Amazon DOP-C02 AWS Certified DevOps Engineer - Professional Exam Exam Practice Test Questions

• Question 1

  A company is using an AWS CodeBuild project to build and package an application. The packages are copied to a shared Amazon S3 bucket before being deployed across multiple AWS accounts.The buildspec.yml file contains the following:The DevOps engineer has noticed that anybody with an AWS account is able to download the artifacts.What steps should the DevOps engineer take to stop this?

  • Modify the post_build command to use --acl public-read and configure a bucket policy that grants read access to the relevant AWS accounts only.
  • Configure a default ACL for the S3 bucket that defines the set of authenticated users as the relevant AWS accounts only and grants read-only access.
  • Create an S3 bucket policy that grants read access to the relevant AWS accounts and denies read access to the principal “*”.
  • Modify the post_build command to remove --acl authenticated-read and configure a bucket policy that allows read access to the relevant AWS accounts only.

  Show Answer Answer: D Next

• Question 2

  A company provides an application to customers. The application has an Amazon API Gateway REST API that invokes an AWS Lambda function. On initialization, the Lambda function loads a large amount of data from an Amazon DynamoDB table. The data load process results in long cold-starttimes of 8-10 seconds. The DynamoDB table has DynamoDB Accelerator (DAX) configured. Customers report that the application intermittently takes a long time to respond to requests. The application receives thousands of requests throughout the day. In the middle of the day, the application experiences 10 times more requests than at any other time of the day. Near the end of the day, the application's request volume decreases to 10% of its normal total.A DevOps engineer needs to reduce the latency of the Lambda function at all times of the day. Which solution will meet these requirements?

  • Configure provisioned concurrency on the Lambda function with a concurrency value of 1. Delete the DAX cluster for the DynamoDB table.
  • Configure reserved concurrency on the Lambda function with a concurrency value of 0.
  • Configure provisioned concurrency on the Lambda function. Configure AWS Application Auto Scaling on the Lambda function with provisioned concurrency values set to a minimum of 1 and a maximum of 100.
  • Configure reserved concurrency on the Lambda function. Configure AWS Application Auto Scaling on the API Gateway API with a reserved concurrency maximum value of 100.

  Show Answer Answer: C Next

• Question 3

  A company has an application that runs on a fleet of Amazon EC2 instances. The application requires frequent restarts. The application logs contain error messages when a restart is required. The application logs are published to a log group in Amazon CloudWatch Logs.An Amazon CloudWatch alarm notifies an application engineer through an Amazon SimpleNotification Service (Amazon SNS) topic when the logs contain a large number of restart-related error messages. The application engineer manually restarts the application on the instances after the application engineer receives a notification from the SNS topic.A DevOps engineer needs to implement a solution to automate the application restart on the instances without restarting the instances.Which solution will meet these requirements in the MOST operationally efficient manner?

  • Configure an AWS Systems Manager Automation runbook that runs a script to restart the application on the instances. Configure the SNS topic to invoke the runbook.
  • Create an AWS Lambda function that restarts the application on the instances. Configure the Lambda function as an event destination of the SNS topic.
  • Configure an AWS Systems Manager Automation runbook that runs a script to restart the application on the instances. Create an AWS Lambda function to invoke the runbook. Configure the Lambda function as an event destination of the SNS topic.
  • Configure an AWS Systems Manager Automation runbook that runs a script to restart the application on the instances. Configure an Amazon EventBridge rule that reacts when the CloudWatch alarm enters ALARM state. Specify the runbook as a target of the rule.

  Show Answer Answer: B Next

• Question 4

  A DevOps engineer has automated a web service deployment by using AWS CodePipeline with the following steps:

  • An AWS CodeBuild project compiles the deployment artifact and runs unit tests.
  • An AWS CodeDeploy deployment group deploys the web service to Amazon EC2 instances in the staging environment.
  • A CodeDeploy deployment group deploys the web service to EC2 instances in the production environment.
  • The quality assurance (QA) team requests permission to inspect the build artifact before the deployment to the production environment occurs. The QA team wants to run an internal penetration testing tool to conduct manual tests. The tool will be invoked by a REST API call.
  • Which combination of actions should the DevOps engineer take to fulfill this request? (Choose two.)
  • Insert a manual approval action between the test actions and deployment actions of the pipeline.
  • Modify the buildspec.yml file for the compilation stage to require manual approval before completion.
  • Update the CodeDeploy deployment groups so that they require manual approval to proceed.
  • Update the pipeline to directly call the REST API for the penetration testing tool.
  • Update the pipeline to invoke an AWS Lambda function that calls the REST API for the penetration testing tool.

  Show Answer Answer: A, ,E Next

• Question 5

  A company has its AWS accounts in an organization in AWS Organizations. AWS Config is manually configured in each AWS account. The company needs to implement a solution to centrally configure AWS Config for all accounts in the organization The solution also must record resource changes to a central account.Which combination of actions should a DevOps engineer perform to meet these requirements? (Choose two.)

  • Configure a delegated administrator account for AWS Config. Enable trusted access for AWS Config in the organization.
  • Configure a delegated administrator account for AWS Config. Create a service-linked role for AWS Config in the organization’s management account.
  • Create an AWS CloudFormation template to create an AWS Config aggregator. Configure a CloudFormation stack set to deploy the template to all accounts in the organization.
  • Create an AWS Config organization aggregator in the organization's management account. Configure data collection from all AWS accounts in the organization and from all AWS Regions.
  • Create an AWS Config organization aggregator in the delegated administrator account. Configure data collection from all AWS accounts in the organization and from all AWS Regions.

  Show Answer Answer: B, ,D Next