• Home
  • Blogs
  • Amazon DOP-C01 Dumps Updated [Sep-2021] Get 100% Real Exam Questions! [Q45-Q64]

Amazon DOP-C01 Dumps Updated [Sep-2021] Get 100% Real Exam Questions! [Q45-Q64]

Share

[Sep-2021] Pass Amazon DOP-C01 Exam in First Attempt Guaranteed!

Full DOP-C01 Practice Test and 275 unique questions with explanations waiting just for you, get it now!

NEW QUESTION 45
When thinking of AWS Elastic Beanstalk's model, which is true?

  • A. Deployments have many environments, environments have many applications.
  • B. Applications have many deployments, deployments have many environments.
  • C. Environments have many applications, applications have many deployments.
  • D. Applications have many environments, environments have many deployments.

Answer: D

Explanation:
Explanation
The first step in using Elastic Beanstalk is to create an application, which represents your web application in AWS. In Elastic Beanstalk an application serves as a container for the environments that run your web app, and versions of your web app's source code, saved configurations, logs and other artifacts that you create while using Elastic Beanstalk.
For more information on Applications, please refer to the below link:
* http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/applications.html
Deploying a new version of your application to an environment is typically a fairly quick process.
The new source bundle is deployed to an instance and extracted, and then the web container or application server picks up the new version and restarts if necessary. During deployment, your application might still become unavailable to users for a few seconds. You can prevent this by configuring your environment to use rolling deployments to deploy the new version to instances in batches. For more information on deployment, please refer to the below link:
* http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.deploy-existing-version.html

 

NEW QUESTION 46
You are working with a customer who is using Chef Configuration management in their data center. Which service is designed to let the customer leverage existing Chef recipes in AWS?

  • A. AmazonSimple Workflow Service
  • B. AWSEIastic Beanstalk
  • C. AWSOpsWorks
  • D. AWSCIoudFormation

Answer: C

Explanation:
Explanation
AWS OpsWorks is a configuration management service that helps you configure and operate applications of all shapes and sizes using Chef. You can define the application's architecture and the specification of each component including package installation, software configuration and resources such as storage. Start from templates for common technologies like application servers and databases or build your own to perform any task that can be scripted. AWS OpsWorks includes automation to scale your application based on time or load and dynamic configuration to orchestrate changes as your environment scales.
For more information on Opswork, please visit the link:
* https://aws.amazon.com/opsworks/

 

NEW QUESTION 47
A DevOps engineer is tasked with moving a mission-critical business application running in Go to AWS. The development team running this application is understaffed and requires a solution that allows the team to focus on application development. They also want to enable blue/green deployments and perform A/B testing.
Which solution will meet these requirements?

  • A. Use AWS CodePipeline with AWS CodeDeploy to deploy the application to a fleet of Amazon EC2 instances. Use an Elastic Load Balancer to distribute the traffic to the EC2 instances. When making changes to the application, upload a new version to CodePipeline and let it deploy the new version.
  • B. Use AWS Elastic Beanstalk to host the application. Store a zipped version of the application in Amazon S3, and use that location to deploy new versions of the application using Elastic Beanstalk to manage the deployment options.
  • C. Deploy the application on an Amazon EC2 instance and create an AMI of this instance. Use this AMI to create an automatic scaling launch configuration that is used in an Auto Scaling group. Use an Elastic Load Balancer to distribute traffic. When changes are made to the application, a new AMI is created and replaces the launch configuration.
  • D. Use Amazon Lightsail to deploy the application. Store the application in a zipped format in an Amazon S3 bucket Use this zipped version to deploy new versions of the application to Lightsail. Use Lightsail deployment options to manage the deployment.

Answer: B

 

NEW QUESTION 48
To override an allow in an IAM policy, you set the Effect element to ______.

  • A. Allow
  • B. Block
  • C. Deny
  • D. Stop

Answer: C

Explanation:
By default, access to resources is denied. To allow access to a resource, you must set the Effect element to Allow. To override an allow (for example, to override an allow that is otherwise in force), you set the Effect element to Deny.
Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguage_ElementDescriptions.
html

 

NEW QUESTION 49
A company is building a web and mobile application that uses a serverless architecture powered by AWS Lambda and Amazon API Gateway. The company wants to fully automate the backend Lambda deployment based on code that is pushed to the appropriate environment branch in an AWS CodeCommit repository.
The deployment must have the following:
* Separate environment pipelines for testing and production.
* Automatic deployment that occurs for test environments only.
Which steps should be taken to meet these requirements?

  • A. Configure a new AWS CodePipeline service. Create a CodeCommit repository for each environment.
    Set up CodePipeline to retrieve the source code from the appropriate repository. Set up a deployment step to deploy the Lambda functions with AWS CloudFormation.
  • B. Create two AWS CodePipeline configurations for test and production environments. Configure the production pipeline to have a manual approval step. Create one CodeCommit repository with a branch for each environment. Set up each CodePipeline to retrieve the source code from the appropriate branch in the repository. Set up the deployment step to deploy the Lambda functions with AWS CloudFormation.
  • C. Create an AWS CodeBuild configuration for test and production environments. Configure the production pipeline to have a manual approval step. Create one CodeCommit repository with a branch for each environment. Push the Lambda function code to an Amazon S3 bucket. Set up the deployment step to deploy the Lambda functions from the S3 bucket.
  • D. Create two AWS CodePipeline configurations for test and production environments. Configure the production pipeline to have a manual approval step. Create a CodeCommit repository for each environment. Set up each CodePipeline to retrieve the source code from the appropriate repository. Set up the deployment step to deploy the Lambda functions with AWS CloudFormation.

Answer: D

 

NEW QUESTION 50
For AWS Auto Scaling, what is the first transition state an instance enters after leaving steady state when scaling in due to health check failure or decreased load?

  • A. EnteringStandby
  • B. Detaching
  • C. Terminating
  • D. Terminating:Wait

Answer: C

Explanation:
When Auto Scaling responds to a scale in event, it terminates one or more instances. These instances are detached from the Auto Scaling group and enter the Terminating state.
http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/AutoScalingGroupLifecycle.html

 

NEW QUESTION 51
A financial institution provides security-hardened AMIs of Red Hat Enterprise Linux 7.4 and Windows Server 2016 for its application teams to use in deployments. A DevOps Engineer needs to implement an automated daily check of each AMI to monitor for the latest CVE. How should the Engineer implement these checks using Amazon Inspector?

  • A. Tag each instance with SecurityCheck: True. Implement a scheduled Amazon Inspector assessment to run once each day for all instances with the tag SecurityCheck: True. Amazon Inspector should automatically perform an in-place security assessment for each AMI.
  • B. Tag each AMI with SecurityCheck: True. Implement a scheduled Amazon Inspector assessment to run once each day for all AMIs with the tag SecurityCheck: True. Amazon Inspector should automatically launch an Amazon EC2 instance for each AMI and perform a security assessment.
  • C. Install the Amazon Inspector agent in each AMI. Configure AWS Step Functions to launch an Amazon EC2 instance for each operating system from the hardened AMI, and tag the instance with SecurityCheck: True. Once EC2 instances have booted up, Step Functions will trigger an Amazon Inspector assessment for all instances with the tag SecurityCheck: True. Implement a scheduled Amazon CloudWatch Events rule that triggers Step Functions once each day.
  • D. Tag each AMI with SecurityCheck: True. Configure AWS Step Functions to first compose an Amazon Inspector assessment template for all AMIs that have the tag SecurityCheck: True and second to make a call to the Amazon Inspector API action StartAssessmentRun. Implement a scheduled Amazon CloudWatch Events rule that triggers Step Functions once each day.

Answer: C

Explanation:
https://aws.amazon.com/pt/blogs/security/how-to-set-up-continuous-golden-ami-vulnerability-assessments-with-amazon-inspector/

 

NEW QUESTION 52
Your company has a number of Cloudformation stacks defined in AWS. As part of the routine housekeeping
activity, a number of stacks have been targeted for deletion. But a few of the stacks are not getting deleted and
are failing when you are trying to delete them. Which of the following could be valid reasons for this? Choose
2 answers from the options given below

  • A. Thestack consists of an EC2 resource which was created with a custom AMI.
  • B. Thestack has an S3 bucket defined which has objects present in it.
  • C. Thestacks were created with the wrong template version. Since the standardtemplate version is now
    higher, it is preventing the deletion of the stacks.You need to contact AWS support.
  • D. Thestack has a EC2 Security Group which has EC2 Instances attached to it.

Answer: B,D

Explanation:
Explanation
The AWS documentation mentions the below point
Some resources must be empty before they can be deleted. For example, you must delete all objects in an
Amazon S3 bucket or remove all instances in an Amazon
CC2 security group before you can delete the bucket or security group
For more information on troubleshooting cloudformation stacks, please visit the below URL:
* http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/troubleshooting.html

 

NEW QUESTION 53
Which of these techniques enables the fastest possible rollback times in the event of a failed deployment?

  • A. Rolling; Immutable
  • B. Canary or A/B
  • C. Blue-Green
  • D. Rolling; Mutable

Answer: C

Explanation:
AWS specifically recommends Blue-Green for super-fast, zero-downtime deploys - and thus rollbacks, which are redeploying old code.
You use various strategies to migrate the traffic from your current application stack (blue) to a new version of the application (green). This is a popular technique for deploying applications with zero downtime. https://d0.awsstatic.com/whitepapers/overview-of-deployment-options-on- aws.pdf

 

NEW QUESTION 54
A company has multiple child accounts that are part of an organization in AWS Organizations. The security team needs to review every Amazon EC2 security group and their inbound and outbound rules. The security team wants to programmatically retrieve this information from the child accounts using an AWS Lambda function in the master account of the organization.
Which combination of access changes will meet these requirements? (Select THREE.)

  • A. Create a trust relationship that allows users in the master account to assume the IAM roles of the child accounts.
  • B. Create an IAM role in the master account that has access to the AmazonEC2ReadOnlyAccess managed policy.
  • C. Create an IAM role in each child account to allow the sts:AssumeRole action against the master account IAM role's ARN.
  • D. Create a trust relationship that allows users in the child accounts to assume the master account IAM role.
  • E. Create an IAM role in the master account that allows the sts:AssumeRole action against the child account IAM role's ARN.
  • F. Create an IAM role in each child account that has access to the AmazonEC2ReadOnlyAccess managed policy.

Answer: B,C,D

 

NEW QUESTION 55
You are working with a customer who is using Chef Configuration management in their data center. Which
service is designed to let the customer leverage existing Chef recipes in AWS?

  • A. AmazonSimple Workflow Service
  • B. AWSEIastic Beanstalk
  • C. AWSOpsWorks
  • D. AWSCIoudFormation

Answer: C

Explanation:
Explanation
AWS OpsWorks is a configuration management service that helps you configure and operate applications of
all shapes and sizes using Chef. You can define the application's architecture and the specification of each
component including package installation, software configuration and resources such as storage. Start from
templates for common technologies like application servers and databases or build your own to perform any
task that can be scripted. AWS OpsWorks includes automation to scale your application based on time or load
and dynamic configuration to orchestrate changes as your environment scales.
For more information on Opswork, please visit the link:
* https://aws.amazon.com/opsworks/

 

NEW QUESTION 56
A company is hosting a web application in an AWS Region. For disaster recovery purposes, a second region is being used as a standby. Disaster recovery requirements state that session data must be replicated between regions in near-real time and 1% of requests should route to the secondary region to continuously verify system functionality. Additionally, if there is a disruption in service in the main region, traffic should be automatically routed to the secondary region, and the secondary region must be able to scale up to handle all traffic.
How should a DevOps Engineer meet these requirements?

  • A. In both regions, deploy the application in AWS Lambda, exposed by Amazon API Gateway, and use Amazon RDS PostgreSQL with cross-region replication for session data. Deploy the web application with client-side logic to call the API Gateway directly.
  • B. In both regions, deploy the application on AWS Elastic Beanstalk and use Amazon DynamoDB global tables for session data. Use an Amazon Route 53 weighted routing policy with health checks to distribute the traffic across the regions.
  • C. In both regions, launch the application in Auto Scaling groups and use DynamoDB global tables for session data. Enable an Amazon CloudFront weighted distribution across regions. Point the Amazon Route 53 DNS record at the CloudFront distribution.
  • D. In both regions, launch the application in Auto Scaling groups and use DynamoDB for session data.
    Use a Route 53 failover routing policy with health checks to distribute the traffic across the regions.

Answer: B

 

NEW QUESTION 57
You have just recently deployed an application on EC2 instances behind an ELB. After a couple of weeks,
customers are complaining on receiving errors from the application. You want to diagnose the errors and are
trying to get errors from the ELB access logs. But the ELB access logs are empty. What is the reason for this.

  • A. ELB Access logs are only available for a maximum of one week.
  • B. You do not have your CloudWatch metrics correctly configured
  • C. Access logging is an optional feature of Elastic Load Balancing that is disabled by default
  • D. You do not have the appropriate permissions to access the logs

Answer: C

Explanation:
Explanation
Clastic Load Balancing provides access logs that capture detailed information about requests sent to your load
balancer. Cach log contains information such as the
time the request was received, the client's IP address, latencies, request paths, and server responses. You can
use these access logs to analyze traffic patterns and
to troubleshoot issues.
Access logging is an optional feature of Elastic Load Balancing that is disabled by default. After you enable
access logging for your load balancer. Clastic Load
Balancing captures the logs and stores them in the Amazon S3 bucket that you specify. You can disable access
logging at any time.
For more information on CLB access logs, please refer to the below document link: from AWS
* http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/access-log-collection.
html

 

NEW QUESTION 58
What is the maximum supported single-volume throughput on EBS?

  • A. 40MiB/s
  • B. 160MiB/s
  • C. 320MiB/s
  • D. 640MiB/s

Answer: C

Explanation:
The ceiling throughput for PIOPS on EBS is 320MiB/s.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html

 

NEW QUESTION 59
You are working as an AWS Devops admins for your company. You are in-charge of building the infrastructure for the company's development teams using Cloudformation. The template will include building the VPC and networking components, installing a LAMP stack and securing the created resources. As per the AWS best practices what is the best way to design this template

  • A. Create a single cloudformation template to create all the resources since it would be easierfrom the maintenance perspective.
  • B. Create multiple cloudformation templates based on the number of VPC's in the environment.
  • C. Create multiple cloudformation templates based on the number of development groups in the environment.
  • D. Create multiple cloudformation templates for each set of logical resources, one for networking, the otherfor LAMP stack creation.

Answer: D

Explanation:
Explanation
Creating multiple cloudformation templates is an example of using nested stacks. The advantage of using nested stacks is given below as per the AWS documentation As your infrastructure grows, common patterns can emerge in which you declare the same components in each of your templates. You can separate out these common components and create dedicated templates for them. That way, you can mix and match different templates but use nested stacks to create a single, unified stack. Nested stacks are stacks that create other stacks. To create nested stacks, use the AWS::CloudFormation::Stackresource in your template to reference other templates.
For more information on Cloudformation best practices, please refer to the below link:
* http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/best-practices.
html

 

NEW QUESTION 60
You are a Devops Engineer for your company. The company has a number of Cloudformation templates in
AWS. There is a concern from the IT Security department and they want to know who all use the
Cloudformation stacks in the company's AWS account. Which of the following can be done to take care of this
security concern?

  • A. EnableCloudwatch logs for each cloudformation stack to track the resource creationevents.
  • B. EnableCloudtrail logs so that the API calls can be recorded
  • C. EnableCloudwatch events for each cloudformation stack to track the resource creationevents.
  • D. ConnectSQS and Cloudformation so that a message is published for each resource createdin the
    Cloudformation stack.

Answer: B

Explanation:
Explanation
This is given as a best practice in the AWS documentation
AWS CloudTrail tracks anyone making AWS Cloud Formation API calls in your AWS account. API calls are
logged whenever anyone uses the AWS Cloud Formation API,
the AWS Cloud Formation console, a back-end console, or AWS CloudFormation AWS CLI commands.
Enable logging and specify an Amazon S3 bucket to store the
logs. That way, if you ever need to, you can audit who made what AWS CloudFormation call in your account
For more information on the best practises, please visit the below URL:
* http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/best-practices.
html

 

NEW QUESTION 61
Which of these configuration or deployment practices is a security risk for RDS?

  • A. Non-Multi-AZ RDS instance
  • B. RDS in a public subnet
  • C. Storing SQL function code in plaintext
  • D. Having RDS and EC2 instances exist in the same subnet

Answer: B

Explanation:
Making RDS accessible to the public internet in a public subnet poses a security risk, by making your database directly addressable and spammable.
DB instances deployed within a VPC can be configured to be accessible from the Internet or from EC2 instances outside the VPC. If a VPC security group specifies a port access such as TCP port
22, you would not be able to access the DB instance because the firewall for the DB instance provides access only via the IP addresses specified by the DB security groups the instance is a member of and the port defined when the DB instance was created.
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.RDSSecurityGroups.html

 

NEW QUESTION 62
A company is using several AWS CloudFormation templates for deploying infrastructure as code.
In most of the deployments, the company uses Amazon EC2 Auto Scaling groups. A DevOps Engineer needs to update the AMIs for the Auto Scaling group in the template if newer AMIs are available.
How can these requirements be met?

  • A. Manage the AMI mappings in the CloudFormation template. Use Amazon CloudWatch Events for detecting new AMIs and updating the mapping in the template. Reference the map in the launch configuration resource block.
  • B. Use conditions in the AWS CloudFormation template to check if new AMIs are available and return the AMI ID. Reference the returned AMI ID in the launch configuration resource block.
  • C. Use an AWS Lambda-backed custom resource in the template to fetch the AMI IDs. Reference the returned AMI ID in the launch configuration resource block.
  • D. Launch an Amazon EC2 m4 small instance and run a script on it to check for new AMIs. If new AMIs are available, the script should update the launch configuration resource block with the new AMI ID.

Answer: C

Explanation:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/walkthrough-custom- resources-lambda-lookup-amiids.html

 

NEW QUESTION 63
A DevOps Engineer is deploying a new web application. The company chooses AWS Elastic Beanstalk for deploying and managing the web application, and Amazon RDS MySQL to handle persistent data. The company requires that new deployments have minimal impact if they fail.
The application resources must be at full capacity during deployment, and rolling back a deployment must also be possible.
Which deployment sequence will meet these requirements?

  • A. Deploy the application using Elastic Beanstalk, and include RDS MySQL as part of the environment.
    Use default Elastic Beanstalk behavior to deploy changes to the application, and let rolling updates deploy changes to the application.
  • B. Deploy the application using Elastic Beanstalk, and connect to an external RDS MySQL instance using Elastic Beanstalk environment properties. Use Elastic Beanstalk immutable updates for application deployments.
  • C. Deploy the application using Elastic Beanstalk, and include RDS MySQL as part of the environment.
    Use Elastic Beanstalk immutable updates for application deployments.
  • D. Deploy the application using Elastic Beanstalk and connect to an external RDS MySQL instance using Elastic Beanstalk environment properties. Use Elastic Beanstalk features for a blue/green deployment to deploy the new release to a separate environment, and then swap the CNAME in the two environments to redirect traffic to the new version.

Answer: D

 

NEW QUESTION 64
......

Prepare for your Amazon certification with the updated TestKingsIT DOP-C01 exam questions: https://drive.google.com/open?id=1gLSSV1DPPtluMmdacJ2YNJ4npwOtIcF6

Get Latest DOP-C01 Dumps Exam Questions in here: https://www.testkingit.com/Amazon/latest-DOP-C01-exam-dumps.html

Related Blogs

more
Amazon DOP-C01 Certification Practice Exam