Discount Offer! Use Coupon Code to get 20% OFF DO2022
Our DOP-C01 dumps are key to get access. More than 4445+ satisfied customers.
Customers Passed DOP-C01 Exam Today
Maximum Passing Score in Real DOP-C01 Exam
Guaranteed Questions came from our DOP-C01 dumps
A DevOps Engineer just joined a new company that is already running workloads onAmazon EC2 instances. AWS has been adopted incrementally with no central governance.The Engineer must now assess how well the existing deployments comply with thefollowing requirements:*EC2 instances are running only approved AMIs.*Amazon EBS volumes are encrypted.*EC2 instances have an Owner tag.*Root login over SSH is disabled on EC2 instances.Which services should the Engineer use to perform this assessment with the LEASTamount of effort? (Select TWO.)
A. AWS Config
B. Amazon GuardDuty
C. AWS System Manager
D. AWS Directory Service
E. Amazon Inspector
A company's application is currently deployed to a single AWS Region. Recently, the company opened a new office on a different continent. The users in the new office are experiencing high latency. The company's application runs on Amazon EC2 instances behind an Application Load Balancer (ALB) and uses Amazon DynamoDB as the database layer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. A DevOps Engineer is tasked with minimizing application response times and improving availability for users in both Regions.Which combination of actions should be taken to address the latency issues? (Choose three.)
A. Create a new DynamoDB table in the new Region with cross-Region replication enabled.
B. Create new ALB and Auto Scaling group global resources and configure the new ALB todirect traffic to the new Auto Scaling group.
C. Create new ALB and Auto Scaling group resources in the new Region and configure thenew ALB to direct traffic to the new Auto Scaling group.
D. Create Amazon Route 53 records, health checks, and latency-based routing policies toroute to the ALB.
E. Create Amazon Route 53 aliases, health checks, and failover routing policies to route to the ALB.
F. Convert the DynamoDB table to a global table.
A company has multiple child accounts that are part of an organization in AWS Organizations. The security team needs to review every Amazon EC2 security group and their inbound and outbound rules. The security team wants to programmatically retrieve this information from the child accounts using an AWS Lambda function in the master account of the organization. Which combination of access changes will meet these requirements? (Select THREE.)
A. Create a trust relationship that allows users in the child accounts to assume the masteraccount IAM role.
B. Create a trust relationship that allows users in the master account to assume the IAMroles of the child accounts.
C. Create an IAM role in each child account that has access to theAmazonEC2ReadOnlyAccess managed policy.
D. Create an IAM role in each child account to allow the sts:AssumeRole action against themaster account IAM role's ARN.
E. Create an IAM role in the master account that allows the sts:AssumeRole action againstthe child account IAM role's ARN.
F. Create an IAM role in the master account that has access to theAmazonEC2ReadOnlyAccess managed policy.
An Information Security policy requires that all publicly accessible systems be patched with critical OS security patches within 24 hours of a patch release. All instances are tagged with the Patch Group key set to 0. Two new AWS Systems Manager patch baselines for Windows and Red Hat Enterprise Linux (RHEL) with zero-day delay for security patches of critical severity were created with an auto-approval rule. Patch Group 0 has been associated with the new patch baselines. Which two steps will automate patch compliance and reporting? (Select TWO.)
A. Create an AWS Systems Manager Maintenance Window and add a target with PatchGroup 0. Add a task that runs the AWS-InstallWindowsUpdates document with a dailyschedule.
B. Create an AWS Systems Manager Maintenance Window with a daily schedule and adda target with Patch Group 0. Add a task that runs the AWS-RunPatchBaseline documentwith the Install action.
C. Create an AWS Systems Manager State Manager configuration. Associate the AWSRunPatchBaseline task with the configuration and add a target with Patch Group 0.
D. Create an AWS Systems Manager Maintenance Window and add a target with PatchGroup 0. Add a task that runs the AWS-ApplyPatchBaseline document with a dailyschedule.
E. Use the AWS Systems Manager Run Command to associate the AWSApplyPatchBaseline document with instances tagged with Patch Group 0.
A company runs an application with an Amazon EC2 and on-premises configuration. ADevOps engineer needs to standardize patching across both environments. Companypolicy dictates that patching only happens during non-business hours.Which combination of actions will meet these requirements? (Select THREE.)
A. Add the physical machines into AWS Systems Manager using Systems Manager Hybrid
B. Attach an IAM role to the EC2 instances, allowing them to be managed by AWSSystems Manager.
C. Create IAM access keys for the on-premises machines to interact with AWS SystemsManager.
D. Execute an AWS Systems Manager Automation document to patch the systems everyhour.
E. Use Amazon CloudWatch Events scheduled events to schedule a patch window.
F. Use AWS Systems Manager Maintenance Windows to schedule a patch window.
An Application team has three environments for their application: development, preproduction, and production. The team recently adopted AWS CodePipeline.However, the team has had several deployments of misconfigured or nonfunctionaldevelopment code into the production environment, resulting in user disruption and downtime. The DevOps Engineer must review the pipeline and add steps to identifyproblems with the application before it is deployed.What should the Engineer do to identify functional issues during the deployment process?(Choose two.)
A. Use Amazon Inspector to add a test action to the pipeline. Use the Amazon InspectorRuntime Behavior Analysis Inspector rules package to check that the deployed codecomplies with company security standards before deploying it to production.
B. Using AWS CodeBuild to add a test action to the pipeline to replicate common useractivities and ensure that the results are as expected before progressing to productiondeployment.
C. Create an AWS CodeDeploy action in the pipeline with a deployment configuration thatautomatically deploys the application code to a limited number of instances. The actionthen pauses the deployment so that the QA team can review the application functionality.When the review is complete, CodeDeploy resumes and deploys the application to theremaining production Amazon EC2 instances.
D. After the deployment process is complete, run a testing activity on an Amazon EC2instance in a different region that accesses the application to simulate user behavior. Ifunexpected results occur, the testing activity sends a warning to an Amazon SNS topic.Subscribe to the topic to get updates.
E. Add an AWS CodeDeploy action in the pipeline to deploy the latest version of thedevelopment code to pre-production. Add a manual approval action in the pipeline so thatthe QA team can test and confirm the expected functionality. After the manual approvalaction, add a second CodeDeploy action that deploys the approved code to the productionenvironment.
A Development team is working on a serverless application in AWS. To quickly identify and remediate potential production issues, the team decides to roll out changes to a small number of users as a test before the full release. The DevOps Engineer must develop asolution to minimize downtime and impact.Which of the following solutions should be used to meet the requirements? (Select TWO.)
A. Create an Application Load Balancer with two target groups. Set up the Application LoadBalancer for Amazon API Gateway private integration. Associate one target group to thecurrent version and the other target group to the new version. Configure API Gateway toroute 10% of incoming traffic to the new version. As the new version becomes stable,configure API Gateway to send all traffic to the new version and detach the old versionfrom the load balancer.
B. Create an alias for an AWS Lambda function pointing to both the current and newversions. Configure the alias to route 10% of incoming traffic to the new version. As thenew version is considered stable, update the alias to route all traffic to the new version.
C. Create a failover record set in AWS Route 53 pointing to the AWS Lambda endpoints forthe old and new versions. Configure Route 53 to route 10% of incoming traffic to the newversion. As the new version becomes stable, update the DNS record to route all traffic tothe new version.
D. Create an ELB Network Load Balancer with two target groups. Set up the Network LoadBalancer for Amazon API Gateway private integration Associate one target group with thecurrent version and the other target group with the new version. Configure the loadbalancer to route 10% of incoming traffic to the new version. As the new version becomesstable, detach the old version from the load balancer.
E. In Amazon API Gateway, create a canary release deployment by adding canary settingsto the stage of a regular deployment. Configure API Gateway to route 10% of the incomingtraffic to the canary release. As the canary release is considered stable, promote it to aproduction release.
A DevOps engineer needs to back up sensitive Amazon S3 objects that are stored withinan S3 bucket with a private bucket policy using S3 cross-Region replication functionality.The objects need to be copied to a target bucket In a different AWS Region and account.Which combination of actions should be performed to enable this replication? (Select THREE.)
A. Create a replication IAM role in the source account.
B. Create a replication IAM role in the target account.
C. Add statements to the source bucket policy allowing the replication IAM role to replicate objects
D. Add statements to the target bucket policy allowing the replication IAM role to replicate objects.
E. Create a replication rule in the source bucket to enable the replication.
F. Create a replication rule in the target bucket to enable the replication
A DevOps engineer is troubleshooting deployments to a new application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. Instances sometimes come online before they are ready, which is leading to increased error rates among users. The current health check configuration gives instances a 60-second grace period and considersinstances healthy after two 200 response codes from /index.php, a page that may respondintermittently during the deployment process. The development team wants instances tocome online as soon as possible.Which strategy would address this issue?
A. Increase the instance grace period from 60 seconds to 180 seconds, and theconsecutive health check requirement from 2 to 3.
B. Increase the instance grace period from 60 seconds to 120 seconds, and change theresponse code requirement from 200 to 204.
C. Modify the deployment script to create a /health-check.php file when the deploymentbegins, then modify the health check path to point to that file.
D. Modify the deployment script to create a /health-check.php file when all tasks arecomplete, then modify the health check path to point to that file.
A company wants to use AWS Systems Manager documents to bootstrap physical laptopsfor developers. The bootstrap code is stored in GitHub. A DevOps engineer has alreadycreated a Systems Manager activation, installed the Systems Manager agent with theregistration code, and installed an activation ID on all the laptops.Which set of steps should be taken next?
A. Configure the Systems Manager document to use the AWS-RunShellScript command tocopy the files from GitHub to Amazon S3, then use the aws-downloadContent plugin with asource Type of S3.
B. Configure the Systems Manager document to use the aws-configurePackage plugin withan install action and point to the Git repository.
C. Configure the Systems Manager document to use the aws-downloadContent plugin witha sourceType of GitHub and sourcelnfo with the repository details.
D. Configure the Systems Manager document to use the aws:softwarelnventory plugin andrun the script from the Git repository.