ExamGecko
Search Search Login
Home Home / Amazon / DOP-C01

Amazon DOP-C01 Practice Test - Questions Answers, Page 34

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of these is not an instrinsic function in AWS CloudFormation?
After a daily scrum with your development teams, you've agreed that using Blue/Green style deployments would benefit the team. Which technique should you use to deliver this new requirement?
An application has microservices spread across different AWS accounts and is integrated with an on-premises legacy system for some of its functionality. Because of the segmented architecture and missing logs, every time the application experiences issues, it is taking too long to gather the logs to identify the issues. A DevOps Engineer must fix the log aggregation process and provide a way to centrally analyze the logs. Which is the MOST efficient and cost-effective solution?
For AWS Auto Scaling, what is the first transition state an existing instance enters after leaving steady state in Standby mode?
A DevOps Engineer must create a Linux AMI in an automated fashion. The newly created AMI identification must be stored in a location where other build pipelines can access the new identification programmatically What is the MOST cost-effective way to do this?
A company hosts parts of a Python-based application using AWS Elastic Beanstalk. An Elastic Beanstalk CLI is being used to create and update the environments. The Operations team detected an increase in requests in one of the Elastic Beanstalk environments that caused downtime overnight. The team noted that the policy used for AWS Auto Scaling is NetworkOut. Based on load testing metrics, the team determined that the application needs to scale CPU utilization to improve the resilience of the environments. The team wants to implement this across all environments automatically. Following AWS recommendations, how should this automation be implemented?
If you want CloudFormation stack status updates to show up in a continuous delivery system in as close to real time as possible, how should you achieve this?
A company updated the AWS CloudFormation template for a critical business application. The stack update process failed due to an error in the updated template, and AWS CloudFormation automatically began the stack rollback process. Later, a DevOps engineer discovered that the application was still unavailable and that the stack was in the UPDATE_ROLLBACK_FAILED state. Which combination of actions should the DevOps engineer perform so that the stack rollback can complete successfully? (Choose two.)
You have an application running on an Amazon EC2 instance and you are using IAM roles to securely access AWS Service APIs. How can you configure your application running on that instance to retrieve the API keys for use with the AWS SDKs?
A company has a web application that uses AWS Elastic Beanstalk, Amazon S3, and Amazon DynamoDB to develop a web application. The web application has increased dramatically in popularity, resulting in unpredictable spikes in traffic. A DevOps Engineer has noted that 90% of the requests are duplicate read requests to the DynamoDB table and the images stored in an S3 bucket. How can the Engineer improve the performance of the website?

Question 331

Report
Export
Collapse

You are building a mobile app for consumers to post cat pictures online. You will be storing the images in AWS S3. You want to run the system very cheaply and simply. Which one of these options allows you to build a photo sharing application without needing to worry about scaling expensive uploads processes, authentication/authorization and so forth?

A.
Build the application out using AWS Cognito and web identity federation to allow users to log in using Facebook or Google Accounts. Once they are logged in, the secret token passed to that user is used to directly access resources on AWS, like AWS S3.
A.
Build the application out using AWS Cognito and web identity federation to allow users to log in using Facebook or Google Accounts. Once they are logged in, the secret token passed to that user is used to directly access resources on AWS, like AWS S3.
Answers
B.
Use JWT or SAML compliant systems to build authorization policies. Users log in with a username and password, and are given a token they can use indefinitely to make calls against the photo infrastructure.
B.
Use JWT or SAML compliant systems to build authorization policies. Users log in with a username and password, and are given a token they can use indefinitely to make calls against the photo infrastructure.
Answers
C.
Use AWS API Gateway with a constantly rotating API Key to allow access from the client-side. Construct a custom build of the SDK and include S3 access in it.
C.
Use AWS API Gateway with a constantly rotating API Key to allow access from the client-side. Construct a custom build of the SDK and include S3 access in it.
Answers
D.
Create an AWS oAuth Service Domain ad grant public signup and access to the domain. During setup, add at least one major social media site as a trusted Identity Provider for users.
D.
Create an AWS oAuth Service Domain ad grant public signup and access to the domain. During setup, add at least one major social media site as a trusted Identity Provider for users.
Answers
Suggested answer: A

Explanation:

The short answer is that Amazon Cognito is a superset of the functionality provided by web identity federation. It supports the same providers, and you configure your app and authenticate with those providers in the same way. But Amazon Cognito includes a variety of additional features. For example, it enables your users to start using the app as a guest user and later sign in using one of the supported identity providers.

Reference:

https://blogs.aws.amazon.com/security/post/Tx3SYCORF5EKRC0/How-Does-Amazon-CognitoRelate-to-Existing-Web-Identity-Federatio

Question 332

Report
Export
Collapse

What option below is the geographic limit of an EC2 security group?

A.
Security groups are global.
A.
Security groups are global.
Answers
B.
They are confined to Placement Groups.
B.
They are confined to Placement Groups.
Answers
C.
They are confined to Regions.
C.
They are confined to Regions.
Answers
D.
They are confined to Availability Zones.
D.
They are confined to Availability Zones.
Answers
Suggested answer: C

Explanation:

A security group is tied to a region and can be assigned only to instances in the same region.

You can't enable an instance to communicate with an instance outside its region using security group rules. Traffic from an instance in another region is seen as WAN bandwidth.

Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resources.html

Question 333

Report
Export
Collapse

Your system automatically provisions EIPs to EC2 instances in a VPC on boot. The system provisions the whole VPC and stack at once. You have two of them per VPC. On your new AWS account, your attempt to create a Development environment failed, after successfully creating Staging and Production environments in the same region. What happened?

A.
You didn't choose the Development version of the AMI you are using.
A.
You didn't choose the Development version of the AMI you are using.
Answers
B.
You didn't set the Development flag to true when deploying EC2 instances.
B.
You didn't set the Development flag to true when deploying EC2 instances.
Answers
C.
You hit the soft limit of 5 EIPs per region and requested a 6th.
C.
You hit the soft limit of 5 EIPs per region and requested a 6th.
Answers
D.
You hit the soft limit of 2 VPCs per region and requested a 3rd.
D.
You hit the soft limit of 2 VPCs per region and requested a 3rd.
Answers
Suggested answer: C

Explanation:

There is a soft limit of 5 EIPs per Region for VPC on new accounts. The third environment could not allocate the 6th EIP.

Reference: http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_vpc

Question 334

Report
Export
Collapse

A company uses AWS KMS with CMKs and manual key rotation to meet regulatory compliance requirements. The security team wants to be notified when any keys have not been rotated after 90 days. Which solution will accomplish this?

A.
Configure AWS KMS to publish to an Amazon SNS topic when keys are more than 90 days old.
A.
Configure AWS KMS to publish to an Amazon SNS topic when keys are more than 90 days old.
Answers
B.
Configure an Amazon CloudWatch Events event to launch an AWS Lambda function to call the AWS Trusted Advisor API and publish to an Amazon SNS topic.
B.
Configure an Amazon CloudWatch Events event to launch an AWS Lambda function to call the AWS Trusted Advisor API and publish to an Amazon SNS topic.
Answers
C.
Develop an AWS Config custom rule that publishes to an Amazon SNS topic when keys are more than 90 days old.
C.
Develop an AWS Config custom rule that publishes to an Amazon SNS topic when keys are more than 90 days old.
Answers
D.
Configure AWS Security Hub to publish to an Amazon SNS topic when keys are more than 90 days old.
D.
Configure AWS Security Hub to publish to an Amazon SNS topic when keys are more than 90 days old.
Answers
Suggested answer: C

Question 335

Report
Export
Collapse

A company is testing a web application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The company uses a blue/green deployment process with immutable instances when deploying new software.

During testing, users are being automatically logged out of the application at random times. Testers also report that, when a new version of the application is deployed, all users are logged out. The Development team needs a solution to ensure users remain logged in across scaling events and application deployments. What is the MOST efficient way to ensure users remain logged in?

A.
Enable smart sessions on the load balancer and modify the application to check for an existing session.
A.
Enable smart sessions on the load balancer and modify the application to check for an existing session.
Answers
B.
Enable session sharing on the load balancer and modify the application to read from the session store.
B.
Enable session sharing on the load balancer and modify the application to read from the session store.
Answers
C.
Store user session information in an Amazon S3 bucket and modify the application to read session information from the bucket.
C.
Store user session information in an Amazon S3 bucket and modify the application to read session information from the bucket.
Answers
D.
Modify the application to store user session information in an Amazon ElastiCache cluster.
D.
Modify the application to store user session information in an Amazon ElastiCache cluster.
Answers
Suggested answer: D

Question 336

Report
Export
Collapse

When logging with Amazon CloudTrail, API call information for services with single end points is ____.

A.
captured and processed in the same region as to which the API call is made and delivered to the region associated with your Amazon S3 bucket
A.
captured and processed in the same region as to which the API call is made and delivered to the region associated with your Amazon S3 bucket
Answers
B.
captured, processed, and delivered to the region associated with your Amazon S3 bucket
B.
captured, processed, and delivered to the region associated with your Amazon S3 bucket
Answers
C.
captured in the same region as to which the API call is made and processed and delivered to the region associated with your Amazon S3 bucket
C.
captured in the same region as to which the API call is made and processed and delivered to the region associated with your Amazon S3 bucket
Answers
D.
captured in the region where the end point is located, processed in the region where the CloudTrail trail is configured, and delivered to the region associated with your Amazon S3 bucket
D.
captured in the region where the end point is located, processed in the region where the CloudTrail trail is configured, and delivered to the region associated with your Amazon S3 bucket
Answers
Suggested answer: D

Explanation:

When logging with Amazon CloudTrail, API call information for services with regional end points (EC2, RDS etc.) is captured and processed in the same region as to which the API call is made and delivered to the region associated with your Amazon S3 bucket. API call information for services with single end points (IAM, STS etc.) is captured in the region where the end point is located, processed in the region where the CloudTrail trail is configured, and delivered to the region associated with your Amazon S3 bucket.

Reference:

https://aws.amazon.com/cloudtrail/faqs/

Question 337

Report
Export
Collapse

Which of these techniques enables the fastest possible rollback times in the event of a failed deployment?

A.
Rolling; Immutable
A.
Rolling; Immutable
Answers
B.
Rolling; Mutable
B.
Rolling; Mutable
Answers
C.
Canary or A/B
C.
Canary or A/B
Answers
D.
Blue-Green
D.
Blue-Green
Answers
Suggested answer: D

Explanation:

AWS specifically recommends Blue-Green for super-fast, zero-downtime deploys - and thus rollbacks, which are redeploying old code. You use various strategies to migrate the traffic from your current application stack (blue) to a new version of the application (green). This is a popular technique for deploying applications with zero downtime.

Reference: https://d0.awsstatic.com/whitepapers/overview-of-deployment-options-onaws.pdf

Question 338

Report
Export
Collapse

Which difference between core modules and extra modules is not correct?

A.
Extra modules may one day become core modules
A.
Extra modules may one day become core modules
Answers
B.
Core modules are supported by the Ansible team
B.
Core modules are supported by the Ansible team
Answers
C.
Core modules are shipped by default with Ansible
C.
Core modules are shipped by default with Ansible
Answers
D.
Extra modules have no support
D.
Extra modules have no support
Answers
Suggested answer: D

Explanation:

While extra modules are not official modules and thus not supported by the Ansible team, they are indeed supported by their writers and the community.

Reference: http://docs.ansible.com/ansible/modules_extra.html

Question 339

Report
Export
Collapse

Which of these is not a reason a Multi-AZ RDS instance will failover?

A.
An Availability Zone outage
A.
An Availability Zone outage
Answers
B.
A manual failover of the DB instance was initiated using Reboot with failover
B.
A manual failover of the DB instance was initiated using Reboot with failover
Answers
C.
To autoscale to a higher instance class
C.
To autoscale to a higher instance class
Answers
D.
The primary DB instance fails
D.
The primary DB instance fails
Answers
Suggested answer: C

Explanation:

The primary DB instance switches over automatically to the standby replica if any of the > following conditions occur: An Availability Zone outage, the primary DB instance fails, the DB instance's server type is changed, the operating system of the DB instance is, undergoing software patching, a manual failover of the DB instance was initiated using Reboot with failover.

Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html

Question 340

Report
Export
Collapse

In DynamoDB, a secondary index is a data structure that contains a subset of attributes from a table, along with an alternate key to support ______ operations.

A.
None of the above
A.
None of the above
Answers
B.
Both
B.
Both
Answers
C.
Query
C.
Query
Answers
D.
Scan
D.
Scan
Answers
Suggested answer: C

Explanation:

In DynamoDB, a secondary index is a data structure that contains a subset of attributes from a table, along with an alternate key to support Query operations.

Total 557 questions
Go to page: of 56
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms