Download
1 / 8
90 likes | 96 Views
The DOP-C02 AWS DevOps Engineer Professional (AWS-DevOps) 2023 exam is a professional-level certification that validates your expertise in deploying, managing, and operating highly scalable, fault-tolerant, and secure systems on the AWS platform. It is designed for individuals who have experience in deploying and managing distributed applications and systems on the AWS platform using DevOps best practices. Preparing for the DOP-C02 AWS DevOps Engineer Professional exam requires a strong understanding of AWS cloud infrastructure, automation, and deployment.<br>https://www.certsgrade.com/
E N D
C E R T S GR A DE High Grade and Valuable Preparation Stuff High Grade and Valuable Preparation Stuff Amazon DOP-C02 AWS DevOps Engineer Professional (AWS-DevOps) Questions And Answers PDF Format: For More Information – Visit link below: https://www.certsgrade.com/ Version = Version = Product Visit us athttps://www.certsgrade.com/pdf/dop-c02/
Latest Version: 6.0 Question: 1 A DevOps engineer is currently running a container-based workload on-premises The engineer wants to move the application to AWS, but needs to keep the on-premises solution active because not all APIs will move at the same time. The traffic between AWS and the on-premises network should be secure and encrypted at all times. Low management overload is also a requirement. Which combination of actions will meet these criteria? (Select THREE.) Response: A.Create a Network Load Balancer and. for each service, create a listener that points to the correct set of containers either in AWS or on-premises. B.Host the AWS containers in Amazon ECS with a Fargate launch type C.Host the AWS containers in Amazon ECS with an EC2 launch type. D.Use Amazon API Gateway to front the workload, and create a VPC link so API Gateway can forward API calls to the on-premises network through a VPN connection. E.Create an Application Load Balancer and, for each service, create a listener that points to the correct set of containers either in AWS or on-premises. F.Use Amazon API Gateway to front the workload, and set up public endpoints for the on-premises APIs so API Gateway can access them. Answer: B,E,F Question: 2 A development team wants to set up an AWS CodeCommit repository. Developers should be able push changes to their own branches, but they should not be allowed to push commits or merge pull requests into the master branch. Additionally, whenever a commit or merge occurs into the master branch, the project manager needs to receive a notification. Which combination of steps will protect the master branch and send the alert with the shortest delay? (Select TWO.) Response: A.Attach an AWS IAM policy to the developer IAM group that denies the actions of pushing commits, merging pull requests, and adding files to the master branch. B.Attach a resource policy to the CodeCommit repository that denies members of the IAM developer group the actions of pushing commits, merging pull requests, and adding files to the master branch. C.Set up a an AWS Lambda function that runs every 15 minutes to check for repository changes and publishes a notification to an Amazon SNS topic. D.Set up an Amazon CloudWatch Events rule triggered by a CodeCommit Repository State Change event for the master branch and add an Amazon SNS topic as a target. Visit us athttps://www.certsgrade.com/pdf/dop-c02/
E.Configure AWS CloudTrail to send log events to Amazon CloudWatch Logs. Define a metric filter to identify repository events. Create a CloudWatch alarm with an Amazon SNS topic as a target. Answer: A,D Question: 3 A devops engineer has been asked to automate security compliance for a company. The company has developed custom AWS Config rules to detect non-compliant security configurations. When compliance issues are detected, the company wants issues to be automatically remediated and the security team to be notified over the internal security message channel. The message board has a REST interface that publishes the body of HTTPS POST requests over the channel. Which combination of steps would successfully meet these requirements in the MOST cost-effective way? (Select THREE.) Response: A.Create an Amazon CloudWatch Events rule that publishes configuration item change notifications to an Amazon SNS topic. B.Create an Amazon CloudWatch Events rule that publishes compliance change notifications to an Amazon SNS topic. C.Configure AWS Config to publish configuration item change notifications to an Amazon SNS topic. D.Create an Amazon API Gateway RESTful API with AWS integration to AWS Config. Subscribe the API to the Amazon SNS topic. E.Subscribe the message channel HTTPS endpoint to the Amazon SNS topic. F.Write an AWS Lambda function that addresses the non-compliant security configuration. Subscribe the function to the Amazon SNS topic. Answer: B,E,F Question: 4 A company is using AWS CodeBuild to build an application. Company policy requires all build artifacts to be encrypted at rest. The company must limit access to the artifacts to IAM users in an operations IAM group that have permission to assume an operations IAM role. Which solution will meet these requirements? Response: A.Add a post-build command to the CodeBuild build specification to push build objects to an Amazon S3 bucket. Set a bucket policy that prevents upload to the bucket unless the request includes the x- amzserver-side-encryption header. Add a Deny statement for all actions with a NotPrincipal element that references the operations IAM group. B.Add a post-build command to the CodeBuild build specification to push build objects to an Amazon S3 bucket. Configure an S3 event notification to invoke an AWS Lambda function to get the object, encrypt Visit us athttps://www.certsgrade.com/pdf/dop-c02/
the object, and put the object back into the S3 bucket with a tag key of Encrypted and a tag value of True. Set a bucket policy with a Deny statement for all actions with a NotPrincipal element that references the operations IAM group. Include in the policy a Condition element that references the Encrypted tag. C.Add a post-build command to the CodeBuild build specification to push build objects to an Amazon S3 bucket that has S3 default encryption enabled. Set a bucket policy that contains a Deny statement for all actions with a NotPrincipal element that references the operations IAM role. D.Add a post-build command to the CodeBuild build specification to call the AWS Key Management Service (AWS KMS) Encrypt API operation and pass the artifact to AWS KMS for encryption with a specified KMS key. Push the encrypted artifact to an Amazon S3 bucket. Set up the operations IAM group as the only user for the specified KMS key. Answer: C Question: 5 An operator is managing a legacy application on AWS. The application is a monolithic Microsoft Windows program running on a single Amazon EC2 instance. The source code for the application is not available, so the application cannot be modified. The application has a memory leak and malfunctions when memory utilization on the instance goes above 90%. The operator has configured the uniform Amazon CloudWatch agent on the EC2 instance to collect the memory utilization Performance Monitor counter. Which actions should the operator take to prevent the application from malfunctioning? (Select TWO.) Response: A.Create an Amazon CloudWatch Events event that publishes to an Amazon SNS topic when memory utilization goes above 80%. B.Create a metric filter on memory utilization in Amazon CloudWatch Logs. Create a CloudWatch alarm on the memory utilization filter that publishes to an Amazon SNS topic when the memory utilization goes above 80%. C.Create a CloudWatch alarm on the memory utilization metric that publishes to an Amazon SNS topic when the memory utilization goes above 80%. D.Subscribe an Amazon Lambda function to the Amazon SNS topic that restarts the application with an AWS Systems Manager Run Command. E.Subscribe the EC2 instance to the Amazon SNS topic and run a script that restarts the application. Answer: C,D Question: 6 As part of your continuous deployment process, your application undergoes an I/O load performance test before it is deployed to production using new AMIs. The application uses one Amazon EBS PIOPS volume per instance and requires consistent I/O performance. Visit us athttps://www.certsgrade.com/pdf/dop-c02/
Which of the following must be carried out to ensure that I/O load performance tests yield the correct results in a repeatable manner? Response: A.Ensure that the I/O block sizes for the test are randomly selected. B.Ensure that the Amazon EBS volumes have been pre-warmed by reading all the blocks before the test. C.Ensure that snapshots of the Amazon EBS volumes are created as a backup. D.Ensure that the Amazon EBS volume is encrypted. E.Ensure that the Amazon EBS volume has been pre-warmed by creating a snapshot of the volume before the test. Answer: B Question: 7 During metric analysis, your team has determined that the company’s website is experiencing response times during peak hours that are higher than anticipated. You currently rely on Auto Scaling to make sure that you are scaling your environment during peak windows. How can you improve your Auto Scaling policy to reduce this high response time? Choose 2 answers. Response: A.Push custom metrics to CloudWatch to monitor your CPU and network bandwidth from your servers, which will allow your Auto Scaling policy to have better fine-grain insight. B.Increase your Auto Scaling group’s number of max servers. C.Create a script that runs and monitors your servers; when it detects an anomaly in load, it posts to an Amazon SNS topic that triggers Elastic Load Balancing to add more servers to the load balancer. D.Push custom metrics to CloudWatch for your application that include more detailed information about your web application, such as how many requests it is handling and how many are waiting to be processed. E.Update the CloudWatch metric used for your Auto Scaling policy, and enable sub-minute granularity to allow auto scaling to trigger faster. Answer: B,D Question: 8 A company runs an application on Amazon EC2 instances that use the latest version of the Amazon Linux 2 AMI. When server administrators apply new security patches, the server administrators manually remove affected instances from service, patch the instances, and place the instances back into service. A new security policy requires the company to apply security patches within 7 days after patches are released. The company’s security team must verify that all the EC2 instances are compliant with this policy. The patching must occur during a time that has the least impact on users. Which solution will automate compliance with these requirements? Visit us athttps://www.certsgrade.com/pdf/dop-c02/
Response: A.Configure an AWS CodeBuild project to download and apply patches to all the instances over SSH. Use an Amazon EventBridge (Amazon CloudWatch Events) scheduled rule to run the CodeBuild project during a maintenance window. B.Use AWS Systems Manager Patch Manager to create a patch baseline. Create a script on the EC2 instances to use the AWS CLI to pull the latest patches from Patch Manager. Create a cron job to schedule the script to run during a maintenance window. C.Create a script to apply any available security patches. Create a cron job to schedule the script to run during a maintenance window. Install the script and cron job on the application AMI. Redeploy the application. D.Enlist all the EC2 instances in an AWS Systems Manager Patch Manager patch group. Use Patch Manager to create a patch baseline. Configure a maintenance window to apply the patch baseline. Answer: D Question: 9 You work for a startup that has developed a new photo-sharing application for mobile devices. Over recent months your application has increased in popularity; this has resulted in a decrease in the performance of the application due to the increased load. Your application has a two-tier architecture that is composed of an Auto Scaling PHP application tier and a MySQL RDS instance initially deployed with AWS CloudFormation. Your Auto Scaling group has a min value of 4 and a max value of 8. The desired capacity is now at 8 due to the high CPU utilization of the instances. After some analysis, you are confident that the performance issues stem from a constraint in CPU capacity, while memory utilization remains low. You therefore decide to move from the general-purpose M3 instances to the compute-optimized C3 instances. How would you deploy this change while minimizing any interruption to your end users? Response: A.Sign into the AWS Management Console, copy the old launch configuration, and create a new launch configuration that specifies the C3 instances. Update the Auto Scaling group with the new launch configuration. Auto Scaling will then update the instance type of all running instances B.Sign into the AWS Management Console and update the existing launch configuration with the new C3 instance type. Add an UpdatePolicy attribute to your Auto Scaling group that specifies an AutoScaling RollingUpdate. C.Update the launch configuration specified in the AWS CloudFormation template with the new C3 instance type. Run a stack update with the new template. Auto Scaling will then update the instances with the new instance type. D.Update the launch configuration specified in the AWS CloudFormation template with the new C3 instance type. Also add an UpdatePolicy attribute to your Auto Scaling group that specifies an AutoScalingRollingUpdate. Run a stack update with the new template. Answer: D Visit us athttps://www.certsgrade.com/pdf/dop-c02/
For More Information – Visit link below: http://www.certsgrade.com/ PRODUCT FEATURES 100% Money Back Guarantee 90 Days Free updates Special Discounts on Bulk Orders Guaranteed Success 50,000 Satisfied Customers 100% Secure Shopping Privacy Policy Refund Policy Discount Coupon Code: CERTSGRADE10 Visit us athttps://www.certsgrade.com/pdf/dop-c02/ Powered by TCPDF (www.tcpdf.org)
