AWS DevOps Practise Test (DOP-C02) Practise Test – 3

A project has two AWS accounts, a development account and a production account, in the us-east-1 Region. A DevOps engineer has to deploy artifacts from the development account's S3 bucket to the production account's S3 bucket using AWS CodePipeline with Amazon S3 deploy action.

What configurations are mandatory for this cross-account deployment? (Select two)

A company uses AWS CodeDeploy to deploy an AWS Lambda function as the final step of a CI/CD pipeline. The company has developed the Lambda function to handle incoming orders through an order-processing API. The DevOps team has noticed intermittent failures in the API occurring for a brief period after deploying the Lambda function. Upon investigation, the team suspects that the failures are a result of incomplete propagation of database changes before the Lambda function gets invoked.

What measures can help resolve this issue?

The DevOps team for an e-commerce company wants to implement a patching plan on AWS Cloud for a large mixed fleet of Windows and Linux servers. The patching plan has to be auditable and must be implemented securely to ensure compliance with the company's business requirements.

Which of the following options would you recommend to address these requirements with MINIMAL effort? (Select two)

An Aurora cluster is configured with a single DB instance for a web application. The application uses the instance endpoint to read/write data to the database. The operations team has scheduled an update on the cluster during the upcoming maintenance window. The application support team has requested help to ensure uninterrupted access to the application during the maintenance window.

Which step should a DevOps Engineer take so that the users experience the least possible interruption during the maintenance window?

A video-sharing application stores its files on an Amazon S3 bucket. During the last year, the user traffic has multiplied by thousands and the company is planning on introducing subscription services for its video sharing application. The company needs the access pattern of the video files to identify the most viewed and downloaded videos.

Which of the following would you identify as the MOST cost-effective solution that can be implemented at the earliest?

A company implements access control by creating different policies for different job functions. These policies are attached to IAM roles/groups with minimum permissions necessary for the job function. Up until this point, the solution has been functioning effectively. However, with business expansion, the administrator has to frequently update the existing policies to allow access to new resources.

Which of the following solutions can make the access control applicable to all new resources without the need to update the policies?

A media company extensively uses Amazon S3 buckets for storing images files, documents, and other business-specific data. The company has mandated enabling logging for all Amazon S3 buckets. The audit team publishes the reports of all AWS resources failing company security standards. Until recently, the security team would pick the list of noncompliant Amazon S3 buckets from the audit list and execute remediation actions manually for each resource. This process is not only time-consuming but also leaves noncompliant resources vulnerable for a long duration.

Which combination of steps should a DevOps Engineer take to meet these requirements using an automated solution? (Select two)

A social media company has its web application hosted on Amazon EC2 instances that are deployed in a single AWS Region. The company has now expanded its operations into new geographies and the company wants to offer low-latency access for the application to its customers. To comply with different financial regulations of each geography, the application needs to operate in silos and the underlying instances in one region should not interact with instances running in other regions.

Which of the following represents the most optimal solution to automate the application deployment to different AWS regions?

A company wants to create an automated monitoring solution to generate real-time customized notifications regarding unrestricted security groups in the company's production AWS account. The notification must contain the name and ID of the noncompliant security group. The DevOps team at the company has already activated the restricted-ssh AWS Config managed rule. The team has also set up an Amazon Simple Notification Service (Amazon SNS) topic and subscribed relevant personnel to it.

Which of the following options represents the BEST solution for the given scenario?

A DevOps Engineer needs to use the AWS CloudFormation stack to deploy an application. But the DevOps Engineer does not have the required permissions to provision the resources specified in the AWS CloudFormation template.

Which solution will allow the DevOps Engineer to deploy the stack while providing the least privileges possible?

A company has hundreds of AWS accounts and has also created an organization in AWS Organizations to manage the accounts. The company wants a dashboard to seamlessly search, visualize, and analyze CloudWatch metrics data, logs data, and traces (from AWS X-Ray) from all the linked accounts into a single security and operations account. The solution should automatically onboard any new AWS accounts created later in the organization.

As a DevOps Engineer, what solution do you suggest to address the given requirements?

A DevOps engineer is currently involved in a data archival project where the task is to migrate on-premises data to an Amazon S3 bucket. The engineer has created a script that handles the incremental archiving of on-premises data, specifically transferring data older than 6 months to Amazon S3. As part of the process, the data is removed from the on-premises location after being successfully transferred using the S3 PutObject operation.

During a thorough code review, the DevOps engineer identified a crucial issue in the script. The script does not include any validation to confirm whether the data is copied to Amazon S3 without any corruption. To ensure data integrity throughout the transmission, the DevOps engineer needs to update the script accordingly. The new solution must use MD5 checksums to verify the data integrity before allowing the deletion of the on-premises data.

Considering these requirements, what modifications or solutions should the DevOps engineer implement in the script to ensure successful data transfer and integrity validation? (Select two)

A company uses multiple AWS accounts to help isolate and manage business applications. This multi-account environment consists of an AWS Transit Gateway to route all outbound traffic through a common network account. A firewall appliance inspects all traffic before it is forwarded to an internet gateway. The firewall appliance is configured to send logs to Amazon CloudWatch Logs for all events generated.

Recently, the security team has advised about probable illegal access of resources. As DevOps Engineer, you have been advised to configure an alert to the security team if the firewall appliance generates an event of Critical severity.

How should a DevOps engineer configure this requirement?

A company hosts all its web applications on Amazon EC2 instances. The company is looking for a security solution that will proactively detect software vulnerabilities and unintended network exposure of the instances. The solution should also include an audit trail of all login activities on the instances.

Which solution will meet these requirements?

Consider a multi-account setup within AWS Organizations where a company is running a data ingestion application on Amazon EC2 instances through several Auto Scaling groups. These instances lack internet access due to sensitive data handling, and VPC endpoints have been deployed accordingly. The application operates on a custom AMI designed specifically for its needs.

To effectively manage and troubleshoot the application, system administrators require automated and centralized login access to the EC2 instances. Additionally, the company's security team needs to be notified whenever such instances are accessed.

As an AWS Certified DevOps Engineer - Professional, what solution will you suggest to satisfy these requirements?

A support team wants to be notified via an Amazon Simple Notification Service (Amazon SNS) notification when an AWS Glue job fails a retry.

As a DevOps Engineer, how will you implement this requirement?

The flagship application at a company is deployed on Amazon EC2 instances running behind an Application Load Balancer (ALB) within an Auto Scaling group. A DevOps Engineer wants to configure a Blue/Green deployment for this application and has already created launch templates and Auto Scaling groups for both blue and green environments, each deploying to their respective target groups. The ALB can direct traffic to either environment's target group, and an Amazon Route 53 record points to the ALB. The goal is to enable an all-at-once transition of traffic from the software running on the blue environment's EC2 instances to the newly deployed software on the green environment's EC2 instances.

What steps should the DevOps Engineer take to fulfill these requirements?

A DevOps Engineer is working on multiple applications that need to be configured for Application Auto scaling, however, there are some application constraints to be addressed:

a) A serverless application is built on AWS Lambda with the following traffic pattern - The traffic for the application starts to increase on Wednesday, remains high on Thursday, and starts to decrease on Friday. b) Another flagship application runs on Spot Fleet. The CPU utilization of the fleet has to stay at around 50 percent when the load on the application changes.

Which of the following solutions can address these requirements? (Select two)

A multi-national company with hundreds of AWS accounts has slowly adopted AWS Organizations with all features enabled. The company has also configured a few Organization Units (OUs) to serve its business objectives. The company has some AWS Identity and Access Management (IAM) roles that need to be configured for every new AWS account created for the company. Also, the security policy mandates enabling AWS CloudTrail for all AWS accounts. The company is looking for an automated solution that can add the mandatory IAM Roles and CloudTrail configurations to all newly created accounts and also delete the resources/configurations when an account leaves the organization without manual intervention.

What should a DevOps engineer do to meet these requirements with the minimal overhead?

An application runs on a fleet of Amazon EC2 Windows instances configured with an Auto Scaling group (ASG). When scaling-in takes place in the ASG, the instances are terminated without notification. The application team wants to create an AMI and remove the Amazon EC2 Windows instance from its domain before terminating the scaled-in instances.

As a DevOps Engineer, which combination of steps will you choose to implement this requirement? (Select two)

A CloudFormation stack consists of the following AWS resources - Amazon Simple Storage Service (Amazon S3) bucket, Amazon Amazon Elastic Compute Cloud (Amazon EC2) instance, and an Amazon EBS Volume. Due to a high-impact security issue, the DevOps team has been asked to rename the AWS CloudFormation stack. However, the resources created by the stack cannot be deleted for business purposes.

What steps will you take to rename the CloudFormation stack without deleting the resources created?

A company is implementing AWS serverless architecture with Amazon API Gateway, AWS Lambda, and Amazon DynamoDB services. The company's existing users are primarily located in Europe and Asia-Pacific regions. The company is now looking for a quick-start solution that offers high reliability and low latency for a global user base across regions as its offerings are getting popular worldwide.

How will you implement this requirement?

A DevOps Engineer has been asked to chalk out a disaster recovery (DR) plan for a workload in production. The workload runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The EC2 instances are configured with an Auto Scaling group across multiple Availability Zones. Amazon Route 53 is configured to point to the ALB using an alias record. Amazon RDS for PostgreSQL DB instance is the database service. The draft DR plan mandates an RTO of three hours and an RPO of around 15 minutes.

Which Disaster Recovery (DR) strategy should the DevOps Engineer opt for a cost-effective solution?

A production environment has Amazon EC2 instances configured to log all application/system logs via the CloudWatch Logs agent that has been configured on all instances. The company has recently introduced a security policy that mandates terminating any Amazon EC2 instance accessed manually by a user other than the administrators within an hour. All the production instances are configured with Auto Scaling groups.

As a DevOps Engineer, how will you automate this process?