A company indexes all of its Amazon CloudWatch Logs on Amazon ES and uses Kibana to view a dashboard for actionable insight. The company wants to restrict user access to Kibana by user
Which actions can a DevOps Engineer take to meet this requirement? (Select TWO.)
A company uses AWS Storage Gateway in file gateway mode in front of an Amazon S3 bucket that is used by multiple resources. In the morning when business begins, users do not see the objects processed by a third party the previous evening. When a DevOps engineer looks directly at the S3 bucket, the data is there, but it is missing in Storage Gateway.
Which solution ensures that all the updated third-party files are available in the morning?
A company is using AWS CodePipeline to automate its release pipeline. AWS CodeDeploy is being used in the pipeline to deploy an application to Amazon ECS using the blue/green deployment model. The company wants to implement scripts to shifting traffic. These scripts will complete in 5 minutes or less If errors are discovered during these tests, the application must be rolled back.
Which strategy will meet these requirements?
A DevOps Engineer needs to design and implement a backup mechanism for Amazon EFS. The Engineer is given the following requirements:
*The backup should run on schedule.
*The backup should be stopped if the backup window expires.
*The backup should be stopped if the backup completes before the backup window.
*The backup logs should be retained for further analysis.
The design should support highly available and fault-tolerant paradigms.
*Administrators should be notified with backup metadata.
Which design will meet these requirements?
A company requires its internal business teams to launch resources through pre-approved AWS CloudFormation templates only. The security team requires automated monitoring when resources drift from their expected state.
Which strategy should be used to meet these requirements?
A government agency has multiple AWS accounts, many of which store sensitive citizen information. A Security team wants to detect anomalous account and network activities (such as SSH brute force attacks) in any account and centralize that information in a dedicated security account. Event information should be stored in an Amazon S3 bucket in the security account, which is monitored by the department's Security Information and Even Manager (SIEM) system.
How can this be accomplished?
A company needs to introduce automatic DNS failover for a distributed web application to a disaster recovery or standby installation. The DevOps Engineer plans to configure Amazon Route 53 to provide DNS routing to alternate endpoint in the event of an application failure.
What steps should the Engineer take to accomplish this? (Select TWO.)
A company used AWS CloudFormation to deploy a three-tier web application that stores data in an Amazon RDS MySOL Multi-AZ DB instance. A DevOps
Engineer must upgrade the RDS instance to the latest major version of MySQL while incurring minimal downtime.
How should the Engineer upgrade the instance while minimizing downtime?
You have just recently deployed an application on EC2 instances behind an ELB. After a couple of weeks, customers are complaining on receiving errors from the application. You want to diagnose the errors and are trying to get errors from the ELB access logs. But the ELB access logs are empty. What is the reason for this.
A DevOps engineer is tasked with creating a more stable deployment solution for a web application in AWS. Previous deployments have resulted in user-facing bugs, premature user traffic, and inconsistencies between web servers running behind an Application Load Balancer. The current strategy uses AWS CodeCommit to store the code for the application. When developers push to the master branch of the repository. CodeCommit triggers an AWS Lambda deploy function, which invokes an AWS Systems Manager run command to build and deploy the new code to all Amazon EC2 instances.
Which combination of actions should be taken to implement a more stable deployment solution? (Select TWO.)
A DevOps engineer is creating a CI/CD pipeline for an Amazon ECS service. The ECS container instances run behind an Application Load Balancer as the web tier of a three-tier application. An acceptance criterion (or a successful deployment is the verification that the web tier can communicate with the database and middleware tiers of the application upon deployment.
How can this be accomplished in an automated fashion?
A company runs a production application workload in a single AWS account that uses Amazon Route 53, AWS Elastic Beanstalk, and Amazon RDS. In the event of a security incident, the Security team wants the application workload to fail over to a new AWS account. The Security team also wants to block all access to the original account immediately, with no access to any AWS resources in the original AWS account, during forensic analysis.
What is the most cost-effective way to prepare to fail over to the second account prior to a security incident?
A security review has identified that an AWS CodeBuild project is downloading a database population script from an Amazon S3 bucket using an unauthenticated request. The security team does not allow unauthenticated requests to S3 buckets for this project.
How can this issue be corrected in the MOST secure manner?
A production account has a requirement that any Amazon EC2 instance that has been logged into manually must be terminated within 24 hours. All applications in the production account are using Auto Scaling groups with Amazon CloudWatch Logs agent configured.
How can this process be automated?
A company wants 10 use AWS development tools to replace Its current bash deployment scripts. The company currently deploys a LAMP application to a group of Amazon EC2 instances behind an Application Load Balancer (ALB). During the deployments, the company unit tests the committed application, stops and starts services, unregisters and re-registers instances with the load balancer, and updates Me permissions. The company wants to maintain the same deployment functionality through the shift to using AWS services.
Which solution will meet these requirements?
A DevOps Engineer is implementing a mechanism for canary testing an application on AWS. The application was recently modified and went through security, unit, and functional testing. The application needs to be deployed on an AutoScaling group and must use a Classic Load Balancer.
Which design meets the requirement for canary testing?
A company wants to implement a CI/CD pipeline for an application that is deployed on AWS. The company also has a source-code analysis tool hosted on premises that checks for security flaws. The tool has not yet been migrated to AWS and can be accessed only on premises. The company wants to run checks against the source code as part of the pipeline before the code is compiled. The checks take anywhere from minutes to an hour to complete.
How can a DevOps Engineer meet these requirements?
A web application has been deployed using an AWS Elastic Beanstalk application The Application Developers are concerned that they are seeing high latency in two different areas of the application: HTTP client requests to a third-party API MySQL client library queries to an Amazon RDS database A DevOps Engineer must gather trace data to diagnose the issues. Which steps will gather the trace information with the LEAST amount of changes and performance impacts to the application?
A company is migrating an application to AWS that runs on a single Amazon EC2 instance. Because of licensing limitations, the application does not support horizontal scaling. The application will be using Amazon Aurora for its database.
How can the DevOps Engineer architect automated healing to automatically recover from EC2 and Aurora failures, in addition to recovering across Availability
Zones (AZs), in the MOST cost-effective manner?
A company wants to use Amazon DynamoDB for maintaining metadata on its forums. See the sample data set in the image below.
A DevOps Engineer is required to define the table schema with the partition key, the sort key, the local secondary index, projected attributes, and fetch operations.
The schema should support the following example searches using the least provisioned read capacity units to minimize cost.
-Search within ForumName for items where the subject starts with "˜a'.
-Search forums within the given LastPostDateTime time frame.
-Return the thread value where LastPostDateTime is within the last three months.
Which schema meets the requirements?
Your application stores sensitive information on an EBS volume attached to your EC2 instance. How can you protect your information? Choose two answers from the options given below
A company is deploying a new mobile game on AWS for its customers around the world. The Development team uses AWS Code services and must meet the following requirements:
- Clients need to send/receive real-time playing data from the backend frequently and with minimal latency
- Game data must meet the data residency requirement
Which strategy can a DevOps Engineer implement to meet their needs?
A company has a web application that uses an Amazon DynamoDB table in a single AWS Region to store user information. To support an increasingly global user base, the application must run in a secondary Region and allow users to connect to their closest Region and fail over to the secondary Region.
Which approach should be used to ensure the deployment meets these requirements?
The Development team at an online retailer has moved to Business support and want to take advantage of the AWS Health Dashboard and the AWS Health API to automate remediation actions for issues with the health of AWS resources. The first use case is to respond to AWS detecting an IAM access key that is listed on a public code repository site. The automated response will be to delete the IAM access key and send a notification to the Security team.
How should this be achieved?
A Security team is concerned that a Developer can unintentionally attach an Elastic IP address to an Amazon EC2 instance in production. No Developer should be allowed to attach an Elastic IP address to an instance. The Security team must be notified if any production server has an Elastic IP address at any time.
How can this task be automated?
A company hosts its staging website using an Amazon EC2 instance backed with Amazon EBS storage. The company wants to recover quickly with minimal data losses in the event of network connectivity issues or power failures on the EC2 instance
Which solution will meet these requirements?
A company needs to introduce automatic DNS failover for a distributed web application to a disaster recovery or standby installation. The DevOps Engineer plans to configure Amazon Route 53 to provide DNS routing to alternate endpoint in the event of an application failure. What steps should the Engineer take to accomplish this? (Select TWO.)
A DevOps Engineer has several legacy applications that all generate different log formats. The Engineer must standardize the formats before writing them to Amazon S3 for querying and analysis.
How can this requirement be met at the LOWEST cost?
A company wants to use Amazon ECS to provide a Docker container runtime environment. For compliance reasons, all Amazon EBS volumes used in the ECS cluster must be encrypted. Rolling updates will be made to the cluster instances and the company wants the instances drained of all tasks before being terminated.
How can these requirements be met? (Select TWO.)
A defect was discovered in production and a new sprint item has been created for deploying a hotfix. However, any code change must go through the following steps before going into production:
*Scan the code for security breaches, such as password and access key leaks.
Run the code through extensive, long running unit tests.
Which source control strategy should a DevOps Engineer use in combination with AWS CodePipeline to complete this process?
A DevOps engineer is using AWS CodeBuild. AWS CodeDeploy. and Amazon S3 to build a centralized CI/CD pipeline. The DevOps engineer must implement least privilege access and encryption at rest for all artifacts in Amazon S3. The DevOps engineer must be able to prune old artifacts without having the ability to download or read them.
The DevOps engineer already has completed the following steps
1. Create a unique AWS Key Management Service (AWS KMS) CMK and S3 bucket for each project's builds 2 Update the S3 bucket policy to only allow uploads that use the associated KMS encryption
Which final step should the DevOps engineer take to meet these requirements?
A DevOps Engineer is working with an application deployed to 12 Amazon EC2 instances across 3 Availability Zones. New instances can be started from an AMI image. On a typical day, each EC2 instance has 30% utilization during business hours and 10% utilization after business hours. The CPU utilization has an immediate spike in the first few minutes of business hours. Other increases in CPU utilization rise gradually.
The Engineer has been asked to reduce costs while retaining the same or higher reliability.
Which solution meets these requirements?
A Development team is currently using AWS CodeDeploy to deploy an application revision to an Auto Scaling group. If the deployment process fails, it must be rolled back automatically and a notification must be sent.
What is the MOST effective configuration that can satisfy all of the requirements?
A company maintains a stateless web application that is experiencing inconsistent traffic. The company uses AWS CloudFormation to deploy the application. The application runs on Amazon EC2 On-Demand Instances behind an Application Load Balancer (ALB). The instances run across multiple Availability Zones.
The company wants to include the use of Spot Instances while continuing to use a small number of On-Demand Instances to ensure that the application remains highly available.
What is the MOST cost-effective solution that meets these requirements?
A company wants to use AWS Systems Manager documents to bootstrap physical laptops for developers. The bootstrap code is stored in GitHub. A DevOps engineer has already created a Systems Manager activation, installed the Systems Manager agent with the registration code, and installed an activation ID on all the laptops.
Which set of steps should be taken next?
A DevOps engineer needs to back up sensitive Amazon S3 objects that are stored within an S3 bucket with a private bucket policy using S3 cross-Region replication functionality. The objects need to be copied to a target bucket In a different AWS Region and account.
Which combination of actions should be performed to enable this replication? (Select THREE.)
AWS Certified Professional | DOP-C01 Questions Answers | DOP-C01 Test Prep | AWS Certified DevOps Engineer - Professional Questions PDF | DOP-C01 Online Exam | DOP-C01 Practice Test | DOP-C01 PDF | DOP-C01 Test Questions | DOP-C01 Study Material | DOP-C01 Exam Preparation | DOP-C01 Valid Dumps | DOP-C01 Real Questions | AWS Certified Professional DOP-C01 Exam Questions