AWS Certified DevOps Engineer Professional (DOP-C02)

The AWS Certified DevOps Engineer Professional (DOP-C02) were last updated on today.

Viewing page 9 out of 136 pages.
Viewing questions 41-45 out of 680 questions

Disclaimers:

- ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.and Azure
- Trademarks, certification & product names are used for reference only and belong to Amazon.and Azure

Topic 1 - Exam A

Question #41 Topic 1

A company wants to use AWS CloudFormation for infrastructure deployment. The company has strict tagging and resource requirements and wants to limit the deployment to two Regions. Developers will need to deploy multiple versions of the same application. Which solution ensures resources are deployed in accordance with company policy?

A Create AWS Trusted Advisor checks to find and remediate unapproved CloudFormation StackSets.
B Create a Cloud Formation drift detection operation to find and remediate unapproved CloudFormation StackSets.
C Create CloudFormation StackSets with approved CloudFormation templates.
D Create AWS Service Catalog products with approved CloudFormation templates.

Suggested Answer: C
NOTE: Creating CloudFormation StackSets with approved CloudFormation templates ensures that resources are deployed in accordance with company policy. StackSets allow you to create, update, or delete stacks across multiple AWS accounts and Regions with a single CloudFormation template.

Question #42 Topic 1

An ecommerce company is looking for ways to deploy an application on AWS that satisfies the following requirements: • Has a simple and automated application deployment process. • Has minimal deployment costs while ensuring that at least half of the instances are available to receive end-user requests. • If the application fails, an automated healing mechanism will replace the affected instances. Which deployment strategy will meet these requirements?

A Create an AWS Elastic Beanstalk environment and configure it to use Auto Scaling and an Elastic Load Balancer. Use rolling deployments with a batch size of 50%.
B Create an AWS OpsWorks stack. Configure the application layer to use rolling deployments as a deployment strategy. Add an Elastic Load Balancing layer. Enable auto healing on the application layer.
C Use AWS CodeDeploy with Auto Scaling and an Elastic Load Balancer. Use the CodeDeployDefault.HalfAtAtime deployment strategy. Enable an Elastic Load Balancing health check to report the status of the application, and set the Auto Scaling health check to ELB.
D Use AWS CodeDeploy with Auto Scaling and an Elastic Load Balancer. Use a blue/green deployment strategy. Enable an Elastic Load Balancing health check to report the status of the application, and set the Auto Scaling health check to ELB.

Suggested Answer: A
NOTE: chose option A because it meets all the given requirements. AWS Elastic Beanstalk provides a simple and automated application deployment process. By configuring it to use Auto Scaling and an Elastic Load Balancer, it ensures that at least half of the instances are available to receive end-user requests. Rolling deployments with a batch size of 50% allow for automated healing by replacing the affected instances if the application fails.

Question #43 Topic 1

A DevOps engineer has automated a web service deployment by using AWS CodePipeline with the following steps: 1. An AWS CodeBuild project compiles the deployment artifact and runs unit tests. 2. An AWS CodeDeploy deployment group deploys the web service to Amazon EC2 instances in the staging environment. 3. A CodeDeploy deployment group deploys the web service to EC2 instances in the production environment. The quality assurance (QA) team requests permission to inspect the build artifact before the deployment to the production environment occurs. The QA team wants to run an internal penetration testing tool to conduct manual tests. The tool will be invoked by a REST API call. Which combination of actions should the DevOps engineer take to fulfill this request? (Choose two.)

A Insert a manual approval action between the test actions and deployment actions of the pipeline.
B Modify the buildspec.yml file for the compilation stage to require manual approval before completion.
C Update the CodeDeploy deployment groups so that they require manual approval to proceed.
D Update the pipeline to directly call the REST API for the penetration testing tool.
E Update the pipeline to invoke an AWS Lambda function that calls the REST API for the penetration testing tool.

Suggested Answer: AC
NOTE: The DevOps engineer should insert a manual approval action between the test actions and deployment actions of the pipeline (option A) to allow the QA team to inspect the build artifact before deployment. Additionally, the engineer should update the CodeDeploy deployment groups to require manual approval (option C) before proceeding with the deployment.

Question #44 Topic 1

A company must encrypt all AMIs that the company shares across accounts. A DevOps engineer has access to a source account where an unencrypted custom AMI has been built. The DevOps engineer also has access to a target account where an Amazon EC2 Auto Scaling group will launch EC2 instances from the AMI. The DevOps engineer must share the AMI with the target account. The company has created an AWS Key Management Service (AWS KMS) key in the source account. Which additional steps should the DevOps engineer perform to meet the requirements? (Choose three.)

A In the source account, copy the unencrypted AMI to an encrypted AMI. Specify the KMS key in the copy action.
B In the source account, copy the unencrypted AMI to an encrypted AMI. Specify the default Amazon Elastic Block Store (Amazon EBS) encryption key in the copy action.
C In the source account, create a KMS grant that delegates permissions to the Auto Scaling group service-linked role in the target account.
D In the source account, modify the key policy to give the target account permissions to create a grant. In the target account, create a KMS grant that delegates permissions to the Auto Scaling group service-linked role.
E In the source account, share the unencrypted AMI with the target account.
F In the source account, share the encrypted AMI with the target account.

Suggested Answer: ACE
NOTE: The DevOps engineer should perform the following steps: A. In the source account, copy the unencrypted AMI to an encrypted AMI and specify the KMS key in the copy action. This ensures that the AMI is encrypted before sharing it. C. In the source account, create a KMS grant that delegates permissions to the Auto Scaling group service-linked role in the target account. This allows the target account to use the KMS key to decrypt the AMI. E. In the source account, share the unencrypted AMI with the target account. This allows the target account to launch EC2 instances from the AMI.

Question #45 Topic 1

A DevOps engineer is planning to deploy a Ruby-based application to production. The application needs to interact with an Amazon RDS for MySQL database and should have automatic scaling and high availability. The stored data in the database is critical and should persist regardless of the state of the application stack. The DevOps engineer needs to set up an automated deployment strategy for the application with automatic rollbacks. The solution also must alert the application team when a deployment fails. Which combination of steps will meet these requirements? (Choose three.)

A Deploy the application on AWS Elastic Beanstalk. Deploy an Amazon RDS for MySQL DB instance as part of the Elastic Beanstalk configuration.
B Deploy the application on AWS Elastic Beanstalk. Deploy a separate Amazon RDS for MySQL DB instance outside of Elastic Beanstalk.
C Configure a notification email address that alerts the application team in the AWS Elastic Beanstalk configuration.
D Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to monitor AWS Health events. Use an Amazon Simple Notification Service (Amazon SNS) topic as a target to alert the application team.
E Use the immutable deployment method to deploy new application versions.
F Use the rolling deployment method to deploy new application versions.

Suggested Answer: ACD
NOTE: The correct combination of steps to meet the requirements are A, C, and D. A: Deploying the application on AWS Elastic Beanstalk and deploying an Amazon RDS for MySQL DB instance as part of the Elastic Beanstalk configuration ensures automatic scaling and high availability of the application along with the persistence of the critical data in the database. C: Configuring a notification email address in the AWS Elastic Beanstalk configuration allows the application team to be alerted when a deployment fails. D: Configuring an Amazon EventBridge rule to monitor AWS Health events and using an Amazon Simple Notification Service topic as a target enables the application team to be alerted when a deployment fails.