ExamGecko
Home / Amazon / DOP-C01 / List of questions
Ask Question

Amazon DOP-C01 Practice Test - Questions Answers, Page 34

List of questions

Question 331

Report
Export
Collapse

You are building a mobile app for consumers to post cat pictures online. You will be storing the images in AWS S3. You want to run the system very cheaply and simply. Which one of these options allows you to build a photo sharing application without needing to worry about scaling expensive uploads processes, authentication/authorization and so forth?

Build the application out using AWS Cognito and web identity federation to allow users to log in using Facebook or Google Accounts. Once they are logged in, the secret token passed to that user is used to directly access resources on AWS, like AWS S3.
Build the application out using AWS Cognito and web identity federation to allow users to log in using Facebook or Google Accounts. Once they are logged in, the secret token passed to that user is used to directly access resources on AWS, like AWS S3.
Use JWT or SAML compliant systems to build authorization policies. Users log in with a username and password, and are given a token they can use indefinitely to make calls against the photo infrastructure.
Use JWT or SAML compliant systems to build authorization policies. Users log in with a username and password, and are given a token they can use indefinitely to make calls against the photo infrastructure.
Use AWS API Gateway with a constantly rotating API Key to allow access from the client-side. Construct a custom build of the SDK and include S3 access in it.
Use AWS API Gateway with a constantly rotating API Key to allow access from the client-side. Construct a custom build of the SDK and include S3 access in it.
Create an AWS oAuth Service Domain ad grant public signup and access to the domain. During setup, add at least one major social media site as a trusted Identity Provider for users.
Create an AWS oAuth Service Domain ad grant public signup and access to the domain. During setup, add at least one major social media site as a trusted Identity Provider for users.
Suggested answer: A

Explanation:

The short answer is that Amazon Cognito is a superset of the functionality provided by web identity federation. It supports the same providers, and you configure your app and authenticate with those providers in the same way. But Amazon Cognito includes a variety of additional features. For example, it enables your users to start using the app as a guest user and later sign in using one of the supported identity providers.

Reference:

https://blogs.aws.amazon.com/security/post/Tx3SYCORF5EKRC0/How-Does-Amazon-CognitoRelate-to-Existing-Web-Identity-Federatio

asked 16/09/2024
Justin NJOCK
45 questions

Question 332

Report
Export
Collapse

What option below is the geographic limit of an EC2 security group?

Security groups are global.
Security groups are global.
They are confined to Placement Groups.
They are confined to Placement Groups.
They are confined to Regions.
They are confined to Regions.
They are confined to Availability Zones.
They are confined to Availability Zones.
Suggested answer: C

Explanation:

A security group is tied to a region and can be assigned only to instances in the same region.

You can't enable an instance to communicate with an instance outside its region using security group rules. Traffic from an instance in another region is seen as WAN bandwidth.

Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resources.html

asked 16/09/2024
nebaba monda
42 questions

Question 333

Report
Export
Collapse

Your system automatically provisions EIPs to EC2 instances in a VPC on boot. The system provisions the whole VPC and stack at once. You have two of them per VPC. On your new AWS account, your attempt to create a Development environment failed, after successfully creating Staging and Production environments in the same region. What happened?

You didn't choose the Development version of the AMI you are using.
You didn't choose the Development version of the AMI you are using.
You didn't set the Development flag to true when deploying EC2 instances.
You didn't set the Development flag to true when deploying EC2 instances.
You hit the soft limit of 5 EIPs per region and requested a 6th.
You hit the soft limit of 5 EIPs per region and requested a 6th.
You hit the soft limit of 2 VPCs per region and requested a 3rd.
You hit the soft limit of 2 VPCs per region and requested a 3rd.
Suggested answer: C

Explanation:

There is a soft limit of 5 EIPs per Region for VPC on new accounts. The third environment could not allocate the 6th EIP.

Reference: http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_vpc

asked 16/09/2024
Anthony Agbale
46 questions

Question 334

Report
Export
Collapse

A company uses AWS KMS with CMKs and manual key rotation to meet regulatory compliance requirements. The security team wants to be notified when any keys have not been rotated after 90 days. Which solution will accomplish this?

Configure AWS KMS to publish to an Amazon SNS topic when keys are more than 90 days old.
Configure AWS KMS to publish to an Amazon SNS topic when keys are more than 90 days old.
Configure an Amazon CloudWatch Events event to launch an AWS Lambda function to call the AWS Trusted Advisor API and publish to an Amazon SNS topic.
Configure an Amazon CloudWatch Events event to launch an AWS Lambda function to call the AWS Trusted Advisor API and publish to an Amazon SNS topic.
Develop an AWS Config custom rule that publishes to an Amazon SNS topic when keys are more than 90 days old.
Develop an AWS Config custom rule that publishes to an Amazon SNS topic when keys are more than 90 days old.
Configure AWS Security Hub to publish to an Amazon SNS topic when keys are more than 90 days old.
Configure AWS Security Hub to publish to an Amazon SNS topic when keys are more than 90 days old.
Suggested answer: C
asked 16/09/2024
107 gleann na ri charles
34 questions

Question 335

Report
Export
Collapse

A company is testing a web application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The company uses a blue/green deployment process with immutable instances when deploying new software.

During testing, users are being automatically logged out of the application at random times. Testers also report that, when a new version of the application is deployed, all users are logged out. The Development team needs a solution to ensure users remain logged in across scaling events and application deployments. What is the MOST efficient way to ensure users remain logged in?

Enable smart sessions on the load balancer and modify the application to check for an existing session.
Enable smart sessions on the load balancer and modify the application to check for an existing session.
Enable session sharing on the load balancer and modify the application to read from the session store.
Enable session sharing on the load balancer and modify the application to read from the session store.
Store user session information in an Amazon S3 bucket and modify the application to read session information from the bucket.
Store user session information in an Amazon S3 bucket and modify the application to read session information from the bucket.
Modify the application to store user session information in an Amazon ElastiCache cluster.
Modify the application to store user session information in an Amazon ElastiCache cluster.
Suggested answer: D
asked 16/09/2024
Areeluck Parnsoonthorn
38 questions

Question 336

Report
Export
Collapse

When logging with Amazon CloudTrail, API call information for services with single end points is ____.

captured and processed in the same region as to which the API call is made and delivered to the region associated with your Amazon S3 bucket
captured and processed in the same region as to which the API call is made and delivered to the region associated with your Amazon S3 bucket
captured, processed, and delivered to the region associated with your Amazon S3 bucket
captured, processed, and delivered to the region associated with your Amazon S3 bucket
captured in the same region as to which the API call is made and processed and delivered to the region associated with your Amazon S3 bucket
captured in the same region as to which the API call is made and processed and delivered to the region associated with your Amazon S3 bucket
captured in the region where the end point is located, processed in the region where the CloudTrail trail is configured, and delivered to the region associated with your Amazon S3 bucket
captured in the region where the end point is located, processed in the region where the CloudTrail trail is configured, and delivered to the region associated with your Amazon S3 bucket
Suggested answer: D

Explanation:

When logging with Amazon CloudTrail, API call information for services with regional end points (EC2, RDS etc.) is captured and processed in the same region as to which the API call is made and delivered to the region associated with your Amazon S3 bucket. API call information for services with single end points (IAM, STS etc.) is captured in the region where the end point is located, processed in the region where the CloudTrail trail is configured, and delivered to the region associated with your Amazon S3 bucket.

Reference:

https://aws.amazon.com/cloudtrail/faqs/

asked 16/09/2024
claudine Nguepnang
45 questions

Question 337

Report
Export
Collapse

Which of these techniques enables the fastest possible rollback times in the event of a failed deployment?

Rolling; Immutable
Rolling; Immutable
Rolling; Mutable
Rolling; Mutable
Canary or A/B
Canary or A/B
Blue-Green
Blue-Green
Suggested answer: D

Explanation:

AWS specifically recommends Blue-Green for super-fast, zero-downtime deploys - and thus rollbacks, which are redeploying old code. You use various strategies to migrate the traffic from your current application stack (blue) to a new version of the application (green). This is a popular technique for deploying applications with zero downtime.

Reference: https://d0.awsstatic.com/whitepapers/overview-of-deployment-options-onaws.pdf

asked 16/09/2024
Adugna Mehari
37 questions

Question 338

Report
Export
Collapse

Which difference between core modules and extra modules is not correct?

Extra modules may one day become core modules
Extra modules may one day become core modules
Core modules are supported by the Ansible team
Core modules are supported by the Ansible team
Core modules are shipped by default with Ansible
Core modules are shipped by default with Ansible
Extra modules have no support
Extra modules have no support
Suggested answer: D

Explanation:

While extra modules are not official modules and thus not supported by the Ansible team, they are indeed supported by their writers and the community.

Reference: http://docs.ansible.com/ansible/modules_extra.html

asked 16/09/2024
james james
33 questions

Question 339

Report
Export
Collapse

Which of these is not a reason a Multi-AZ RDS instance will failover?

An Availability Zone outage
An Availability Zone outage
A manual failover of the DB instance was initiated using Reboot with failover
A manual failover of the DB instance was initiated using Reboot with failover
To autoscale to a higher instance class
To autoscale to a higher instance class
The primary DB instance fails
The primary DB instance fails
Suggested answer: C

Explanation:

The primary DB instance switches over automatically to the standby replica if any of the > following conditions occur: An Availability Zone outage, the primary DB instance fails, the DB instance's server type is changed, the operating system of the DB instance is, undergoing software patching, a manual failover of the DB instance was initiated using Reboot with failover.

Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html

asked 16/09/2024
Juan Carlos Delgado
37 questions

Question 340

Report
Export
Collapse

In DynamoDB, a secondary index is a data structure that contains a subset of attributes from a table, along with an alternate key to support ______ operations.

None of the above
None of the above
Both
Both
Query
Query
Scan
Scan
Suggested answer: C

Explanation:

In DynamoDB, a secondary index is a data structure that contains a subset of attributes from a table, along with an alternate key to support Query operations.

asked 16/09/2024
Swapnil Salunke
39 questions
Total 557 questions
Go to page: of 56
Search

Related questions