ExamGecko
Login
Home / Amazon / DOP-C01 / List of questions
Ask Question

Amazon DOP-C01 Practice Test - Questions Answers, Page 34

List of questions

Question 331

Report
Export
Collapse

You are building a mobile app for consumers to post cat pictures online. You will be storing the images in AWS S3. You want to run the system very cheaply and simply. Which one of these options allows you to build a photo sharing application without needing to worry about scaling expensive uploads processes, authentication/authorization and so forth?

Build the application out using AWS Cognito and web identity federation to allow users to log in using Facebook or Google Accounts. Once they are logged in, the secret token passed to that user is used to directly access resources on AWS, like AWS S3.
Build the application out using AWS Cognito and web identity federation to allow users to log in using Facebook or Google Accounts. Once they are logged in, the secret token passed to that user is used to directly access resources on AWS, like AWS S3.
Use JWT or SAML compliant systems to build authorization policies. Users log in with a username and password, and are given a token they can use indefinitely to make calls against the photo infrastructure.
Use JWT or SAML compliant systems to build authorization policies. Users log in with a username and password, and are given a token they can use indefinitely to make calls against the photo infrastructure.
Use AWS API Gateway with a constantly rotating API Key to allow access from the client-side. Construct a custom build of the SDK and include S3 access in it.
Use AWS API Gateway with a constantly rotating API Key to allow access from the client-side. Construct a custom build of the SDK and include S3 access in it.
Create an AWS oAuth Service Domain ad grant public signup and access to the domain. During setup, add at least one major social media site as a trusted Identity Provider for users.
Create an AWS oAuth Service Domain ad grant public signup and access to the domain. During setup, add at least one major social media site as a trusted Identity Provider for users.
Suggested answer: A

Explanation:

The short answer is that Amazon Cognito is a superset of the functionality provided by web identity federation. It supports the same providers, and you configure your app and authenticate with those providers in the same way. But Amazon Cognito includes a variety of additional features. For example, it enables your users to start using the app as a guest user and later sign in using one of the supported identity providers.

Reference:

https://blogs.aws.amazon.com/security/post/Tx3SYCORF5EKRC0/How-Does-Amazon-CognitoRelate-to-Existing-Web-Identity-Federatio

asked 16/09/2024
Justin NJOCK
45 questions

Question 332

Report
Export
Collapse

What option below is the geographic limit of an EC2 security group?

Security groups are global.
Security groups are global.
They are confined to Placement Groups.
They are confined to Placement Groups.
They are confined to Regions.
They are confined to Regions.
They are confined to Availability Zones.
They are confined to Availability Zones.
Suggested answer: C

Explanation:

A security group is tied to a region and can be assigned only to instances in the same region.

You can't enable an instance to communicate with an instance outside its region using security group rules. Traffic from an instance in another region is seen as WAN bandwidth.

Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resources.html

asked 16/09/2024
nebaba monda
42 questions

Question 333

Report
Export
Collapse

Your system automatically provisions EIPs to EC2 instances in a VPC on boot. The system provisions the whole VPC and stack at once. You have two of them per VPC. On your new AWS account, your attempt to create a Development environment failed, after successfully creating Staging and Production environments in the same region. What happened?

You didn't choose the Development version of the AMI you are using.
You didn't choose the Development version of the AMI you are using.
You didn't set the Development flag to true when deploying EC2 instances.
You didn't set the Development flag to true when deploying EC2 instances.
You hit the soft limit of 5 EIPs per region and requested a 6th.
You hit the soft limit of 5 EIPs per region and requested a 6th.
You hit the soft limit of 2 VPCs per region and requested a 3rd.
You hit the soft limit of 2 VPCs per region and requested a 3rd.
Suggested answer: C

Explanation:

There is a soft limit of 5 EIPs per Region for VPC on new accounts. The third environment could not allocate the 6th EIP.

Reference: http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_vpc

asked 16/09/2024
Anthony Agbale
46 questions

Question 334

Report
Export
Collapse

A company uses AWS KMS with CMKs and manual key rotation to meet regulatory compliance requirements. The security team wants to be notified when any keys have not been rotated after 90 days. Which solution will accomplish this?

Configure AWS KMS to publish to an Amazon SNS topic when keys are more than 90 days old.
Configure AWS KMS to publish to an Amazon SNS topic when keys are more than 90 days old.
Configure an Amazon CloudWatch Events event to launch an AWS Lambda function to call the AWS Trusted Advisor API and publish to an Amazon SNS topic.
Configure an Amazon CloudWatch Events event to launch an AWS Lambda function to call the AWS Trusted Advisor API and publish to an Amazon SNS topic.
Develop an AWS Config custom rule that publishes to an Amazon SNS topic when keys are more than 90 days old.
Develop an AWS Config custom rule that publishes to an Amazon SNS topic when keys are more than 90 days old.
Configure AWS Security Hub to publish to an Amazon SNS topic when keys are more than 90 days old.
Configure AWS Security Hub to publish to an Amazon SNS topic when keys are more than 90 days old.
Suggested answer: C
asked 16/09/2024
107 gleann na ri charles
34 questions

Question 335

Report
Export
Collapse

A company is testing a web application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The company uses a blue/green deployment process with immutable instances when deploying new software.

During testing, users are being automatically logged out of the application at random times. Testers also report that, when a new version of the application is deployed, all users are logged out. The Development team needs a solution to ensure users remain logged in across scaling events and application deployments. What is the MOST efficient way to ensure users remain logged in?

Enable smart sessions on the load balancer and modify the application to check for an existing session.
Enable smart sessions on the load balancer and modify the application to check for an existing session.
Enable session sharing on the load balancer and modify the application to read from the session store.
Enable session sharing on the load balancer and modify the application to read from the session store.
Store user session information in an Amazon S3 bucket and modify the application to read session information from the bucket.
Store user session information in an Amazon S3 bucket and modify the application to read session information from the bucket.
Modify the application to store user session information in an Amazon ElastiCache cluster.
Modify the application to store user session information in an Amazon ElastiCache cluster.
Suggested answer: D
asked 16/09/2024
Areeluck Parnsoonthorn
38 questions

Question 336

Report
Export
Collapse

When logging with Amazon CloudTrail, API call information for services with single end points is ____.

captured and processed in the same region as to which the API call is made and delivered to the region associated with your Amazon S3 bucket
captured and processed in the same region as to which the API call is made and delivered to the region associated with your Amazon S3 bucket
captured, processed, and delivered to the region associated with your Amazon S3 bucket
captured, processed, and delivered to the region associated with your Amazon S3 bucket
captured in the same region as to which the API call is made and processed and delivered to the region associated with your Amazon S3 bucket
captured in the same region as to which the API call is made and processed and delivered to the region associated with your Amazon S3 bucket
captured in the region where the end point is located, processed in the region where the CloudTrail trail is configured, and delivered to the region associated with your Amazon S3 bucket
captured in the region where the end point is located, processed in the region where the CloudTrail trail is configured, and delivered to the region associated with your Amazon S3 bucket
Suggested answer: D

Explanation:

When logging with Amazon CloudTrail, API call information for services with regional end points (EC2, RDS etc.) is captured and processed in the same region as to which the API call is made and delivered to the region associated with your Amazon S3 bucket. API call information for services with single end points (IAM, STS etc.) is captured in the region where the end point is located, processed in the region where the CloudTrail trail is configured, and delivered to the region associated with your Amazon S3 bucket.

Reference:

https://aws.amazon.com/cloudtrail/faqs/

asked 16/09/2024
claudine Nguepnang
45 questions

Question 337

Report
Export
Collapse

Which of these techniques enables the fastest possible rollback times in the event of a failed deployment?

Rolling; Immutable
Rolling; Immutable
Rolling; Mutable
Rolling; Mutable
Canary or A/B
Canary or A/B
Blue-Green
Blue-Green
Suggested answer: D

Explanation:

AWS specifically recommends Blue-Green for super-fast, zero-downtime deploys - and thus rollbacks, which are redeploying old code. You use various strategies to migrate the traffic from your current application stack (blue) to a new version of the application (green). This is a popular technique for deploying applications with zero downtime.

Reference: https://d0.awsstatic.com/whitepapers/overview-of-deployment-options-onaws.pdf

asked 16/09/2024
Adugna Mehari
37 questions

Question 338

Report
Export
Collapse

Which difference between core modules and extra modules is not correct?

Extra modules may one day become core modules
Extra modules may one day become core modules
Core modules are supported by the Ansible team
Core modules are supported by the Ansible team
Core modules are shipped by default with Ansible
Core modules are shipped by default with Ansible
Extra modules have no support
Extra modules have no support
Suggested answer: D

Explanation:

While extra modules are not official modules and thus not supported by the Ansible team, they are indeed supported by their writers and the community.

Reference: http://docs.ansible.com/ansible/modules_extra.html

asked 16/09/2024
james james
33 questions

Question 339

Report
Export
Collapse

Which of these is not a reason a Multi-AZ RDS instance will failover?

An Availability Zone outage
An Availability Zone outage
A manual failover of the DB instance was initiated using Reboot with failover
A manual failover of the DB instance was initiated using Reboot with failover
To autoscale to a higher instance class
To autoscale to a higher instance class
The primary DB instance fails
The primary DB instance fails
Suggested answer: C

Explanation:

The primary DB instance switches over automatically to the standby replica if any of the > following conditions occur: An Availability Zone outage, the primary DB instance fails, the DB instance's server type is changed, the operating system of the DB instance is, undergoing software patching, a manual failover of the DB instance was initiated using Reboot with failover.

Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html

asked 16/09/2024
Juan Carlos Delgado
37 questions

Question 340

Report
Export
Collapse

In DynamoDB, a secondary index is a data structure that contains a subset of attributes from a table, along with an alternate key to support ______ operations.

None of the above
None of the above
Both
Both
Query
Query
Scan
Scan
Suggested answer: C

Explanation:

In DynamoDB, a secondary index is a data structure that contains a subset of attributes from a table, along with an alternate key to support Query operations.

asked 16/09/2024
Swapnil Salunke
39 questions
Total 557 questions
Go to page: of 56
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A company has a web application that uses AWS Elastic Beanstalk, Amazon S3, and Amazon DynamoDB to develop a web application. The web application has increased dramatically in popularity, resulting in unpredictable spikes in traffic. A DevOps Engineer has noted that 90% of the requests are duplicate read requests to the DynamoDB table and the images stored in an S3 bucket. How can the Engineer improve the performance of the website?
After a daily scrum with your development teams, you've agreed that using Blue/Green style deployments would benefit the team. Which technique should you use to deliver this new requirement?
A company uses a series of individual Amazon CloudFormation templates to deploy its multi-Region applications. These templates must be deployed in a specific order. The company is making more changes to the templates than previously expected and wants to deploy new templates more efficiently. Additionally, the data engineering team must be notified of all changes to the templates. What should the company do to accomplish these goals?
A company hosts parts of a Python-based application using AWS Elastic Beanstalk. An Elastic Beanstalk CLI is being used to create and update the environments. The Operations team detected an increase in requests in one of the Elastic Beanstalk environments that caused downtime overnight. The team noted that the policy used for AWS Auto Scaling is NetworkOut. Based on load testing metrics, the team determined that the application needs to scale CPU utilization to improve the resilience of the environments. The team wants to implement this across all environments automatically. Following AWS recommendations, how should this automation be implemented?
An application running on a set of Amazon EC2 instances in an Auto Scaling group requires a configuration file to operate. The instances are created and maintained with AWS CloudFormation. A DevOps engineer wants the instances to have the latest configuration file when launched, and wants changes to the configuration file to be reflected on all the instances with a minimal delay when the CloudFormation template is updated. Company policy requires that application configuration files be maintained along with AWS infrastructure configuration files in source control. Which solution will accomplish this?
A company has built a web service that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The company has deployed the application in us-east-1. Amazon Route 53 provides an external DNS that routes traffic from example.com to the application, created with appropriate health checks. The company has deployed a second environment for the application in eu-west-1. The company wants traffic to be routed to whichever environment results in the best response time for each user. If there is an outage in one Region, traffic should be directed to the other environment. Which configuration will achieve these requirements?
An application has microservices spread across different AWS accounts and is integrated with an on-premises legacy system for some of its functionality. Because of the segmented architecture and missing logs, every time the application experiences issues, it is taking too long to gather the logs to identify the issues. A DevOps Engineer must fix the log aggregation process and provide a way to centrally analyze the logs. Which is the MOST efficient and cost-effective solution?
An Application team is refactoring one of its internal tools to run in AWS instead of on-premises hardware. All of the code is currently written in Python and is standalone. There is also no external state store or relational database to be queried. Which deployment pipeline incurs the LEAST amount of changes between development and production?
A company is implementing an Amazon ECS cluster to run its workload. The company architecture will run multiple ECS services on the cluster, with an Application Load Balancer on the front end, using multiple target groups to route traffic. The Application Development team has been struggling to collect logs that must be collected and sent to an Amazon S3 bucket for near-real time analysis What must the DevOps Engineer configure in the deployment to meet these requirements? (Choose three.)
A retail company wants to use AWS Elastic Beanstalk to host its online sales website running on Java. Since this will be the production website, the CTO has the following requirements for the deployment strategy: Zero downtime. While the deployment is ongoing, the current Amazon EC2 instances in service should remain in service. No deployment or any other action should be performed on the EC2 instances because they serve production traffic. A new fleet of instances should be provisioned for deploying the new application version. Once the new application version is deployed successfully in the new fleet of instances, the new instances should be placed in service and the old ones should be removed. The rollback should be as easy as possible. If the new fleet of instances fail to deploy the new application version, they should be terminated and the current instances should continue serving traffic as normal. The resources within the environment (EC2 Auto Scaling group, Elastic Load Balancing, Elastic Beanstalk DNS CNAME) should remain the same and no DNS change should be made. Which deployment strategy will meet the requirements?