events rule that uses Trusted Advisor as the
event source. Configure the CloudWatch Events rule to invoke an AWS Lambda function as the target. If the Lambda
function finds the exposed access keys, then have it disable the access key so that it cannot be used.
D. Create an AWS Config rule to detect when a key is exposed online. Haw AWS Config send change notifications to an
SNS topic. Configure an AWS Lambda function that is subscribed to the SNS topic to check the notification sent by
AWS Config, and then disable the access key so it cannot be used.
Correct Answer: D
QUESTION 3
You run operations for a company that processes digital wallet payments at a very high volume. One second of
downtime, during which you drop payments or are otherwise unavailable, loses you on average USD 100. You balance
the financials of the transaction system once per day. Which database setup is best suited to address this business
risk?
A. A multi-AZ RDS deployment with synchronous replication to multiple standbys and read-replicas for fast failover and
ACID properties.
B. A multi-region, multi-master, active-active RDS configuration using database-level ACID design principles with
database trigger writes for replication.
C. A multi-region, multi-master, active-active DynamoDB configuration using application control-level BASE design
principles with change-stream write queue buffers for replication.
D. A multi-AZ DynamoDB setup with changes streamed to S3 via AWS Kinesis, for highly durable storage and BASE
properties.
Correct Answer: C
Only the multi-master, multi-region DynamoDB answer makes sense. Multi-AZ deployments do not provide sufficient
availability when a business loses USD 360,000 per hour of unavailability. As RDS does not natively support multi region,
and ACID does not perform well/at all over large distances between regions, only the DynamoDB answer works.
Reference:
http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.CrossRegionRepl.html
QUESTION 4
A company wants to adopt a methodology for handling security threats from leaked and compromised IAM access keys.
The DevOps Engineer has been asked to automate the process of acting upon compromised access keys, which
includes identifying users, revoking their permissions, and sending a notification to the Security team.
Which of the following would achieve this goal?
A. Use the AWS Trusted Advisor generated security report for access keys. Use Amazon EMR to run analytics on the
report. Identify compromised IAM access keys and delete them. Use Amazon CloudWatch with an EMR Cluster State
Change event to notify the Security team.
B. Use AWS Trusted Advisor to identify compromised access keys. Create an Amazon CloudWatch Events rule with
Trusted Advisor as the event source, and AWS Lambda and Amazon SNS as targets. Use AWS Lambda to delete
compromised IAM access keys and Amazon SNS to notify the Security team.
C. Use the AWS Trusted Advisor generated security report for access keys. Use AWS Lambda to scan through the
report. Use scan results inside AWS Lambda and delete compromised IAM access keys. Use Amazon SNS to notify the
Security team.
D. Use AWS Lambda with a third-party library to scan for compromised access keys. Use scan result inside AWS
Lambda and delete compromised IAM access keys. Create Amazon CloudWatch custom metrics for compromised
keys. Create a CloudWatch alarm on the metrics to notify the Security team.
Correct Answer: B
Reference https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf
QUESTION 5
A DevOps Engineer is implementing a mechanism for canary testing an application on AWS. The application was
recently modified and went through security, unit, and functional testing. The application needs to be deployed on an
AutoScaling group and must use a Classic Load Balancer.
Which design meets the requirement for canary testing?
A. Create a different Classic Load Balancer and Auto Scaling group for blue/green environments. Use Amazon Route
53 and create weighted A records on Classic Load Balancer.
B. Create a single Classic Load Balancer and an Auto Scaling group for blue/green environments. Use Amazon Route
53 and create A records for Classic Load Balancer IPs. Adjust traffic using A records.
C. Create a single Classic Load Balancer and an Auto Scaling group for blue/green environments. Create an Amazon
CloudFront distribution with the Classic Load Balancer as the origin. Adjust traffic using CloudFront.
D. Create a different Classic Load Balancer and Auto Scaling group for blue/green environments. Create an Amazon
API Gateway with a separate stage for the Classic Load Balancer. Adjust traffic by giving weights to this stage.
Correct Answer: A
QUESTION 6
You need to know when you spend $1000 or more on AWS. What\\’s the easy way for you to see that notification?
A. AWS CloudWatch Events tied to API calls, when certain thresholds are exceeded, publish to SNS.
B. Scrape the billing page periodically and pump into Kinesis.
C. AWS CloudWatch Metrics + Billing Alarm + Lambda event subscription. When a threshold is exceeded, email the
manager.
D. Scrape the billing page periodically and publish it to SNS.
Correct Answer: C
Even if you\\’re careful to stay within the free tier, it\\’s a good idea to create a billing alarm to notify you if you exceed
the limits of the free tier. Billing alarms can help to protect you against unknowingly accruing charges if you inadvertently
use a service outside of the free tier or if traffic exceeds your expectations. Reference:
http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-alarms.html
QUESTION 7
There are a number of ways to purchase compute capacity on AWS. Which orders the price per compute or memory unit from LOW to HIGH (cheapest to most expensive), on average?
A. On-Demand
B. Spot
C. Reserved
A. A, B, C
B. C, B, A
C. B, C, A
D. A, C, B
Correct Answer: C
Spot instances are usually many, many times cheaper than on-demand prices. Reserved instances, depending on their
term and utilization, can yield approximately 33% to 66% cost savings. On-Demand prices are the baseline price and
are the most expensive way to purchase EC2 compute time. Reference:
https://d0.awsstatic.com/whitepapers/Cost_Optimization_with_AWS.pdf
QUESTION 8
A DevOps Engineer has a single Amazon Dynamo DB table that received shipping orders and tracks inventory. The engineer has three AWS Lambda functions reading from a DymamoDB stream on that table. The Lambda functions
perform various functions such as doing an item count, moving items to Amazon Kinesis Data Firehose, monitoring
inventory levels, and creating vendor orders when parts are low. While reviewing logs, the Engineer notices the Lambda
functions occasionally fail under increased load, receiving a stream throttling error.
Which is the MOST cost-effective solution that requires the LEAST amount of operational management?
A. Use AWS Glue integration to ingest the DynamoDB stream, then migrate the Lambda code to an AWS Fargate task.
B. Use Amazon Kinesis streams instead of Dynamo DB streams, then use Kinesis analytics to trigger the Lambda
functions.
C. Create a fourth Lambda function and configure it to be the only Lambda reading from the stream. Then use this
Lambda function to pass the payload to the other three Lambda functions.
D. Have the Lambda functions query the table directly and disable DynamoDB streams. Then have the Lambda
functions query from a global secondary index.
Correct Answer: C
QUESTION 9
An IT department manages a portfolio with Windows and Linux (Amazon and Red Hat Enterprise Linux) servers both on-premises and on AWS. An audit reveals that there is no process for updating OS and core application patches, and that
the servers have inconsistent patch levels.
Which of the following provides the MOST reliable and consistent mechanism for updating and maintaining all servers at
the recent OS and core application patch levels?
A. Install AWS Systems Manager agent on all on-premises and AWS servers. Create Systems Manager Resource
Groups. Use Systems Manager Patch Manager with a preconfigured patch baseline to run scheduled patch updates
during maintenance windows.
B. Install the AWS OpsWorks agent on all on-premises and AWS servers. Create an OpsWorks stack with separate
layers for each operating system, and get a recipe from the Chef supermarket to run the patch commands for each layer
during maintenance windows.
C. Use a shell script to install the latest OS patches on the Linux servers using yum and schedule it to run automatically
using cron. Use Windows Update to automatically patch Windows servers.
D. Use AWS Systems Manager Parameter Store to securely store credentials for each Linux and Windows server.
Create Systems Manager Resource Groups. Use the Systems Manager Run Command to remotely deploy the patch
updates using the credentials in the Systems Manager Parameter Store
Correct Answer: D
QUESTION 10
A company hosts parts of a Python-based application using AWS Elastic Beanstalk. An Elastic Beanstalk CLI is being
used to create and update the environments. The Operations team detected an increase in requests in one of the
Elastic
Beanstalk environments that caused downtime overnight. The team noted that the policy used for AWS Auto Scaling is networked out. Based on load testing metrics, the team determined that the application needs to scale CPU utilization to
improve the resilience of the environments. The team wants to implement this across all environments automatically.
Following AWS recommendations, how should this automation be implemented?
A. Using extensions, place a command within the container_commands key to perform an API call to modify the
scaling metric to CPUUtilization for the Auto Scaling configuration. Use leader_only to execute this command in only the
first instance launched within the environment.
B. Using extensions, create a custom resource that modifies the AWSEBAutoScalingScaleUpPolicy and
AWSEBAutoScalingScaleDownPolicy resources to use CPUUtilization as a metric to scale for the Auto Scaling group.
C. Using extensions, configure the option setting MeasureName to CPUUtilization within the AWS:autoscaling: trigger
namespace.
D. Using extensions, place a script within the files key and place it in /opt/elasticbeanstalk/hooks/appdeploy/pre to
perform an API call to modify the scaling metric to CPUUtilization for the Auto Scaling configuration. Use leader_only to
place this script in only the first instance launched within the environment.
Correct Answer: C
QUESTION 11
You are designing a system that needs, at minimum, 8 m4.large instances operating to service traffic. When
designing a system for high availability in the us-east-1 region, which has 6 Availability Zones, your company needs to
be able to handle the death of a full availability zone. How should you distribute the servers, to save as much cost as
possible, assuming all of the EC2 nodes are properly linked to an ELB? Your VPC account can utilize us-east-1\\’s
AZ\\’s a through f, inclusive.
A. 3 servers in each of AZ\\’s a through d, inclusive.
B. 8 servers in each of AZ\\’s a and b.
C. 2 servers in each of AZ\\’s a through e, inclusive.
D. 4 servers in each of AZ\\’s a through c, inclusive.
Correct Answer: C
You need to design for N+1 redundancy on Availability Zones. ZONE_COUNT = (REQUIRED_INSTANCES /
INSTANCE_COUNT_PER_ZONE) + 1. To minimize cost, spread the instances across as many possible zones as you
can. By using a though e, you are allocating 5 zones. Using 2 instances, you have 10 total instances. If a single zone
fails, you have 4 zones left, with 2 instances each, for a total of 8 instances. By spreading out as much as possible, you
have increased cost by only 25% and significantly de-risked an availability zone failure. Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-regionsavailability-zones
QUESTION 12
A financial institution provides security-hardened AMIs of Red Hat Enterprise Linux 7.4 and Windows Server 2016 for its
application teams to use in deployments. A DevOps Engineer needs to implement an automated daily check of each
AMI
to monitor for the latest CVE.
How should the Engineer implement these checks using Amazon Inspector?
A. Install the Amazon Inspector agent in each AMI. Configure AWS Step Functions to launch an Amazon EC2 instance
for each operating system from the hardened AMI, and tag the instance with SecurityCheck: True. Once EC2 instances
have booted up, Step Functions will trigger an Amazon Inspector assessment for all instances with the tag
SecurityCheck: True. Implement a scheduled Amazon CloudWatch Events rule that triggers Step Functions once each
day.
B. Tag each AMI with SecurityCheck: True. Configure AWS Step Functions to first compose an Amazon Inspector
assessment template for all AMIs that have the tag SecurityCheck: True and second to make a call to the Amazon
Inspector API action StartAssessmentRun. Implement a scheduled Amazon CloudWatch Events rule that triggers Step
Functions once each day.
C. Tag each AMI with SecurityCheck: True. Implement a scheduled Amazon Inspector assessment to run once each
day for all AMIs with the tag SecurityCheck: True. Amazon Inspector should automatically launch an Amazon EC2 instance for each AMI and perform a security assessment.
D. Tag each instance with SecurityCheck: True. Implement a scheduled Amazon Inspector assessment to tun once
each day for all instances with the tag SecurityCheck: True. Amazon Inspector should automatically perform an in-place
security assessment for each AMI.
Correct Answer: A
QUESTION 13
A DevOps Engineer is working with an application deployed to 12 Amazon EC2 instances across 3 Availability Zones.
New instances can be started from an AMI image. On a typical day, each EC2 instance has 30% utilization during
business hours and 10% utilization after business hours. The CPU utilization has an immediate spike in the first few
minutes of business hours. Other increases in CPU utilization rise gradually.
The Engineer has been asked to reduce costs while retaining the same or higher reliability.
Which solution meets these requirements?
A. Create two Amazon CloudWatch Events rules with schedules before and after business hours begin and end. Create
two AWS Lambda functions, one invoked by each rule. The first function should stop nine instances after business
hours end, the second function should restart the nine instances before the business day begins.
B. Create an Amazon EC2 Auto Scaling group using the AMI image, with a scaling action based on the Auto Scaling
group\\’s CPU Utilization average with a target of 75%. Create a scheduled action for the group to adjust the minimum
number of instances to three after business hours end and reset to six before business hours begin.
C. Create two Amazon CloudWatch Events rules with schedules before and after business hours begin and end. Create
an AWS CloudFormation stack, which creates an EC2 Auto Scaling group, with a parameter for the number of
instances. Invoke the stack from each rule, passing a parameter value of three in the morning, and six in the evening.
D. Create an EC2 Auto Scaling group using the AMI image, with a scaling action based on the Auto Scaling group\\’s
CPU Utilization average with a target of 75%. Create a scheduled action to terminate nine instances each evening after
the close of business.
Correct Answer: C
For the full Amazon DOP-C01 exam dumps from Lead4pass DOP-C01 Dumps pdf or Dumps VCE visit: https://www.leads4pass.com/aws-devops-engineer-professional.html (Q&As: 362 dumps)
ps.
Get free Amazon DOP-C01 dumps PDF online: https://drive.google.com/file/d/1-c_69VTCrs0DPpveFW9y6EeQMFD1MnLm/