AWS DevOps Practise Test – (DOP-C02) Practise Test – 4

A developer has uploaded an object of size 100 MB to an Amazon S3 bucket as a single-part direct upload using the REST API that has checksum enabled. The checksum of the object uploaded via the REST API was the checksum of the entire object. Later that day, the developer used the AWS Management Console to rename the object, copy it and edit its metadata. Later, when the developer checked for the checksum of the object updated via the AWS Management Console, the checksum was not the checksum of the entire object. Confused by the behavior, the developer has reached out to you for a possible solution.

As an AWS Certified DevOps Engineer - Professional, which of the following options would you identify as the reason for this behavior?

An AWS managed cloudformation-stack-drift-detection-check rule is defined in AWS Config for drift detection in AWS CloudFormation resources. The DevOps team is facing two issues:

a) How to detect drifts of Cloudformation custom resources b) Drift status of the stack shows as IN_SYNC in the CloudFormation console, the following is the drift detection error - 'While AWS CloudFormation failed to detect drift, defaulting to NON_COMPLIANT. Re-evaluate the rule and try again. If the problem persists contact AWS CloudFormation support'

As a DevOps Engineer, which steps will you combine to fix the aforementioned issues? (Select two)

For deployments across AWS accounts, an e-commerce company has decided to use AWS CodePipeline to deploy an AWS CloudFormation stack in an AWS account (account A) to a different AWS account (account B).

What combination of steps will you take to configure this requirement? (Select three)

A media application runs on a host of Amazon EC2 instances fronted with an Application Load Balancer (ALB) and Amazon S3 buckets as storage service. For enhanced security, an AWS Web Application Firewall (AWS WAF) has been set up to monitor the requests coming to the ALB. The DevOps team needs to submit a quarterly report on the web requests received by AWS WAF, having detailed information about each web request as well as the details about rules that the request matched. The team has reached out to you for implementing the changes needed for collecting the security data for the coming months.

As DevOps Engineer, how will you implement this requirement?

A data analytics company wants to move all its clients belonging to the regulated and security-sensitive industries such as financial services and healthcare to the AWS Cloud as it wants to leverage the out-of-box security-specific capabilities offered by AWS. The DevOps team at the company is developing a framework to validate the adoption of AWS best practices and industry-recognized compliance standards. The AWS Management Console is the preferred method for the in-house teams wanting to provision resources.

Which of the following strategies would you adopt to address these business requirements for continuously assessing, auditing and monitoring the configurations of AWS resources? (Select two)

A company having hundreds of AWS accounts manages its operations and security through a single organization created in AWS Organizations. As per the company's policy, AWS Config and AWS CloudTrail are enabled for all accounts. The security policy mandates configuring AWS Web Application Firewall (AWS WAF) web ACLs for all internet-facing Application Load Balancers (ALBs) and Amazon API Gateway APIs. However, monthly audit reports consistently report unsecured ALBs and API Gateway APIs.

As a DevOps engineer, the security team has requested you to automate these configurations for all accounts to avoid oversight. What steps will you recommend?

The security policy of a company mandates encrypting all AMIs that the company shares across its AWS accounts. An AWS account (Account A) has a custom AMI that is not encrypted. This AMI needs to be shared with another AWS Account B. Account B has Amazon EC2 instances configured with an Auto Scaling group that will use the AMI. Account A already has an AWS Key Management Service (AWS KMS) key.

As a DevOps Engineer, which combination of steps will you take to share the AMI with Account B while adhering to the company's security policy? (Select two)

A developer configured an AWS CloudFormation template to create custom resource necessary for the project. The AWS Lambda function for the custom resource executed successfully as seen by the successful creation of the custom resource. But, the CloudFormation stack is not transitioning from in-progress status (CREATE_IN_PROGRESS) to completion status (CREATE_COMPLETE).

Which step did the developer possibly miss for the successful completion of the CloudFormation stack?

In a multinational company, various AWS accounts are efficiently managed using AWS Control Tower. The company operates both internal and public applications across its infrastructure. To streamline operations, each application team is assigned a dedicated AWS account responsible for hosting their respective applications. These accounts are consolidated under an organization in AWS Organizations. Additionally, a specific AWS Control Tower member account acts as a centralized DevOps hub, offering Continuous Integration/Continuous Deployment (CI/CD) pipelines that application teams utilize to deploy applications to their designated AWS accounts. A specialized IAM role for deployment is available within this central DevOps account.

Currently, a particular application team is facing challenges while attempting to deploy its application to an Amazon Elastic Kubernetes Service (Amazon EKS) cluster situated in their application-specific AWS account. They have an existing IAM role for deployment within the application AWS account. The deployment process relies on an AWS CodeBuild project, configured within the centralized DevOps account, and utilizes an IAM service role for CodeBuild. However, the deployment process is encountering an Unauthorized error when trying to establish connections to the cross-account EKS cluster from the CodeBuild environment.

To resolve this error and facilitate a successful deployment, what solution would you recommend?

A company has hired you as an AWS Certified DevOps Engineer - Professional to provide recommendations for a failed security audit of its flagship project. You have been tasked to review the company's buildspec.yaml file for its AWS CodeBuild project. Upon investigation, you have noticed that the file has hard-coded values for the environment variables that reference the AWS Access Key ID, Secret Access Key, and the database password. In addition, to perform one-time configuration changes during the build phase, the file has commands to ssh and scp into an EC2 instance using an SSH private key stored on Amazon S3.

What changes would you recommend to comply with AWS security best practices? (Select three)

An application runs on a fleet of Amazon EC2 instances that are configured with an Auto Scaling group (ASG). Both Spot and On-Demand instances are utilized as per the ASG configuration. For the most part, the ASG seems to be working fine as expected. There are a few issues that the DevOps team has flagged:

a) During a scale-in activity, ASG has terminated instance in the Availability Zone (AZ) that already had fewer instances than the other b) For some duration, ASG exceeded the specified maximum capacity of the group

What reasons can you identify for this behavior? (Select two)

A web application is hosted on Amazon EC2 instances behind an Application Load Balancer (ALB). While using CodeDeploy Blue/Green deployment to deploy a new version, the deployment failed during the AllowTraffic lifecycle event. The DevOps team has found no errors in the deployment logs.

Which of the following would you identify as the root cause behind the failure of the deployment?

During an AWS CloudFormation stack update process, an error occurred in the updated template, causing AWS CloudFormation to initiate an automatic stack rollback. After the rollback attempt, a DevOps engineer noticed that the application remained unavailable, and the stack is now in the UPDATE_ROLLBACK_FAILED state.

To ensure the successful completion of the stack rollback, which actions should the DevOps engineer take? (Select two)

A company uses an AWS CodePipeline pipeline to deploy updates to the API several times a month. As part of this process, the DevOps team exports the JavaScript SDK for the API from the API Gateway console and uploads it to an Amazon S3 bucket, which is being used as an origin for an Amazon CloudFront distribution. Web clients access the SDK through the CloudFront distribution's endpoint. The goal is to have an automated solution that ensures the latest SDK is always available to clients whenever there's a new API deployment.

As an AWS Certified DevOps Engineer - Professional, what solution will you suggest?

A company provides an application to customers. The application has an Amazon API Gateway REST API that invokes an AWS Lambda function. On initialization, the Lambda function loads a large amount of data from an Amazon DynamoDB table. The data load process results in long cold-start times of 8-10 seconds. The DynamoDB table has DynamoDB Accelerator (DAX) configured. Customers report that the application intermittently takes a long time to respond to requests. The application receives thousands of requests throughout the day. In the middle of the day, the application experiences 10 times more requests than at any other time of the day. Near the end of the day, the application's request volume decreases to 10% of its normal total. A DevOps engineer needs to reduce the latency of the Lambda function at all times of the day. Which solution will meet these requirements?

A company has a mobile application that makes HTTP API calls to an Application Load Balancer (ALB). The ALB routes requests to an AWS Lambda function. Many different versions of the application are in use at any given time, including versions that are in testing by a subset of users. The version of the application is defined in the user-agent header that is sent with all requests to the API. After a series of recent changes to the API, the company has observed issues with the application. The company needs to gather a metric for each API operation by response code for each version of the application that is in use. A DevOps engineer has modified the Lambda function to extract the API operation name, version information from the user-agent header and response code. Which additional set of actions should the DevOps engineer take to gather the required metrics?