Amazon DOP-C01 AWS Certified DevOps Engineer - Professional Exam Exam Practice Test Questions

• Question 1

  A company wants to automatically re-create its infrastructure using AWS CloudFormation as part of the company's quality assurance (QA) pipeline. For each QA run, a new VPC must be created in a single account, resources must be deployed into the VPC, and tests must be run against this new infrastructure. The company policy states that all VPCs must be peered with a central management VPC to allow centralized logging. The company has existing CloudFormation templates to deploy its VPC and associated resources.Which combination of steps will achieve the goal in a way that is automated and repeatable? (Choose two.)

  • Create an AWS Lambda function that is invoked by an Amazon CloudWatch Events rule when a CreateVpcPeeringConnection API call is made. The Lambda function should check the source of the peering request, accepts the request, and update the route tables for the management VPC to allow traffic to go over the peering connection.
  • In the CloudFormation template:Invoke a custom resource to generate unique VPC CIDR ranges for the VPC and subnets.Create a peering connection to the management VPC.Update route tables to allow traffic to the management VPC.
  • In the CloudFormation template:Use the Fn::Cidr function to allocate an unused CIDR range for the VPC and subnets.Create a peering connection to the management VPC.Update route tables to allow traffic to the management VPC.
  • Modify the CloudFormation template to include a mappings object that includes a list of /16 CIDR ranges for each account where the stack will be deployed.
  • Use CloudFormation StackSets to deploy the VPC and associated resources to multiple AWS accounts using a custom resource to allocate unique CIDR ranges. Create peering connections from each VPC to the central management VPC and accept those connections in the management VPC.

  Show Answer Answer: 2, 4 Next

• Question 2

  An ecommerce company is running an application on AWS. The company wants to create a standby disaster recovery solution in an additional Region that keeps the current application code. The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an EC2 Auto Scaling group across multiple Availability Zones. The database layer is hosted on an Amazon RDS MySQL Multi-AZ DB instance. Amazon Route 53 DNS records point to the ALB.Which combination of actions will meet these requirements with the LOWEST cost? (Select THREE.)

  • Configure a failover routing policy for the application DNS entry.
  • Configure a geolocation routing policy for the application DNS entry.
  • Create a cross-Region RDS read replica in the new standby Region.
  • Migrate the database layer to Amazon DynamoDB and enable global replication to the new standby Region.
  • Provision the ALB and Auto Scaling group in the new standby Region and set the desired capacity to match the active Region.
  • Provision the ALB and Auto Scaling group in the new standby Region and set the desired capacity to 1.

  Show Answer Answer: 1, 5, 6 Next

• Question 3

  A DevOps Engineer is responsible for the deployment of a PHP application. The Engineer is working in a hybrid deployment, with the application running on both on-premises servers and Amazon EC2 instances. The application needs access to a database containing highly confidential information. Application instances need access to database credentials, which must be encrypted at rest and in transit before reaching the instances. How should the Engineer automate the deployment process while also meeting the security requirements?

  • Use AWS Elastic Beanstalk with a PHP platform configuration to deploy application packages to the instances. Store database credentials on AWS Systems Manager Parameter Store using the Secure String data type. Define an IAM role for Amazon EC2 allowing access, and decrypt only the database credentials. Associate this role to all the instances.
  • Use AWS CodeDeploy to deploy application packages to the instances. Store database credentials on AWS Systems Manager Parameter Store using the Secure String data type. Define an IAM policy for allowing access, and decrypt only the database credentials. Attach the IAM policy to the role associated to the instance profile for CodeDeploy-managed instances, and to the role used for on-premises instances registration on CodeDeploy.
  • Use AWS CodeDeploy to deploy application packages to the instances. Store database credentials on AWS Systems Manager Parameter Store using the Secure String data type. Define an IAM role with an attached policy that allows decryption of the database credentials. Associate this role to all the instances and on-premises servers.
  • Use AWS CodeDeploy to deploy application packages to the instances. Store database credentials in the AppSpec file. Define an IAM policy for allowing access to only the database credentials. Attach the IAM policy to the role associated to the instance profile for CodeDeploy-managed instances and the role used for on-premises instances registration on CodeDeploy

  Show Answer Answer: 2 Next

• Question 4

  Your application stores sensitive information on an EBS volume attached to your EC2 instance. How can you protect your information? Choose two answers from the options given below

  • Unmount the EBS volume, take a snapshot and encrypt the snapshot. Re-mount the Amazon EBS volume
  • It is not possible to encrypt an EBS volume, you must use a lifecycle policy to transfer data to S3 for encryption.
  • Copy the unencrypted snapshot and check the box to encrypt the new snapshot. Volumes restored from this encrypted snapshot will also be encrypted.
  • Create and mount a new, encrypted Amazon EBS volume. Move the data to the new volume. Delete the old Amazon EBS volume *t

  Show Answer Answer: 3, 4 Next

• Question 5

  A company has thousands of Amazon EC2 instances as well as hundreds of virtual machines on-premises. Developers routinely sign in to the console for on-premises systems to perform troubleshooting. The developers want to sign in to AWS instances to run performance tools, but are unable to due to the lack of a central console logging system. A DevOps engineer wants to ensure that console access is logged on all systems.Which combination of steps will meet these requirements? (Select TWO.)

  • Attach a role to all AWS instances that contains the appropriate permissions. Create an AWS Systems Manager managed-instance activation. Install and configure Systems Manager Agent on on-premises machines.
  • Enable AWS Systems Manager Session Manager logging to an Amazon S3 bucket. Direct developers to connect to the systems with Session Manager only.
  • Enable AWS Systems Manager Session Manager logging to AWS CloudTrail. Direct developers to continue normal sign-in procedures for on-premises. Use Session Manager for AWS instances.
  • Install and configure an Amazon CloudWatch Logs agent on all systems. Create an AWS Systems Manager managed-instance activation.
  • Set up a Site-to-Site VPN connection between the on-premises and AWS networks. Set up a bastion instance to allow developers to sign in to the AWS instances.

  Show Answer Answer: 1, 2 Next