Amazon DOP-C01 Exam Practice Test Instant Access

Question 1

A company uses AWS Organizations lo manage multiple accounts. Information security policies require that all unencrypted Amazon EBS volumes be marked as non-compliant. A DevOps engineer needs to automatically deploy the solution and ensure that this compliance check is always present.

Which solution will accomplish this?

ACreate an AWS CloudFormation template that defines an AWS Inspector rule to check whether EBS encryption is enabled. Save the template to an Amazon S3 bucket that has been shared with all accounts within the company. Update the account creation script pointing to the CloudFormation template in Amazon S3.

BCreate an AWS Config organizational rule lo check whether EBS encryption is enabled and deploy the rule using the AWS CLI. Create and apply an SCP lo prohibit slopping and deleting AWS Config across the organization.

CCreate an SCP in Organizations. Set the policy to prevent the launch of Amazon EC2 instances without encryption on the EBS volumes using a conditional expression Apply the SCP to all AWS accounts. Use Amazon Athena to analyze the AWS CloudTrail output, looking for events that deny an ec2: Run instances action.

DDeploy an IAM role to all accounts from a single trusted account. Build a pipeline with AWS CodePipeline with a stage m AWS Lambda to assume (he IAM role, and list all EBS volumes in the account Publish a report to Amazon S3.

Answer : A

Question 2

A DevOps engineer needs to back up sensitive Amazon S3 objects that are stored within an S3 bucket with a private bucket policy using S3 cross-Region replication functionality. The objects need to be copied to a target bucket In a different AWS Region and account.

Which combination of actions should be performed to enable this replication? (Select THREE.)

ACreate a replication IAM role in the source account.

BCreate a replication IAM role in the target account.

CAdd statements to the source bucket policy allowing the replication IAM role to replicate objects

DAdd statements to the target bucket policy allowing the replication IAM role to replicate objects.

ECreate a replication rule in the source bucket to enable the replication.

FCreate a replication rule in the target bucket to enable the replication

Answer : B, E

Question 3

A company develops and maintains a web application using Amazon EC2 instances and an Amazon RDS for SQL Server DB instance in a single Availability Zone The resources need to run only when new deployments are being tested using AWS CodePipeline. Testing occurs one or more times a week and each test takes 2-3 hours to run. A DovOps engineer wants a solution that does not change the architecture components.

Which solution will meet these requirements in the MOST cost-effective manner?

AConvert the RDS database to an Amazon Aurora Serverless database Use an AWS Lambda function to start and stop the EC2 instances before and after tests

BPut the EC2 instances into an Auto Scaling group. Schedule scaling to run at the start of the deployment tests.

CReplace the EC2 instances with EC2 Spot Instances and the RDS database with an RDS Reserved Instance.

DSubscribe Amazon CloudWatch Events to CodePipeline to trigger AWS Systems Manager Automation documents that start and stop all EC2 and RDS instances before and after deployment tests.

Answer : A

Question 4

A company requires its internal business teams to launch resources through pre-approved AWS CloudFormation templates only. The security team requires automated monitoring when resources drift from their expected state.

Which strategy should be used to meet these requirements?

AAllow users to deploy Cloud Formation stacks using a CloudFormation service role only. Use CloudFormation drift detection to detect when resources have drifted from their expected state.

BAllow users to deploy CloudFormation stacks using a CloudFormation service role only. Use AWS Config rules to detect when resources have drifted from their expected state.

CAllow users to deploy CloudFormation stacks using AWS Service Catalog only Enforce the use of a launch constraint Use AWS Config rules to detect when resources have drifted from their expected state.

DAllow users to deploy CloudFormation stacks using AWS Service Catalog only Enforce the use of a template constraint Use Amazon EventBridge (Amazon CloudWatch Events) notifications to detect when resources have drifted from their expected state.

Answer : B

Question 5

A DevOps engineer is currently running a container-based workload on-premises The engineer wants to move the application to AWS, but needs to keep the on-premises solution active because not all APIs will move at the same time. The traffic between AWS and the on-premises network should be secure and encrypted at all times. Low management overload is also a requirement.

Which combination of actions will meet these criteria? (Select THREE.)

ACreate a Network Load Balancer and. for each service, create a listener that points to the correct set of containers either in AWS or on-premises.

BCreate an Application Load Balancer and, for each service, create a listener that points to the correct set of containers either in AWS or on-premises.

CHost the AWS containers in Amazon ECS with an EC2 launch type.

DHost the AWS containers in Amazon ECS with a Fargate launch type

EUse Amazon API Gateway to front the workload, and create a VPC link so API Gateway can forward API calls to the on-premises network through a VPN connection.

FUse Amazon API Gateway to front the workload, and set up public endpoints for the on-premises APIs so API Gateway can access them.

Answer : B, D, F

Please Wait...

Amazon DOP-C01 AWS Certified DevOps Engineer - Professional Exam Practice Test

Question 1

Question 2

Question 3

Question 4

Question 5

Please Wait...

Popular Vendors

Amazon DOP-C01 AWS Certified DevOps Engineer - Professional Exam Practice Test

Question 1

Question 2

Question 3

Question 4

Question 5