ExamGecko
Search Search Login
Home Home / Amazon / DOP-C01
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of these is not an instrinsic function in AWS CloudFormation?
After a daily scrum with your development teams, you've agreed that using Blue/Green style deployments would benefit the team. Which technique should you use to deliver this new requirement?
An application has microservices spread across different AWS accounts and is integrated with an on-premises legacy system for some of its functionality. Because of the segmented architecture and missing logs, every time the application experiences issues, it is taking too long to gather the logs to identify the issues. A DevOps Engineer must fix the log aggregation process and provide a way to centrally analyze the logs. Which is the MOST efficient and cost-effective solution?
For AWS Auto Scaling, what is the first transition state an existing instance enters after leaving steady state in Standby mode?
A DevOps Engineer must create a Linux AMI in an automated fashion. The newly created AMI identification must be stored in a location where other build pipelines can access the new identification programmatically What is the MOST cost-effective way to do this?
A company hosts parts of a Python-based application using AWS Elastic Beanstalk. An Elastic Beanstalk CLI is being used to create and update the environments. The Operations team detected an increase in requests in one of the Elastic Beanstalk environments that caused downtime overnight. The team noted that the policy used for AWS Auto Scaling is NetworkOut. Based on load testing metrics, the team determined that the application needs to scale CPU utilization to improve the resilience of the environments. The team wants to implement this across all environments automatically. Following AWS recommendations, how should this automation be implemented?
If you want CloudFormation stack status updates to show up in a continuous delivery system in as close to real time as possible, how should you achieve this?
You have an application running on an Amazon EC2 instance and you are using IAM roles to securely access AWS Service APIs. How can you configure your application running on that instance to retrieve the API keys for use with the AWS SDKs?
A company has a web application that uses AWS Elastic Beanstalk, Amazon S3, and Amazon DynamoDB to develop a web application. The web application has increased dramatically in popularity, resulting in unpredictable spikes in traffic. A DevOps Engineer has noted that 90% of the requests are duplicate read requests to the DynamoDB table and the images stored in an S3 bucket. How can the Engineer improve the performance of the website?
A company uses a series of individual Amazon CloudFormation templates to deploy its multi-Region applications. These templates must be deployed in a specific order. The company is making more changes to the templates than previously expected and wants to deploy new templates more efficiently. Additionally, the data engineering team must be notified of all changes to the templates. What should the company do to accomplish these goals?

Question 284 - DOP-C01 discussion

Report
Export

An application is running on Amazon EC2. It has an attached IAM role that is receiving an AccessDenied error while trying to access a SecureString parameter resource in the AWS Systems Manager Parameter Store. The SecureString parameter is encrypted with a customer-managed Customer Master Key (CMK), What steps should the DevOps Engineer take to grant access to the role while granting least privilege? (Choose three.)

A.
Set ssm:GetParamter for the parameter resource in the instance role’s IAM policy.
Answers
A.
Set ssm:GetParamter for the parameter resource in the instance role’s IAM policy.
B.
Set kms:Decrypt for the instance role in the customer-managed CMK policy.
Answers
B.
Set kms:Decrypt for the instance role in the customer-managed CMK policy.
C.
Set kms:Decrypt for the customer-managed CMK resource in the role’s IAM policy.
Answers
C.
Set kms:Decrypt for the customer-managed CMK resource in the role’s IAM policy.
D.
Set ssm:DecryptParameter for the parameter resource in the instance role IAM policy.
Answers
D.
Set ssm:DecryptParameter for the parameter resource in the instance role IAM policy.
E.
Set kms:GenerateDataKey for the user on the AWS managed SSM KMS key.
Answers
E.
Set kms:GenerateDataKey for the user on the AWS managed SSM KMS key.
F.
Set kms:Decrypt for the parameter resource in the customer-managed CMK policy.
Answers
F.
Set kms:Decrypt for the parameter resource in the customer-managed CMK policy.
Suggested answer: A, B, C

Explanation:

Reference: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-access.html

Show Answer
asked 16/09/2024
junjie wang
36 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms