AWS DevOps Practise Test – (DOP-C02) Practise Test – 2

A health-care services company has strong regulatory requirements and it has come to light recently that some of the EBS volumes have not been encrypted. It is necessary for the company to monitor and audit compliance over time and alert the corresponding teams if unencrypted EBS volumes are detected.

How should a DevOps Engineer implement an alert for the unencrypted EBS volumes with the least administrative overhead?

A global health-care company has an EFS filesystem being used in eu-west-1. The company would like to plan for a disaster recovery strategy and backup that EFS file system in ap-southeast-2. It needs to have a hot copy of the data so that the applications can be re-deployed in ap-southeast-2 with a minimum RPO and RTO. The VPCs in each region are not peered with each other.

How should a DevOps engineer implement a solution for this use-case?

As a DevOps Engineer at an IT company, you are looking to create a daily EBS backup workflow. That workflow must take an EBS volume, and create a snapshot from it. When the snapshot is created, it must be copied to another region. In case the other region is unavailable because of a disaster, then that backup should be copied to a third region. An email address must be notified of the final result. There's a requirement to keep an audit trail of all executions as well.

How can you implement this efficiently and in a fail-safe way?

A cyber forensics company would like to ensure that CloudTrail is always enabled in its AWS account. It also needs to have an audit trail of the status for CloudTrail. In the case of compliance breaches, the company would like to automatically resolve them.

As a DevOps Engineer, how can you implement a solution for this requirement?

A data intelligence and analytics company enables publishers to measure, analyze, and improve the impact of the advertising across their range of online deliverables. The DevOps team at the company wants to use CodePipeline to deploy code from CodeCommit with CodeDeploy. The company has hired you as an AWS Certified DevOps Engineer Professional to build a solution for this requirement.

How would you configure the EC2 instances to facilitate the deployment?

The DevOps team at an auditing firm has deployed its flagship application on Elastic Beanstalk that processes invoices uploaded by customers in CSV form. The invoices can be quite big, with up to 10MB and 1,000,000 records total. Processing is CPU intensive which results in slowing down the application. Customers are sent an email when the processing is done, through the use of a cron job. The auditing firm has hired you as an AWS Certified DevOps Engineer Professional to build a solution for this requirement.

What do you recommend for the application to ensure a good performance and address scalability requirements?

Your company has adopted a git repository technology to store and have version control on the application code. Your company would like to make sure the production branch of the code is deployed to the production environment, but also would like to enable other versions of the code to be deployed to the development and staging environments for performing various kinds of user acceptance testing.

As a DevOps Engineer, which solution would you implement for the given requirement?

An e-commerce company has deployed a Spring application on Elastic Beanstalk running the Java platform. As a DevOps Engineer at the company, you are referencing an RDS PostgreSQL database through an environment variable so that your application can use it for storing its data. You are using a library to perform a database migration in case the schema changes. Upon deploying updates to Beanstalk, you have seen the migration fail because all the EC2 instances running the new version try to run the migration on the RDS database.

How can you fix this issue?

An IT company is deploying a Python Flask based application and would like to ensure that it has a base AMI that contains the necessary Python runtime, as well as OS patches. That AMI must be used able to be referenced programmatically from across all regions in your account in a scalable way. The company has hired you as an AWS Certified DevOps Engineer Professional to build a solution to address this requirement.

Which of the following options would you recommend for this use-case? (Select two)

A retail company uses the open-source tool Jenkins on its on-premise infrastructure to perform CICD. It has decided to move to AWS and take advantage of the elasticity properties of the cloud provider to have more efficient workloads. It needs to ensure the Jenkins setup is highly available, fault-tolerant and also elastic to perform builds. The company has hired you as an AWS Certified DevOps Engineer Professional to build the most cost-effective solution for this requirement.

Which of the following solutions would you recommend?

An industrial appliances company would like to take advantage of AWS Systems Manager to manage their on-premise instances and their EC2 instances. This will allow them to run some SSM RunCommand across their hybrid fleet. The company would also like to effectively manage the size of the fleet. The company has hired you as an AWS Certified DevOps Engineer Professional to build a solution to address this requirement.

How would you set up the on-premise server to achieve this objective?

The technology team at a leading bank is using software that has a license type that gets billed based on the number of CPU sockets that are being used. The team would like to ensure that they are using the most appropriate EC2 launch mode and create a compliance dashboard that highlights any violation of that decision. The company has hired you as an AWS Certified DevOps Engineer Professional to build a solution for this requirement.

Which of the following solutions would you recommend as the best fit?

The DevOps team at a leading travel-booking services company is using a CloudFormation template to deploy a Lambda function. The Lambda function code is uploaded into S3 into a file named s3://my-bucket/my-lambda-code.zip by CodePipeline after having passed all the required build checks. CodePipeline then invokes the CloudFormation template to deploy the new code. The team has found that although the CloudFormation template successfully runs, the Lambda function is not updated.

As a DevOps Engineer, what can you do to quickly fix this issue? (Select three)

The DevOps team at an e-commerce company is working with the in-house security team to improve the security workflow of the code release process. The DevOps team would like to initiate a 3rd party code vulnerability analysis tool for every push done to code in your CodeCommit repository. The code has to be sent via an external API.

As an AWS Certified DevOps Engineer, how would you implement this most efficiently?

An IT company is creating an online booking system for hotels. The booking workflow that the company has implemented can take over 3 hours to complete as a manual verification step is required by a 3rd party provider to ensure big transactions are not fraudulent.

As a DevOps Engineer, you need to expose this as a secure API for the end customers. The website must be able to sustain 5000 requests at the same time. How should you implement this in the simplest possible way?

The DevOps team at a retail company has deployed its flagship application on EC2 instances using CodeDeploy and uses an RDS PostgreSQL database to store the data, while it uses DynamoDB to store the user sessions. As the Lead DevOps Engineer at the company, you would like the application to securely access RDS & DynamoDB.

How can you do this most securely?

An ed-tech company has created a paid-per-use API using API Gateway. This API is available at http://edtech.com/api/v1. The website's static files have been uploaded in S3 and now support a new API route http://edtech.com/api/v1/new-feature if available. Your team has decided it is safer to send a small amount of traffic to that route first and test if the metrics look okay. Your API gateway routes are backed by AWS Lambda.

As a DevOps Engineer, what steps should you take to enable this testing?

As the Lead DevOps Engineer at an e-commerce company, you would like to upgrade the major version of your MySQL database, which is managed by CloudFormation with AWS::RDS::DBInstance and setup using Multi-AZ.

You have a requirement to minimize the downtime as much as possible, what steps should you take to achieve this?

A mobility company connects people with taxi drivers and the DevOps team at the company uses CodeCommit as a backup and disaster recovery service for several of its DevOps processes. The team is creating a CICD pipeline so that your code in the CodeCommit master branch automatically gets packaged as a Docker container and published to ECR. The team would then like that image to be automatically deployed to an ECS cluster using a Blue/Green strategy.

As an AWS Certified DevOps Engineer, which of the following options would you recommend as the most efficient solution to meet the given requirements?

As part of the CICD pipeline, a DevOps Engineer is performing a functional test using a CloudFormation template that will later get deployed to production. That CloudFormation template creates an S3 bucket and a Lambda function which transforms images uploaded into S3 into thumbnails. To test the Lambda function, a few images are automatically uploaded and the thumbnail output is expected from the Lambda function on the S3 bucket. As part of the clean-up of these functional tests, the CloudFormation stack is deleted, but right now the delete fails.

What's the reason and how could this issue be fixed?

A graphics design company is experimenting with a new feature for an API and the objective is to pass the field "color" in the JSON payload to enable this feature. The new Lambda function should treat "color": "none" as a request from an older client. The company would like to only have to manage one Lambda function in the back-end while being able to support both old and new clients. The API Gateway API is currently deployed on the v1 stage. Old clients include Android applications which may take time to be updated. The technical requirements mandate that the solution should support the old clients for years to come.

As an AWS Certified DevOps Engineer Professional, which of the following options would you recommend as the best fit for the given use-case?

The DevOps team at a presentation software company is deploying their flagship application using Elastic Beanstalk. The application is deployed using a Deploy stage in a CodePipeline pipeline. The technical requirements mandate changing the configuration of the Application Load Balancer tied to Elastic Beanstalk by adding an HTTP to HTTPS redirection rule.

As a DevOps Engineer, you don't have the permissions to directly edit the Elastic Beanstalk environment, how can you proceed?

A production support team manages a web application running on a fleet of Amazon EC2 instances configured with an Application Load balancer (ALB). The instances run in an EC2 Auto Scaling group across multiple Availability Zones. A critical bug fix has to be deployed to the production application. The team needs a deployment strategy that can:

a) Create another fleet of instances with the same capacity and configuration as the original one. b) Continue access to the original application without a downtime c) Transition the traffic to the new fleet when the deployment is fully done. The production test team has requested a two-hour window to complete thorough testing on the new fleet of instances. d) Terminate the original fleet automatically once the test window expires.

As a DevOps engineer, which deployment solution will you choose to cater to all the given requirements?

An e-commerce company has a serverless application stack that consists of CloudFront, API Gateway and Lambda functions. The company has hired you to improve the current deployment process which creates a new version of the Lambda function and then runs an AWS CLI script for deployment. In case the new version errors out, then another CLI script is invoked to deploy the previous working version of the Lambda function. The company has mandated you to decrease the time to deploy new versions of the Lambda functions and also reduce the time to detect and roll back when errors are identified.

Which of the following solutions would you suggest for the given use case?

As a security best practice, a company has decided to back up all of its Amazon Elastic Block Store (Amazon EBS) volumes every week. To implement this change, developers are mandated to tag all Amazon EBS volumes with a custom tag. The company runs an automated solution that reads the custom tag having the value of the desired backup frequency as weekly for each EBS volume and then the solution schedules the backup. However, a recent audit report has highlighted the fact that a few EBS volumes were not backed up as expected because of the missing custom tag.

As a DevOps engineer which solution will you choose to enforce backup for all EBS volumes used by an AWS account?