• Home
  • Articles
  • Download DOP-C01 Dumps (2023) - Free PDF Exam Demo [Q150-Q169]

Download DOP-C01 Dumps (2023) - Free PDF Exam Demo [Q150-Q169]

Share

Download DOP-C01 Dumps (2023) - Free PDF Exam Demo

Enhance your career with DOP-C01 PDF Dumps - True Amazon Exam Questions

NEW QUESTION # 150
You have enabled Elastic Load Balancing HTTP health checking. After looking at the AWS Management Console, you see that all instances are passing health checks, but your customers are reporting that your site is not responding.
What is the cause?

  • A. The health check in place is not sufficiently evaluating the application function.
  • B. The HTTP health checking system is misreporting due to latency in inter-instance metadata synchronization.
  • C. The application is returning a positive health check too quickly for the AWS Management Console to respond.
  • D. Latency in DNS resolution is interfering with Amazon EC2 metadata retrieval.

Answer: A


NEW QUESTION # 151
The management team at a company with a large on-premises OpenStack environment wants to move non-production workloads to AWS. An AWS Direct Connect connection has been provisioned and configured to connect the environments. Due to contractual obligations, the production workloads must remain on-premises, and will be moved to AWS after the next contract negotiation. The company follows Center for Internet Security (CIS) standards for hardening images; this configuration was developed using the company's configuration management system.
Which solution will automatically create an identical image in the AWS environment without significant overhead?

  • A. Write an AWS CloudFormation template that will create an Amazon EC2 instance. Use cloud-unit to install the configuration management agent, use cfn-wait to wait for configuration management to successfully apply, and use an AWS Lambda-backed custom resource to create the AMI.
  • B. Log in to the console, launch an Amazon EC2 instance, and install the configuration management agent. When changes are applied through the configuration management system, log in to the console and create a new AMI from the instance.
  • C. When a change is made in the configuration management system, a job in Jenkins is triggered to use the VM Import command to create an Amazon EC2 instance in the Amazon VPC. Use lifecycle hooks to launch an AWS Lambda function to create the AMI.
  • D. Create a new AWS OpsWorks layer and mirror the image hardening standards. Use this layer as the baseline for all AWS workloads.

Answer: C

Explanation:
https://www.brad-x.com/2015/10/01/importing-an-openstack-vm-into-amazon-ec2/
https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-instance-import.html


NEW QUESTION # 152
A DevOps Engineer discovered a sudden spike in a website's page load times and found that a recent deployment occurred. A brief diff of the related commit shows that the URL for an external API call was altered and the connecting port changed from 80 to 443. The external API has been verified and works outside the application. The application logs show that the connection is now timing out, resulting in multiple retries and eventual failure of the call. Which debug steps should the Engineer take to determine the root cause of the issue?

  • A. Check the egress security group rules and network ACLs for the VPC. Also check the VPC flow logs looking for accepts originating from the web Auto Scaling group.
  • B. Check the existing egress security group rules and network ACLs for the VPC. Also check the application logs being written to Amazon CloudWatch Logs for debug information.
  • C. Check the VPC Flow Logs looking for denies originating from Amazon EC2 instances that are part of the web Auto Scaling group. Check the ingress security group rules and routing rules for the VPC.
  • D. Check the application logs being written to Amazon CloudWatch Logs for debug information. Check the ingress security group rules and routing rules for the VPC.

Answer: A


NEW QUESTION # 153
Which service should an organization use if it requires an easily managed and scalable platform to host its web
application running on Nginx?

  • A. AWS Elastic Beanstalk
  • B. Auto Scaling
  • C. Elastic Load Balancing
  • D. AWS Lambda

Answer: A


NEW QUESTION # 154
For AWS Auto Scaling, what is the first transition state a new instance enters after leaving steady state when scaling out due to increased load?

  • A. EnteringStandby
  • B. Pending
  • C. Terminating:Wait
  • D. Detaching

Answer: B

Explanation:
When a scale out event occurs, the Auto Scaling group launches the required number of EC2 instances, using its assigned launch configuration. These instances start in the Pending state.
If you add a lifecycle hook to your Auto Scaling group, you can perform a custom action here.
For more information, see Lifecycle Hooks.
http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/AutoScalingGroupLifecycle.html


NEW QUESTION # 155
You are using a configuration management system to manage your Amazon EC2 instances.
On your Amazon EC2 Instances, you want to store credentials for connecting to an Amazon RDS DB instance.
How should you securely store these credentials?

  • A. Store your credentials in your version control system, in plaintext.
    Check out a copy of your credentials from the version control system on boot.
    Use Amazon EBS encryption on the volume storing the Amazon RDS DB credentials.
  • B. Give the Amazon EC2 instances an IAM role that allows read access to a private Amazon S3 bucket.
    Store a file with database credentials in the Amazon S3 bucket.
    Have your configuration management system pull the file from the bucket when it is needed.
  • C. Assign an IAM role to your Amazon RDS instance, and use this IAM role to access the Amazon RDS DB from your Amazon EC2 instances.
  • D. Launch an Amazon EC2 instance and use the configuration management system to bootstrap the instance with the Amazon RDS DB credentials.
    Create an AMI from this instance.
  • E. Store the Amazon RDS DB credentials in Amazon EC2 user data.
    Import the credentials into the Instance on boot.

Answer: B


NEW QUESTION # 156
Which of the following is false when it comes to using the Elastic Load balancer with Opsworks stacks?

  • A. Eachload balancer can handle only one layer.
  • B. A Classic Load Balancer can span across AWSOpsWorks Stacks layers.
  • C. Youcan attach only one load balancer to a layer.
  • D. Youneed to create the load balancer before hand and then attach it to the Opsworkstack.

Answer: B

Explanation:
Explanation
The AWS Documentation mentions the following
To use Clastic Load Balancing with a stack, you must first create one or more load balancers in the same region by using the Clastic Load Balancing console, CLI, or API. You should be aware of the following:
You can attach only one load balancer to a layer.
Cach load balancer can handle only one layer.
AWS
OpsWorks Stacks does not support Application Load Balancer. You can only use Classic Load Balancer with AWS OpsWorks Stacks. For more information on Clastic Load Balancer with Opswork, please visit the below url http://docs.aws.a mazon.com/opsworks/latest/userguide/layers-elb.html


NEW QUESTION # 157
A mobile application running on eight Amazon EC2 instances is relying on a third-party API endpoint. The third-party service has a high failure rate because of limited capacity, which is expected to be resolved in a few weeks.
In the meantime, the mobile application developers have added a retry mechanism and are logging failed API requests. A DevOps Engineer must automate the monitoring of application logs and count the specific error messages; if there are more than 10 errors within a 1-minute window, the system must issue an alert.
How can the requirements be met with MINIMAL management overhead?

  • A. Install the Amazon CloudWatch Logs agent on all instances to push the access logs to CloudWatch Logs. Create CloudWatch Events rule to count the error messages every minute, and trigger a CloudWatch alarm if the count exceeds 10 errors.
  • B. Install the Amazon CloudWatch Logs agent on all instances to push the application logs to CloudWatchLogs. Use a metric filter to generate a custom CloudWatch metric that records the number of failures and triggers a CloudWatch alarm if the custom metric reaches 10 errors in a 1- minute period.
  • C. Install the Amazon CloudWatch Logs agent on all instances to push the application logs to CloudWatch Logs. Use metric filters to count the error messages every minute, and trigger a CloudWatch alarm if the count exceeds 10 errors.
  • D. Deploy a custom script on all instances to check application logs regularly in a cron job. Count the number of error messages every minute, and push a data point to a custom. CloudWatch metric.
    Trigger a CloudWatch alarm if the custom metric reaches 10 errors in a 1-minute period.

Answer: B


NEW QUESTION # 158
According to Information Security Policy, changes to the contents of objects inside production Amazon S3 bucket that contain encrypted secrets should only be made by a trusted group of administrators. How should a DevOps Engineer create real-time, automated checks to meet this requirement?

  • A. Create a periodic AWS Config rule to query Amazon S3 Logs for changes and to check the IAM user's membership in an administrator's IAM role.
  • B. Create a periodic AWS Config rule to query AWS CloudTrail logs for changes to the Amazon S3 bucket-level permissions and to check the IAM user's membership in an administrator's IAM role.
  • C. Create a metrics filter for Amazon CloudWatch logs to check for Amazon S3 bucket-level permission changes and to check the IAM user's membership in an administrator's IAM role.
  • D. Create an AWS Lambda function that is triggered by Amazon S3 data events for object changes and that also checks the IAM user's membership in an administrator's IAM role.

Answer: D


NEW QUESTION # 159
Customers have recently been complaining that your web application has randomly stopped responding.
During a deep dive of your logs, the team has discovered a major bug in your new Java web application.
This bug is causing a memory leak that eventually causes the application to crash.
Your web application runs on Amazon EC2 and was built with AWS CloudFormation.
Which techniques should you use to help detect these problems faster, as well as help eliminate the server's unresponsiveness? Choose 2 answers

  • A. Update your AWS CloudFormation configuration to take advantage of CloudWatch metrics Agent.
    Configure the CloudWatch Metrics Agent to monitor memory usage and trigger an Amazon SNS alarm.
  • B. Update your CloudWatch metric granularity config for all Amazon EC2 memory metrics to support five- second granularity.
    Create a CloudWatch alarm that triggers an Amazon SNS notification to page your team when the application memory becomes too large.
  • C. Update your AWS CloudFormation configuration and enable a CustomResource that uses cfn- signal to detect memory leaks.
  • D. Create a custom CloudWatch metric that you push your JVM memory usage to.
    Create a Cloudwatch alarm that triggers an Amazon SNS notification to page your team when the application memory usage becomes too large.
  • E. Update your AWS CloudFormation configuration to take advantage of Auto Scaling groups.
    Configure an Auto Scaling group policy to trigger off your custom CloudWatch metrics.

Answer: D,E


NEW QUESTION # 160
A DevOps Engineer is working with an application deployed to 12 Amazon EC2 instances across 3 Availability Zones. New instances can be started from an AMI image. On a typical day, each EC2 instance has
30% utilization during business hours and 10% utilization after business hours. The CPU utilization has an immediate spike in the first few minutes of business hours. Other increases in CPU utilization rise gradually.
The Engineer has been asked to reduce costs while retaining the same or higher reliability.
Which solution meets these requirements?

  • A. Create an EC2 Auto Scaling group using the AMI image, with a scaling action based on the Auto Scaling group's CPU Utilization average with a target of 75%. Create a scheduled action to terminate nine instances each evening after the close of business.
  • B. Create two Amazon CloudWatch Events rules with schedules before and after business hours begin and end. Create two AWS Lambda functions, one invoked by each rule. The first function should stop nine instances after business hours end, the second function should restart the nine instances before the business day begins.
  • C. Create an Amazon EC2 Auto Scaling group using the AMI image, with a scaling action based on the Auto Scaling group's CPU Utilization average with a target of 75%. Create a scheduled action for the group to adjust the minimum number of instances to three after business hours end and reset to six before business hours begin.
  • D. Create two Amazon CloudWatch Events rules with schedules before and after business hours begin and end. Create an AWS CloudFormation stack, which creates an EC2 Auto Scaling group, with a parameter for the number of instances. Invoke the stack from each rule, passing a parameter value of three in the morning, and six in the evening.

Answer: C


NEW QUESTION # 161
Which answer is the proper syntax for specifying two target hosts on the command line when running an Ansible Playbook?

  • A. ansible-playbook -i host1.example.com playbook.yml
  • B. ansible-playbook -i host1.example.com,host2.example.com playbook.yml
  • C. ansible-playbook -h host1.example.com,host2.example.com playbook.yml
  • D. ansible-playbook -h host1.example.com -i all playbook.yml

Answer: B

Explanation:
Ansible uses the `-i' flag for accepting an inventory file or host. To allow Ansible to determine if you are passing a host list versus an inventory file the list must be comma separated. If a single host is specified, a trailing comma must be present.
Reference: http://docs.ansible.com/ansible/intro_inventory.html#inventory


NEW QUESTION # 162
You are a Devops Engineer for your company. You are responsible for creating Cloudformation templates for your company. There is a requirement to ensure that an S3 bucket is created for all resources in development for logging purposes. How would you achieve this?

  • A. Createseparate Cloudformation templates for Development and production.
  • B. Createa parameter in the Cloudformation template and then use the Condition clause inthe template to create an S3 bucket if the parameter has a value of development
  • C. Createan S3 bucket from before and then just provide access based on the tag valuementioned in the Cloudformation template
  • D. Usethe metadata section in the Cloudformation template to decide on whether tocreate the S3 bucket or not.

Answer: B

Explanation:
Explanation
The AWS Documentation mentions the following
You might use conditions when you want to reuse a template that can create resources in different contexts, such as a test environment versus a production environment In your template, you can add an CnvironmentType input parameter, which accepts either prod or test as inputs. For the production environment, you might include Amazon CC2 instances with certain capabilities; however, for the test environment, you want to use reduced capabilities to save money. With conditions, you can define which resources are created and how they're configured for each environment type.
For more information on Cloudformation conditions please visit the below url
* http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/cond
itions-section-structure.html


NEW QUESTION # 163
A defect was discovered in production and a new sprint item has been created for deploying a hotfix. However, any code change must go through the following steps before going into production:
- Scan the code for security breaches, such as password and access key
leaks.
- Run the code through extensive, long running unit tests.
Which source control strategy should a DevOps Engineer use in combination with AWS CodePipeline to complete this process?

  • A. Create a hotfix tag on the last commit of the master branch. Trigger the development pipeline from the hotfix tag. Use AWS CodeDeploy with Amazon ECS to do a content scan and run unit tests. Add a manual approval stage that merges the hotfix tag into the master branch.
  • B. Create a hotfix branch from the master branch. Triger the development pipeline from the hotfix branch.
    Use AWS CodeBuild to do a content scan and run unit tests. Add a manual approval stage that merges the hotfix branch into the master branch.
  • C. Create a hotfix branch from the master branch. Create a separate source stage for the hotfix branch in the production pipeline. Trigger the pipeline from the hotfix branch. Use AWS Lambda to do a content scan and use AWS CodeBuild to run unit tests. Add a manual approval stage that merges the hotfix branch into the master branch.
  • D. Create a hotfix branch from the master branch. Triger the development pipeline from the hotfix branch.
    Use AWS Lambda to do a content scan and run unit tests. Add a manual approval stage that merges the hotfix branch into the master branch.

Answer: B

Explanation:
We need to create a feature branch to test the fix and codebuild can do both the scan and unit tests.
https://docs.aws.amazon.com/codebuild/latest/userguide/how-to-create-pipeline.html#how-to- create-pipeline-add


NEW QUESTION # 164
You have implemented a system to automate deployments of your configuration and application dynamically after an Amazon EC2 instance in an Auto Scaling group is launched. Your system uses a configuration management tool that works in a standalone configuration, where there is no master node. Due to the volatility of application load, new instances must be brought into service within three minutes of the launch of the instance operating system. The deployment stages take the following times to complete:
1) Installing configuration management agent: 2mins
2) Configuring instance using artifacts: 4mins
3) Installing application framework: 15mins
4) Deploying application code: 1min
What process should you use to automate the deployment using this type of standalone agent configuration?

  • A. Builda custom Amazon Machine Image that includes the configuration management agentand application framework pre-installed.
    Configure your Auto Scaling launchconfiguration with an Amazon EC2 UserData script to pull configurationartifacts and application code from an Amazon S3 bucket, and then execute theagent to configure the system.
  • B. Createa web service that polls the Amazon EC2 API to check for new instances that arelaunched in an Auto Scaling group. When it recognizes a new instance, execute aremote script via SSH to install the agent, SCP the configuration artifacts andapplication code, and finally execute the agent to configure the system
  • C. Builda custom Amazon Machine Image that includes all components pre-installed,including an agent, configuration artifacts, application frameworks, and code.Create a startup script that executes the agent to configure the system onstartup. *t
  • D. Configureyour Auto Scaling launch configuration with an Amazon EC2 UserData script toinstall the agent, pull configuration artifacts and application code from anAmazon S3 bucket, and then execute the agent to configure the infrastructureand application.

Answer: C

Explanation:
Explanation
Since the new instances need to be brought up in 3 minutes, hence the best option is to pre-bake all the components into an AMI. If you try to user the User Data option, it will just take time, based on the time mentioned in the question to install and configure the various components.
For more information on AMI design please see the below link:
* https://aws.amazon.com/answers/configuration-management/aws-ami-design/


NEW QUESTION # 165
An education company has a Docker-based application running on multiple Amazon EC2 instances in an Amazon ECS cluster. When deploying a new version of the application, the Developer, pushes a new image to a private Docker container registry, and then stops and starts all tasks to ensure that they all have the latest version of the application. The Developer discovers that the new tasks are occasionally running with an old image.
How can this issue be prevented?

  • A. Use "latest" for the Docker image tag in the task definition.
  • B. Update the digest on the task definition when pushing the new image.
  • C. After pushing the new image, restart ECS Agent, and then start the tasks.
  • D. Use Amazon ECR for a Docker container registry.

Answer: B


NEW QUESTION # 166
An application is running on Amazon EC2. It has an attached IAM role that is receiving an AccessDenied error while trying to access a SecureString parameter resource in the AWS Systems Manager Parameter Store. The SecureString parameter is encrypted with a customer- managed Customer Master Key (CMK), What steps should the DevOps Engineer take to grant access to the role while granting least privilege? (Select three.)

  • A. Set kms:Decrypt for the instance role in the customer-managed CMK policy.
  • B. Set kms:GenerateDataKey for the user on the AWS managed SSM KMS key.
  • C. Set ssm:DecryptParameter for the parameter resource in the instance role IAM policy.
  • D. Set ssm:GetParamter for the parameter resource in the instance role's IAM policy.
  • E. Set kms:Decrypt for the customer-managed CMK resource in the role's IAM policy.
  • F. Set kms:Decrypt for the parameter resource in the customer-managed CMK policy.

Answer: A,D,F


NEW QUESTION # 167
Your development team use .Net to code their web application. They want to deploy it to AWS for the purpose
of continuous integration and deployment. The application code is hosted in a Git repository. Which of the
following combination of steps can be used to fulfil this requirement. Choose 2 answers from the options
given below

  • A. Usethe Elastic beanstalk service to provision an IIS platform web environment tohost the application.
  • B. Usethe Code Pipeline service to provision an IIS environment to host theapplication.
  • C. Usea chef recipe to deploy the code and attach it to the Elastic beanstalkenvironment.
  • D. Createa source bundle for the .Net code and upload it as an application revision.

Answer: A,D

Explanation:
Explanation
When you provision an environment using the Clastic beanstalk service, you can choose the IIS platform to
host the .Net based application as shown below.

You can also upload the application as a zip file and specify it as an application revision.
For more information on Elastic beanstalk and .Net environments, please refer to the below link:
http://docs^ws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_NCT.html


NEW QUESTION # 168
A company has developed an AWS Lambda function that handles orders received through an API. The company is using AWS CodeDeploy to deploy the Lambda function as the final stage of a CI/CD pipeline.
A DevOps Engineer has notices there are intermittent failures of the ordering API for a few seconds after deployment. After some investigation, the DevOps Engineer believes the failures are due to database changes not having fully propagated before the lambda function begins executing.
How should the DevOps Engineer overcome this?

  • A. Add a ValidateService hook to the AppSpec file that inspects incoming traffic and rejects the payload if dependent services such as the database are not yet ready
  • B. Add a BeforeInstall hook to the AppSpec file that tests and waits for any necessary database changes before deploying the new version of the Lambda function
  • C. Add an AfterAllowTraffic hook to the AppSpec file that forces traffic to wait for any pending database changes before allowing the new version of the Lambda function to respond
  • D. Add a BeforeAllowTraffic hook to the AppSpec file that tests and waits for any necessary database changes before traffic can flow to the new version of the Lambda function

Answer: D

Explanation:
https://docs.aws.amazon.com/codedeploy/latest/userguide/reference-appspec-file-structure- hooks.html#appspec-hooks-lambda


NEW QUESTION # 169
......

100% Free DOP-C01 Files For passing the exam Quickly: https://www.practicevce.com/Amazon/DOP-C01-practice-exam-dumps.html

New Download free DOP-C01 PDF for Amazon Practice Tests: https://drive.google.com/open?id=1AZgYrGEZTOsHwKGR2WNsFketlWYxGseJ

Related Articles

more
Amazon DOP-C01 Certification Practice Exam