AWS Certified DevOps Engineer Professional (DOP-C02)

The AWS Certified DevOps Engineer Professional (DOP-C02) were last updated on today.

Viewing page 3 out of 136 pages.
Viewing questions 11-15 out of 680 questions

Disclaimers:

- ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.and Azure
- Trademarks, certification & product names are used for reference only and belong to Amazon.and Azure

Topic 1 - Exam A

Question #11 Topic 1

A company has chosen AWS to host a new application. The company needs to implement a multi-account strategy. A DevOps engineer creates a new AWS account and an organization in AWS Organizations. The DevOps engineer also creates the OU structure for the organization and sets up a landing zone by using AWS Control Tower. The DevOps engineer must implement a solution that automatically deploys resources for new accounts that users create through AWS Control Tower Account Factory. When a user creates a new account, the solution must apply AWS CloudFormation templates and SCPs that are customized for the OU or the account to automatically deploy all the resources that are attached to the account. All the OUs are enrolled in AWS Control Tower. Which solution will meet these requirements in the MOST automated way?

A Use AWS Service Catalog with AWS Control Tower. Create portfolios and products in AWS Service Catalog. Grant granular permissions to provision these resources. Deploy SCPs by using the AWS CLI and JSON documents.
B Deploy CloudFormation stack sets by using the required templates. Enable automatic deployment. Deploy stack instances to the required accounts. Deploy a CloudFormation stack set to the organization’s management account to deploy SCPs.
C Create an Amazon EventBridge rule to detect the CreateManagedAccount event. Configure AWS Service Catalog as the target to deploy resources to any new accounts. Deploy SCPs by using the AWS CLI and JSON documents.
D Deploy the Customizations for AWS Control Tower (CfCT) solution. Use an AWS CodeCommit repository as the source. In the repository, create a custom package that includes the CloudFormation templates and the SCP JSON documents.

Suggested Answer: B
NOTE: Deploying CloudFormation stack sets by using the required templates, enabling automatic deployment, and deploying stack instances to the required accounts is the most automated solution. It allows for the automatic deployment of resources and SCPs to all new accounts created through AWS Control Tower Account Factory.

Question #12 Topic 1

A DevOps team manages an API running on-premises that serves as a backend for an Amazon API Gateway endpoint. Customers have been complaining about high response latencies, which the development team has verified using the API Gateway latency metrics in Amazon CloudWatch. To identify the cause, the team needs to collect relevant data without introducing additional latency. Which actions should be taken to accomplish this? (Choose two.)

A Install the CloudWatch agent server side and configure the agent to upload relevant logs to CloudWatch.
B Enable AWS X-Ray tracing in API Gateway, modify the application to capture request segments, and upload those segments to X-Ray during each request.
C Enable AWS X-Ray tracing in API Gateway, modify the application to capture request segments, and use the X-Ray daemon to upload segments to X-Ray.
D Modify the on-premises application to send log information back to API Gateway with each request.
E Modify the on-premises application to calculate and upload statistical data relevant to the API service requests to CloudWatch metrics.

Suggested Answer: AB
NOTE: To collect relevant data without introducing additional latency, the DevOps team can take two actions. First, they can install the CloudWatch agent server-side and configure it to upload relevant logs to CloudWatch (option A). This will allow them to collect data on server-side activities without impacting the API performance. Second, they can enable AWS X-Ray tracing in API Gateway and modify the application to capture request segments, uploading those segments to X-Ray during each request (option B). This will provide detailed insights into the latency of each request without introducing additional latency.

Question #13 Topic 1

A company requires that its internally facing web application be highly available. The architecture is made up of one Amazon EC2 web server instance and one NAT instance that provides outbound internet access for updates and accessing public data. Which combination of architecture adjustments should the company implement to achieve high availability? (Choose two.)

A Add the NAT instance to an EC2 Auto Scaling group that spans multiple Availability Zones. Update the route tables.
B Create additional EC2 instances spanning multiple Availability Zones. Add an Application Load Balancer to split the load between them.
C Configure an Application Load Balancer in front of the EC2 instance. Configure Amazon CloudWatch alarms to recover the EC2 instance upon host failure.
D Replace the NAT instance with a NAT gateway in each Availability Zone. Update the route tables.
E Replace the NAT instance with a NAT gateway that spans multiple Availability Zones. Update the route tables.

Suggested Answer: AD
NOTE: The company should add the NAT instance to an EC2 Auto Scaling group that spans multiple Availability Zones and update the route tables to achieve high availability. Additionally, they should replace the NAT instance with a NAT gateway in each Availability Zone and update the route tables.

Question #14 Topic 1

A development team is using AWS CodeCommit to version control application code and AWS CodePipeline to orchestrate software deployments. The team has decided to use a remote main branch as the trigger for the pipeline to integrate code changes. A developer has pushed code changes to the CodeCommit repository, but noticed that the pipeline had no reaction, even after 10 minutes. Which of the following actions should be taken to troubleshoot this issue?

A Check that an Amazon EventBridge rule has been created for the main branch to trigger the pipeline.
B Check that the CodePipeline service role has permission to access the CodeCommit repository.
C Check that the developer’s IAM role has permission to push to the CodeCommit repository.
D Check to see if the pipeline failed to start because of CodeCommit errors in Amazon CloudWatch Logs.

Suggested Answer: D
NOTE: The developer should check if the pipeline failed to start because of CodeCommit errors in Amazon CloudWatch Logs. If there are any errors in the logs, it could indicate a problem with the CodeCommit repository or the connection between CodeCommit and CodePipeline.

Question #15 Topic 1

A video-sharing company stores its videos in Amazon S3. The company has observed a sudden increase in video access requests, but the company does not know which videos are most popular. The company needs to identify the general access pattern for the video files. This pattern includes the number of users who access a certain file on a given day, as well as the number of pull requests for certain files. How can the company meet these requirements with the LEAST amount of effort?

A Activate S3 server access logging. Import the access logs into an Amazon Aurora database. Use an Aurora SQL query to analyze the access patterns.
B Activate S3 server access logging. Use Amazon Athena to create an external table with the log files. Use Athena to create a SQL query to analyze the access patterns.
C Invoke an AWS Lambda function for every S3 object access event. Configure the Lambda function to write the file access information, such as user. S3 bucket, and file key, to an Amazon Aurora database. Use an Aurora SQL query to analyze the access patterns.
D Record an Amazon CloudWatch Logs log message for every S3 object access event. Configure a CloudWatch Logs log stream to write the file access information, such as user, S3 bucket, and file key, to an Amazon Kinesis Data Analytics for SQL application. Perform a sliding window analysis.

Suggested Answer: B
NOTE: chose option B because it is the most efficient and cost-effective solution. By activating S3 server access logging, the company can easily capture the access logs. Using Amazon Athena, they can create an external table with the log files and conduct SQL queries to analyze the access patterns without the need for additional infrastructure or data migration.