Amazon DOP-C01 Exam Practice Test Instant Access

Question 1

A DevOps engineer is currently running a container-based workload on-premises The engineer wants to move the application to AWS, but needs to keep the on-premises solution active because not all APIs will move at the same time. The traffic between AWS and the on-premises network should be secure and encrypted at all times. Low management overload is also a requirement.

Which combination of actions will meet these criteria? (Select THREE.)

ACreate a Network Load Balancer and. for each service, create a listener that points to the correct set of containers either in AWS or on-premises.

BCreate an Application Load Balancer and, for each service, create a listener that points to the correct set of containers either in AWS or on-premises.

CHost the AWS containers in Amazon ECS with an EC2 launch type.

DHost the AWS containers in Amazon ECS with a Fargate launch type

EUse Amazon API Gateway to front the workload, and create a VPC link so API Gateway can forward API calls to the on-premises network through a VPN connection.

FUse Amazon API Gateway to front the workload, and set up public endpoints for the on-premises APIs so API Gateway can access them.

Answer : B, D, F

Question 2

A company requires its internal business teams to launch resources through pre-approved AWS CloudFormation templates only. The security team requires automated monitoring when resources drift from their expected state.

Which strategy should be used to meet these requirements?

AAllow users to deploy Cloud Formation stacks using a CloudFormation service role only. Use CloudFormation drift detection to detect when resources have drifted from their expected state.

BAllow users to deploy CloudFormation stacks using a CloudFormation service role only. Use AWS Config rules to detect when resources have drifted from their expected state.

CAllow users to deploy CloudFormation stacks using AWS Service Catalog only Enforce the use of a launch constraint Use AWS Config rules to detect when resources have drifted from their expected state.

DAllow users to deploy CloudFormation stacks using AWS Service Catalog only Enforce the use of a template constraint Use Amazon EventBridge (Amazon CloudWatch Events) notifications to detect when resources have drifted from their expected state.

Answer : B

Question 3

A company develops and maintains a web application using Amazon EC2 instances and an Amazon RDS for SQL Server DB instance in a single Availability Zone The resources need to run only when new deployments are being tested using AWS CodePipeline. Testing occurs one or more times a week and each test takes 2-3 hours to run. A DovOps engineer wants a solution that does not change the architecture components.

Which solution will meet these requirements in the MOST cost-effective manner?

AConvert the RDS database to an Amazon Aurora Serverless database Use an AWS Lambda function to start and stop the EC2 instances before and after tests

BPut the EC2 instances into an Auto Scaling group. Schedule scaling to run at the start of the deployment tests.

CReplace the EC2 instances with EC2 Spot Instances and the RDS database with an RDS Reserved Instance.

DSubscribe Amazon CloudWatch Events to CodePipeline to trigger AWS Systems Manager Automation documents that start and stop all EC2 and RDS instances before and after deployment tests.

Answer : A

Question 4

A DevOps engineer needs to back up sensitive Amazon S3 objects that are stored within an S3 bucket with a private bucket policy using S3 cross-Region replication functionality. The objects need to be copied to a target bucket In a different AWS Region and account.

Which combination of actions should be performed to enable this replication? (Select THREE.)

ACreate a replication IAM role in the source account.

BCreate a replication IAM role in the target account.

CAdd statements to the source bucket policy allowing the replication IAM role to replicate objects

DAdd statements to the target bucket policy allowing the replication IAM role to replicate objects.

ECreate a replication rule in the source bucket to enable the replication.

FCreate a replication rule in the target bucket to enable the replication

Answer : B, E

Question 5

A company uses AWS Organizations lo manage multiple accounts. Information security policies require that all unencrypted Amazon EBS volumes be marked as non-compliant. A DevOps engineer needs to automatically deploy the solution and ensure that this compliance check is always present.

Which solution will accomplish this?

ACreate an AWS CloudFormation template that defines an AWS Inspector rule to check whether EBS encryption is enabled. Save the template to an Amazon S3 bucket that has been shared with all accounts within the company. Update the account creation script pointing to the CloudFormation template in Amazon S3.

BCreate an AWS Config organizational rule lo check whether EBS encryption is enabled and deploy the rule using the AWS CLI. Create and apply an SCP lo prohibit slopping and deleting AWS Config across the organization.

CCreate an SCP in Organizations. Set the policy to prevent the launch of Amazon EC2 instances without encryption on the EBS volumes using a conditional expression Apply the SCP to all AWS accounts. Use Amazon Athena to analyze the AWS CloudTrail output, looking for events that deny an ec2: Run instances action.

DDeploy an IAM role to all accounts from a single trusted account. Build a pipeline with AWS CodePipeline with a stage m AWS Lambda to assume (he IAM role, and list all EBS volumes in the account Publish a report to Amazon S3.

Answer : A

Question 6

A DevOps engineer is assisting with a multi-Region disaster recovery solution for a new application. The application consists of Amazon EC2 instances running in an Auto Scaling group and an Amazon Aurora MySQL DB cluster. The application must be available with an RTO of 120 minutes and an RPO of 60 minutes.

What is the MOST cost-effective way to meet these requirements?

ALaunch an Aurora DB cluster as an Aurora Replica in a different Region. Create an AWS CloudFormation template for all compute resources and create a stack in two Regions. Write a script that promotes the Aurora Replica to the primary instance in the event of a failure.

BLaunch an Aurora DB cluster as an Aurora Replica in a different Region and configure automatic cross-Region failover. Create an AWS CloudFormation template that includes an Auto Scaling group, and create a stack in two Regions. Write a script that updates the CloudFormation stack in the disaster recovery Region to increase the number of instances.

CUse AWS Lambda to create and copy a snapshot of the Aurora DB cluster to the destination Region hourly. Create an AWS CloudFormation template that includes an Auto Scaling group, and create a stack in two Regions. Restore the Aurora DB cluster from a snapshot and update the Auto Scaling group to start launching instances.

DConfigure Amazon DynamoDB cross-Region replication. Create an AWS CloudFormation template that includes an Auto Scaling group, and create a stack in two Regions. Write a script that will update the CloudFormation stack in the disaster recovery Region and promote the DynamoDB replica to the primary instance in the event of a failure.

Answer : D

Question 7

A DevOps engineer notices that all Amazon EC2 instances running behind an Application Load Balancer in an Auto Scaling group are failing to respond to user requests. The EC2 instances are also failing target group HTTP health checks.

Upon inspection, the engineer notices the application process was not running in any EC2 instances. There are a significant number of out of memory messages in the system logs. The engineer needs to improve the resilience of the application to cope with a potential application memory leak. Monitoring and notifications should be enabled to alert when there is an issue.

Which combination of actions will meet these requirements? {Select TWO.)

AChange the Auto Scaling configuration to replace the instances when they fail the load balancer's health checks.

BChange the target group health check HealthChecklntervalSeconds parameter to reduce the interval between health checks.

CChange the target group health checks from HTTP to TCP to check if the port where the application is listening is reachable.

DEnable the available memory consumption metric within the Amazon CloudWatch dashboard for the entire Auto Scaling group. Create an alarm when the memory utilization is high. Associate an E. Amazon SNS topic to the alarm to receive notifications when the alarm goes off.

EUse the Amazon CloudWatch agent to collect the memory utilization of the EC2 instances in the Auto Scaling group. Create an alarm when the memory utilization is high and associate an Amazon SNS topic to receive a notification.