AMAZON DOP-C01 EXAM DUMPS

leads4pass has updated the latest valid Amazon DOP-C01 exam questions and answers. All exam questions have been verified to ensure successful passing of the exam.
leads4pass DOP-C01 dumps https://www.leads4pass.com/aws-devops-engineer-professional.html (Total Questions: 537 Q&A). With many years of exam experience, 99.5% of the exam pass rate.
You can experience part of the exam practice questions shared by leads4pass online for free.

Free share part of Amazon DOP-C01 exam pdf

The free Amazon DOP-C01 exam PDF is shared from leads4pass. You can download the practice online. To get the complete Amazon DOP-C01 exam questions and answers, please choose leads4pass.
We update all exam questions and answers in real-time throughout the year to ensure immediate validity.

Amazon DOP-C01 exam practice questions and answers come from leads4pass and share a part for free

QUESTION 1

An online company uses Amazon EC2 Auto Scaling extensively to provide an excellent customer
experience while minimizing the number of running EC2 instances. The company\’s self-hosted Puppet
environment in the application layer manages the configuration of the instances. The IT manager wants the
lowest licensing costs and wants to ensure that whenever the EC2 Auto Scaling group scales down,
removed EC2 instances are deregistered from the Puppet master as soon as possible.
How can the requirement be met?

A. At instance launch time, use EC2 user data to deploy the AWS CodeDeploy agent. Use CodeDeploy to install the
Puppet agent. When the Auto Scaling group scales out, run a script to register the newly deployed instances to the
Puppetmaster. When the Auto Scaling group scales in, use the EC2 Auto Scaling
EC2_INSTANCE_TERMINATINGlifecycle hook to trigger de-registration from the Puppet master.

B. Bake the AWS CodeDeploy agent into the base AMI. When the Auto Scaling group scales out, use CodeDeploy to
install the Puppet agent, and execute a script to register the newly deployed instances to the Puppet master. When the
Auto Scaling group scales in, use the CodeDeploy ApplicationStop lifecycle hook to run a script to de-register the
instance from the Puppet master.

C. At instance launch time, use EC2 user data to deploy the AWS CodeDeploy agent. When the Auto Scaling group
scales out, use CodeDeploy to install the Puppet agent, and run a script to register the newly deployed instances to the
Puppetmaster. When the Auto Scaling group scales in, use the EC2 user data instance stop script to run a script to deregister the instance from the Puppet master.

D. Bake the AWS Systems Manager agent into the base AMI. When the Auto Scaling group scales out, use the AWS
Systems Manager to install the Puppet agent, and run a script to register the newly deployed instances to the Puppet
master. When the Auto Scaling group scales in, use the Systems Manager instance stop lifecycle hook to run a script to
de-register the instance from the Puppet master.

Correct Answer: A

QUESTION 2

A development team is using AWS CodeCommit to version control application code and AWS CodePipeline to
orchestrate software deployments. The team has decided to use a remote master branch as the trigger for the pipeline
to integrate code changes. A developer has pushed code changes to the CodeCommit repository but noticed that the
pipeline had no reaction, even after 10 minutes.
Which of the following actions should be taken to troubleshoot this issue?

A. Check that an Amazon CloudWatch Events rule has been created for the master branch to trigger the pipeline.

B. Check that the CodePipeline service role has permission to access the CodeCommit repository.

C. Check that the developer\’s IAM role has permission to push to the CodeCommit repository.

D. Check to see if the pipeline failed to start because of CodeCommit errors in Amazon CloudWatch Logs.

Correct Answer: A

QUESTION 3

Which of these is not a Pseudo Parameter in AWS CloudFormation?

A. AWS::StackName

B. AWS::AccountId

C. AWS::StackArn

D. AWS::NotificationARNs

Correct Answer: C

Explanation:
This is the complete list of Pseudo Parameters: AWS::AccountId, AWS::NotificationARNs, AWS::NoValue,
AWS::Region, AWS::StackId, AWS::StackName.

Reference:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/pseudo-parameterreference.html

QUESTION 4

Your application uses Amazon SQS and Auto Scaling to process background jobs. The Auto Scaling policy is based on
the number of messages in the queue, with a maximum Instance count of 100. Since the
application was launched, the group has never scaled above 50. The Auto Scaling group has now scaled
to 100, the queue size is increasing, and very few Jobs are being completed. The number of messages
being sent to the queue is at normal levels.
What should you do to identify why the queue size is unusually high, and to reduce it?

A. Temporarily increase the Auto Scaling group\’s desired value to 200. When the queue size has been reduced,
reduce it to 50.

B. Analyze the application logs to identify possible reasons for message processing failure and resolve the cause for
failures.

C. Create additional Auto Scaling groups, enabling the processing of the queue to be performed in parallel.

D. Analyze CloudTrail logs for Amazon SQS to ensure that the instances\’ Amazon EC2 role has permission to receive
messages from the queue.

Correct Answer: B

QUESTION 5

A DevOps engineer wants to find a solution to migrate an application from on-premises to AWS. The application is
running on Linux and needs to run on specific versions of Apache Tomcat, HAProxy, and Varnish Cache to function
properly. The application\’s operating system-level parameters require tuning. The solution must include a way to
automate the deployment of new application versions. The infrastructure should be scalable and faulty servers should
be replaced automatically.
Which solution should the DevOps engineer use?

A. Upload the application as a Docker image that contains all the necessary software to Amazon ECR. Create an
Amazon ECS cluster using an AWS Fargate launch type and an Auto Scaling group. Create an AWS CodePipeline
a pipeline that uses Amazon ECR as a source and Amazon ECS as a deployment provider.

B. Upload the application code to an AWS CodeCommit repository with a saved configuration file to configure and install the software. Create an AWS Elastic Beanstalk web server tier and a load balanced-type environment that uses the Tomcat solution stack. Create an AWS CodePipeline pipeline that uses CodeCommit as a source and Elastic Beanstalk as a deployment provider.

C. Upload the application code to an AWS CodeCommit repository with a set of .ebextensions files to configure and
install the software. Create an AWS Elastic Beanstalk worker tier environment that uses the Tomcat solution stack.
Create an AWS CodePipeline pipeline that uses CodeCommit as a source
and Elastic Beanstalk as a deployment provider.

D. Upload the application code to an AWS CodeCommit repository with an appspec.yml file to configure and install the
necessary software. Create an AWS CodeDeploy deployment group associated with an Amazon EC2 Auto Scaling
group. Create an AWS CodePipeline pipeline that uses CodeCommit as a source and CodeDeploy as a deployment
provider.

Correct Answer: A

QUESTION 6

An Amazon EC2 instance with no internet access is running in a Virtual Private Cloud (VPC) and needs to
download an object from a restricted Amazon S3 bucket. When the DevOps Engineer tries to gain access
to the object, an AccessDenied error is received.
What are the possible causes for this error? (Choose three.)

A. The S3 bucket default encryption is enabled.

B. There is an error in the S3 bucket policy.

C. There is an error in the VPC endpoint policy.

D. The object has been moved to Amazon Glacier.

E. There is an error in the IAM role configuration.

F. S3 versioning is enabled.

Correct Answer: BCE
Reference: https://aws.amazon.com/premiumsupport/knowledge-center/s3-403-upload-bucket/

QUESTION 7

An IT department manages a portfolio with Windows and Linux (Amazon and Red Hat Enterprise Linux)
servers both on-premises and on AWS. An audit reveals that there is no process for updating OS and core
application patches and that the servers have inconsistent patch levels.
Which of the following provides the MOST reliable and consistent mechanism for updating and maintaining
all servers at the recent OS and core application patch levels?

A. Install AWS Systems Manager agent on all on-premises and AWS servers. Create Systems Manager Resource
Groups. Use Systems Manager Patch Manager with a preconfigured patch baseline to run scheduled patch updates
during maintenance windows.

B. Install the AWS OpsWorks agent on all on-premises and AWS servers. Create an OpsWorks stack with separate
layers for each operating system, and get a recipe from the Chef supermarket to run the patch commands for each layer during maintenance windows.

C. Use a shell script to install the latest OS patches on the Linux servers using yum and schedule it to run automatically
using cron. Use Windows Update to automatically patch Windows servers.

D. Use AWS Systems Manager Parameter Store to securely store credentials for each Linux and Windows server.
Create Systems Manager Resource Groups. Use the Systems Manager Run Command to remotely deploy the patch
updates using the credentials in Systems Manager Parameter Store

Correct Answer: D

QUESTION 8

You are building a mobile app for consumers to post cat pictures online. You will be storing the images in AWS S3. You
want to run the system very cheaply and simply. Which one of these options allows you to build a photo-sharing
application without needing to worry about scaling expensive uploads processes, authentication/authorization, and so
forth?

A. Build the application out using AWS Cognito and web identity federation to allow users to log in using Facebook or
Google Accounts. Once they are logged in, the secret token passed to that user is used to directly access resources on
AWS, like AWS S3.

B. Use JWT or SAML compliant systems to build authorization policies. Users log in with a username and password
and are given a token they can use indefinitely to make calls against the photo infrastructure.

C. Use AWS API Gateway with a constantly rotating API Key to allow access from the client-side. Construct a custom
build of the SDK and include S3 access in it.

D. Create an AWS oAuth Service Domain ad grant public signup and access to the domain. During setup, add at least
one major social media site as a trusted Identity Provider for users.

Correct Answer: A

The short answer is that Amazon Cognito is a superset of the functionality provided by the web identity federation. It
supports the same providers, and you configure your app and authenticate with those providers in the same way. But
Amazon Cognito includes a variety of additional features. For example, it enables your users to start using the app as a
guest user and later sign in using one of the supported identity providers.

Reference:

https://blogs.aws.amazon.com/security/post/Tx3SYCORF5EKRC0/How-Does-Amazon-Cognito-Relate-to Existing-WebIdentity-Federatio

QUESTION 9

Company policies require that information about the IP traffic going between instances in the production
Amazon VPC is captured. The capturing mechanism must always be enabled and the Security team must
be notified when any changes in configuration occur.
What should be done to ensure that these requirements are met?

A. Using the UserData section of an AWS CloudFormation template, install TCP dump on every provisioned Amazon EC2
instance. The output of the tool is sent to Amazon EFS for aggregation and querying. In addition, scheduling an Amazon CloudWatch Events rule calls an AWS Lambda function to check whether the TCP dump is up and running and sends an email to the security organization when there is an exception.

B. Create a flow log for the production VPC and assign an Amazon S3 bucket as a destination for delivery. Using
Amazon S3 Event Notification sets up an AWS Lambda function that is triggered when a new log file gets delivered. This Lambda function updates an entry in Amazon DynamoDB, which is periodically checked by scheduling an Amazon
CloudWatch Events rule to notify security when logs have not arrived.

C. Create a flow log for the production VPC. Create a new rule using AWS Config that is triggered by configuration
changes of resources of type ‘EC2:VPC’. As part of configuring the rule, create an AWS Lambda function that looks up-flow logs for a given VPC. If the VPC flow logs are not configured, return a ‘NON_COMPLIANT’ status and notify the
security organization.

D. Configure a new trail using AWS CloudTrail service. Using the UserDatasection of an AWS CloudFormation
template, install a TCP dump on every provisioned Amazon EC2 instance. Connect Amazon Athena to the CloudTrail and
write an AWS Lambda function that monitors for a flow log to disable the event. Once the CloudTrail entry has been spotted, alert the security organization.

Correct Answer: C

QUESTION 10

A company runs an application with an Amazon EC2 and on-premises configuration. A DevOps Engineer needs to
standardize patching across both environments. Company policy dictates that patching only happens during non-business hours. Which combination of actions will meet these requirements? (Choose three.)

A. Add the physical machines into AWS Systems Manager using Systems Manager Hybrid Activations.

B. Attach an IAM role to the EC2 instances, allowing them to be managed by AWS Systems Manager.

C. Create IAM access keys for the on-premises machines to interact with AWS Systems Manager.

D. Execute an AWS Systems Manager Automation document to patch the systems every hour.

E. Use Amazon CloudWatch Events scheduled events to schedule a patch window.

F. Use AWS Systems Manager Maintenance Windows to schedule a patch window.

Correct Answer: ABF

QUESTION 11

A DevOps Engineer uses Docker container technology to build an image-analysis application. The application often
sees spikes in traffic. The Engineer must automatically scale the application in response to customer demand while
maintaining cost-effectiveness and minimizing any impact on availability. What will allow the FASTEST response to
spikes in traffic while fulfilling the other requirements?

A. Create an Amazon ECS cluster with the container instances in an Auto Scaling group. Configure the ECS service to
use Service Auto Scaling. Set up Amazon CloudWatch alarms to scale the ECS service and cluster.

B. Deploy containers on an AWS Elastic Beanstalk Multicontainer Docker environment. Configure Elastic Beanstalk to
automatically scale the environment based on Amazon CloudWatch metrics.

C. Create an Amazon ECS cluster using Spot Instances. Configure the ECS service to use Service Auto
Scaling. Set up Amazon CloudWatch alarms to scale the ECS service and cluster.

D. Deploy containers on Amazon EC2 instances. Deploy a container scheduler to schedule containers onto EC2
instances. Configure EC2 Auto Scaling for EC2 instances based on available Amazon CloudWatch metrics.

Correct Answer: B

QUESTION 12

A DevOps Engineer must track the health of a stateless RESTful service sitting behind a Classic ILoad Balancer. The
deployment of new application revisions is through a CI/CD pipeline. If the service\’s latency increases beyond a
defined threshold, deployment should be stopped until the service has recovered.
Which of the following methods allow for the QUICKEST detection time?

A. Use Amazon CloudWatch metrics provided by Elastic Load Balancing to calculate average latency. Alarm and stop
deployment when latency increases beyond the defined threshold.

B. Use AWS Lambda and Elastic Load Balancing access logs to detect average latency. Alarm and stop deployment
when latency increases beyond the defined threshold.

C. Use AWS CodeDeploy\’s MinimumHealthyHosts setting to define thresholds for rolling back deployments. If these
thresholds are breached, roll back the deployment.

D. Use Metric Filters to parse application logs in Amazon CloudWatch Logs. Create a filter for latency. Alarm and stop
deployment when latency increases beyond the defined threshold.

Correct Answer: C

QUESTION 13

Your company currently runs a large multi-tier web application. One component is an API service that all other
components of your application rely on to perform read/write operations. This service must have high availability and
zero downtime during deployments. Which technique should you use to provide cost-effective, zero-downtime
deployments for this component?

A. Use an AWS CloudFormation template to re-deploy your application behind a load balancer, and launch a new AWS
CloudFormation stack during each deployment. Update your load balancer to send traffic to the new stack, and then
deploy your software. Leave your old stacks running, and tag their resources with the version for rollback.

B. Re-deploy your application on Elastic Beanstalk. During deployment, create a new version of your application, and
create a new environment running that version in Elastic BeanStalk. Finally, take advantage of the Elastic Beanstalk
Swap CNAME operation to switch to the new environment.

C. Re-deploy your application behind a load balancer that uses Auto Scaling groups. Create a new identical Auto
Scaling group and associate it to your Amazon Route53 zone. Configure Amazon Route53 to auto-weight traffic over to the new Auto Scaling group when all instances are marked as healthy.

D. Re-deploy your application behind a load balancer using an AWS OpsWorks stack and use AWS OpsWorks stack
versioning, during deployment, create a new version of your application, tell AWS OpsWorks to launch the new version
behind your load balancer, and when the new version is launched, terminate the old AWS OpsWorks stack.

Correct Answer: B


Summarize:

The free Amazon DOP-C01 exam practice questions come from a part of the real exam room. You can experience part of the exam content first. Get the complete DOP-C01 exam dumps at https://www.leads4pass.com/aws-devops-engineer-professional.html (PDF + VCE) to help you successfully pass the exam.
leads4pass has two learning modes: PDF and VCE. You can choose according to your preferences.

ps. The free Amazon DOP-C01 exam PDF is shared from leads4pass. You can download the practice online. To get the complete Amazon DOP-C01 exam questions and answers, please choose leads4pass.
We update all exam questions and answers in real-time throughout the year to ensure immediate validity.