• Home
  • Articles
  • [Q29-Q53] Tested Material Used To DOP-C01 Test Engine Exam Questions in here [Dec-2021]

[Q29-Q53] Tested Material Used To DOP-C01 Test Engine Exam Questions in here [Dec-2021]

Share

Tested Material Used To DOP-C01 Test Engine Exam Questions in here [Dec-2021]

Penetration testers simulate DOP-C01 exam PDF


Prerequisites

Before pursuing the Amazon AWS Certified DevOps Engineer – Professional certification, it is important to make sure that you are the right person for this path. All the Amazon certificates are designed for the specific individuals, so you must fall into this category of people. Otherwise, you will have a tough time passing the associated exam.

The potential candidates for this professional-level certificate are those individuals who perform the DevOps Engineer role. They should have at least 2 years of working experience in managing, operating, and provisioning the AWS environments. Besides that, the test takers should have expertise in coding at least one high-level programming language and possess a good understanding of the latest methodologies, processes, operations, and development.


Amazon AWS Certified DevOps Engineer – Professional: Exam Overview

The exam that you need to take is Amazon DOP-C01. It is a 180-minute test with about 80 questions of different formats. The types you can run into include multiple choice and multiple answer. The score that you need to have after you finish the exam can be ranged between 100 and 1000, but you should get at least 750 points to obtain the certification.

The DOP-C01 test is available for the candidates in several languages. Thus, you can choose to go for Simplified Chinese, Korean, Japanese, or English. It is also important to know that the exam will cost you $300. There is also an opportunity to try a practice option for $40 before going for the actual test.

 

NEW QUESTION 29
Your application uses Cloud Formation to orchestrate your application's resources. During your testing phase before the application went live, your Amazon RDS instance type was changed and caused the instance to be re-created, resulting In the loss of test data. How should you prevent this from occurring in the future?

  • A. Within the AWS CloudFormation parameter with which users can select the Amazon RDS instance type, set AllowedValues to only contain the current instance type.
  • B. In the AWS CloudFormation template, set the AWS::RDS::DBInstance's DBInstanceClass property to be read-only.
  • C. Update the stack using ChangeSets
  • D. Subscribe to the AWS CloudFormation notification "BeforeResourcellpdate," and call CancelStackUpdate if the resource identified is the Amazon RDS instance.
  • E. Use an AWS CloudFormation stack policy to deny updates to the instance. Only allow UpdateStack permission to 1AM principals that are denied SetStackPolicy.

Answer: C

Explanation:
Explanation
When you need to update a stack, understanding how your changes will affect running resources before you implement them can help you update stacks with confidence. Change sets allow you to preview how proposed changes to a stack might impact your running resources, for example, whether your changes will delete or replace any critical resources, AWS CloudFormation makes the changes to your stack only when you decide to execute the change set, allowing you to decide whether to proceed with your proposed changes or explore other changes by creating another change set For example, you can use a change set to verify that AWS CloudFormation won't replace your stack's database instances during an update.

 

NEW QUESTION 30
You need to create a simple, holistic check for your system's general availablity and uptime. Your system presents itself as an HTTP-speaking API. What is the most simple tool on AWS to achieve this with?

  • A. CloudWatch Health Checks
  • B. EC2 Health Checks
  • C. AWS ELB Health Checks
  • D. Route53 Health Checks

Answer: D

Explanation:
You can create a health check that will run into perpetuity using Route53, in one API call, which will ping your service via HTTP every 10 or 30 seconds.
Amazon Route 53 must be able to establish a TCP connection with the endpoint within four seconds. In addition, the endpoint must respond with an HTTP status code of 200 or greater and less than 400 within two seconds after connecting.
http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-determining-health-of- endpoint s.html

 

NEW QUESTION 31
Your DevOps team is responsible for a multi-tier, Windows-based web application consisting of web servers, Amazon RDS database instances, and a load balancer behind Amazon Route53.
You've been asked by your manager to build a cost-effective rolling deployment solution for this web application.
What method should you use?

  • A. Re-deploy your application on Elastic Beanstalk and take advantage of Elastic BeanStalk rolling updates.
  • B. Re-deploy your application on an AWS OpsWorks stack. Use the AWS OpsWorks done stack feature to allow updates between duplicate stacks.
  • C. Re-deploy your application using an AWS CloudFormation template. Use AWS CloudFormation rolling deployment policies, create a new policy for your AWS CloudFormation stack, and initiate an update stack operation to deploy new code.
  • D. Re-deploy your application using an AWS CloudFormation template, launch a new AWS CloudFormation stack during each deployment, and then tear down the old stack.

Answer: C

 

NEW QUESTION 32
You have decided that you need to change the instance type of your production instances which are running as part of an AutoScaling group. The entire architecture is deployed using CloudFormation Template. You currently have 4 instances in Production. You cannot have any interruption in service and need to ensure 2 instances are always runningduring the update. Which of the options below listed can be used for this?

  • A. AutoScalingScheduledAction
  • B. AutoScalingRollingUpdate
  • C. AutoScalinglntegrationUpdate
  • D. AutoScalingReplacingUpdate

Answer: B

Explanation:
The AWS::AutoScaling::AutoScalingGroup resource supports an UpdatePoIicy attribute. This is used to define how an Auto Scalinggroup resource is updated when an update to the Cloud Formation stack occurs. A common approach to updating an Auto Scaling group is to perform a rolling update, which is done by specifying the AutoScalingRollingUpdate policy. This retains the same Auto Scaling group and replaces old instances with new ones, according to the parameters specified. For more information on Autoscaling updates, please refer to the below link.
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/auto-scaling-group-rolling-updates/

 

NEW QUESTION 33
A company uses AWS CodePipeline to manage and deploy infrastructure as code. The infrastructure is defined in AWS CloudFormation templates and is primarily comprised of multiple Amazon EC2 instances and Amazon RDS databases. The Security team has observed many operators creating inbound security group rules with a source CIDR of 0 0 0 0/0 and would like to proactively stop the deployment of rules with open CIDRs The DevOps Engineer will implement a predeptoyment step that runs some security checks over the CloudFormation template before the pipeline processes it. This check should allow only inbound security group rules with a source CIDR of 0.0.0.0/0 if the rule has the description "Security Approval Ref XXXXX (where XXXXX is a preallocated reference). The pipeline step should fail if this condition is not met and the deployment should be blocked How should this be accomplished?

  • A. Enable a SCP in AWS Organizations. The policy should deny access to the API call Create Security GroupRule if the rule specifies 0.0.0.0/0 without a description referencing a security approval
  • B. Modify the IAM role used by CodePipeline. The IAM policy should deny access.
  • C. Create an AWS Config rule that is triggered on creation or edit of resource type EC2 SecurityGroup.
    This rule should call an AWS Lambda function to send a failure notification if the security group has any rules with a source CIDR of 0.0.0.0/0 without a description referencing a security approval.
  • D. Add an initial stage to CodePipeline called Security Check. This stage should call an AWS Lambda function that scans the CloudFormation template and fails the pipeline if it finds 0.0.0.0/0 in a security group without a description referencing a security approval

Answer: D

 

NEW QUESTION 34
You need the absolute highest possible network performance for a cluster computing application. You already selected homogeneous instance types supporting 10 gigabit enhanced networking, made sure that your workload was network bound, and put the instances in a placement group. What is the last optimization you can make?

  • A. Use 9001 MTU instead of 1500 for Jumbo Frames, to raise packet body to packet overhead ratios.
  • B. Bake an AMI for the instances and relaunch, so the instances are fresh in the placement group and do not have noisy neighbors.
  • C. Segregate the instances into different peered VPCs while keeping them all in a placement group, so each one has its own Internet Gateway.
  • D. Turn off SYN/ACK on your TCP stack or begin using UDP for higher throughput.

Answer: A

Explanation:
Explanation
Jumbo frames allow more than 1500 bytes of data by increasing the payload size per packet, and thus increasing the percentage of the packet that is not packet overhead. Fewer packets are needed to send the same amount of usable data. However, outside of a given AWS region (CC2-Classic), a single VPC, or a VPC peering connection, you will experience a maximum path of 1500 MTU. VPN connections and traffic sent over an Internet gateway are limited to 1500 MTU. If packets are over
1500 bytes, they are fragmented, or they are dropped if the Don't Fragment flag is set in the IP header.
For more information on Jumbo Frames, please visit the below URL:
* http://docs.aws.amazon.com/AWSCC2/latest/UserGuide/network_mtu.htm#jumbo_frame_instances

 

NEW QUESTION 35
A healthcare services company is concerned about the growing costs of software licensing for an application for monitoring patient wellness. The company wants to create an audit process to ensure that the application is running exclusively on Amazon EC2 Dedicated Hosts. A DevOps Engineer must create a workflow to audit the application to ensure compliance.
What steps should the Engineer take to meet this requirement with the LEAST administrative overhead?

  • A. Use custom Java code running on an EC2 instance. Set up EC2 Auto Scaling for the instance depending on the number of instances to be checked. Send the list of noncompliant EC2 instance IDs to an Amazon SQS queue. Set up another worker instance to process instance IDs from the SQS queue and write them to Amazon DynamoDB. Use an AWS Lambda function to terminate noncompliant instance IDs obtained from the queue, and send them to an Amazon SNS email topic for distribution.
  • B. Use AWS CloudTrail. Identify all EC2 instances to be audited by analyzing all calls to the EC2 RunCommand API action. Invoke an AWS Lambda function that analyzes the host placement of the instance. Store the EC2 instance ID of noncompliant resources in an Amazon RDS MySOL DB instance. Generate a report by querying the RDS instance and exporting the query results to a CSV text file.
  • C. Use AWS Systems Manager Configuration Compliance. Use calls to the put-compliance- items API action to scan and build a database of noncompliant EC2 instances based on their host placement configuration. Use an Amazon DynamoDB table to store these instance IDs for fast access. Generate a report through Systems Manager by calling the list-compliance- summaries API action.
  • D. Use AWS Config. Identify all EC2 instances to be audited by enabling Config Recording on all Amazon EC2 resources for the region. Create a custom AWS Config rule that triggers an AWS Lambda function by using the "config-rule-change-triggered" blueprint. Modify the Lambda evaluateCompliance () function to verify host placement to return a NON_COMPLIANT result if the instance is not running on an EC2 Dedicated Host. Use the AWS Config report to address noncompliant instances.

Answer: D

 

NEW QUESTION 36
An enterprise wants to use a third-party SaaS application running on AWS.. The SaaS application needs to
have access to issue several API commands to discover Amazon EC2 resources running within the enterprise's
account. The enterprise has internal security policies that require any outside access to their environment must
conform to the principles of least privilege and there must be controls in place to ensure that the credentials
used by the SaaS vendor cannot be used by any other third party. Which of the following would meet all of
these conditions?

  • A. Create an 1AM role for EC2 instances, assign it a policy that allows only the actions required tor the
    Saas application to work, provide the role ARN to the SaaS provider to use when launching their
    application instances.
  • B. Create an 1AM user within the enterprise account assign a user policy to the 1AM user that allows only
    the actions required by the SaaS application. Create a new access and secret key for the user and provide
    these credentials to the SaaS provider.
  • C. Create an 1AM role for cross-account access allows the SaaS provider's account to assume the role and
    assign it a policy that allows only the actions required by the SaaS application.
  • D. From the AWS Management Console, navigate to the Security Credentials page and retrieve the access
    and secret key for your account.

Answer: C

Explanation:
Explanation
Many SaaS platforms can access aws resources via a Cross account access created in aws. If you go to Roles
in your identity management, you will see the ability to
add a cross account role.

For more information on cross account role, please visit the below URL:
* http://docs.aws.amazon.com/IAM/latest/UserGuide/tuto
rial_cross-account-with-roles.htm I

 

NEW QUESTION 37
You have an application running in us-west-2 that requires 6 EC2 instances running at all times. With 3 AZ available in that region, which of the following deployments provides 100% fault tolerance if any single AZ in us-west-2 becomes unavailable. Choose 2 answers from the options below

  • A. us-west-2awith 3 instances, us-west-2b with 3 instances, us-west-2c with 3 instances
  • B. us-west-2awith 6 instances, us-west-2b with 6 instances, us-west-2c with 0 instances
  • C. us-west-2awith 4 instances, us-west-2b with 2 instances, us-west-2c with 2 instances
  • D. us-west-2awith 3 instances, us-west-2b with 3 instances, us-west-2c with 0 instances
  • E. us-west-2awith 2 instances, us-west-2b with 2 instances, us-west-2c with 2 instances

Answer: A,B

Explanation:
Explanation
Since we need 6 instances running at all times, only D and C fulfil this option.
The AWS documentation mentions the following on Availability zones
When you launch an instance, you can select an Availability Zone or let us choose one for you. If you distribute your instances across multiple Availability Zones and one instance fails, you can design your application so that an instance in another Availability Zone can handle requests.
For more information on Regions and AZ's please visit the URL:
* http://docs.aws.amazon.com/AWSCC2/latest/UserGuide/using-regions-avai lability-zones.html

 

NEW QUESTION 38
Your company has developed a web application and is hosting it in an Amazon S3 bucket configured for static website hosting. The application is using the AWS SDK for JavaScript in the browser to access data stored in an Amazon DynamoDB table. How can you ensure that API keys for access to your data in DynamoDB are kept secure?

  • A. Configure S3 bucket tags with your AWS access keys for your bucket hosing your website so that the application can query them for access.
  • B. Create an Amazon S3 role in 1AM with access to the specific DynamoDB tables, and assign it to the bucket hosting your website.
  • C. Configure a web identity federation role within 1AM to enable access to the correct DynamoDB resources and retrieve temporary credentials.
  • D. Store AWS keys in global variables within your application and configure the application to use these credentials when making requests.

Answer: C

Explanation:
Explanation
With web identity federation, you don't need to create custom sign-in code or manage your own user identities.
Instead, users of your app can sign in using a well-known identity provider (IdP) -such as Login with Amazon, Facebook, Google, or any other OpenID Connect (OIDC)-compatible IdP, receive an authentication token, and then exchange that token for temporary security credentials in AWS that map to an 1AM role with permissions to use the resources in your AWS account. Using an IdP helps you keep your AWS account secure, because you don't have to embed and distribute long-term security credentials with your application.
For more information on Web Identity Federation, please refer to the below document link: from AWS
* http://docs.wsamazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html

 

NEW QUESTION 39
You have just come from your Chief Information Security Officer's (CISO) office with the instructions to provide an audit report of all AWS network rules used by the organization's Amazon EC2 instances. You have discovered that a single Describe-Security-Groups API call will return all of an account's security groups and rules within a region.
You create the following pseudo-code to create the required report:
- Parse "aws ec2 describe-security-groups" output
- For each security group
- Create report of ingress and egress rules
Which two additional pieces of logic should you include to meet the CISO's requirements?
Choose 2 answers

  • A. Evaluate Elastic Load Balancing access control lists.
  • B. Parse CloudFront access control lists.
  • C. Parse security groups in each region.
  • D. Evaluate VPC network access control lists.
  • E. Parse security groups in each Availability Zone and region.
  • F. Evaluate AWS CloudTrail logs.

Answer: C,D

 

NEW QUESTION 40
You want to pass queue messages that are 1GB each. How should you achieve this?

  • A. Use SQS's support for message partitioning and multi-part uploads on Amazon S3.
  • B. Use AWS EFS as a shared pool storage medium. Store filesystem pointers to the files on disk in the
    SQS message bodies.
  • C. Use the Amazon SQS Extended Client Library for Java and Amazon S3 as a storage mechanism for
    message bodies.
  • D. Use Kinesis as a buffer stream for message bodies. Store the checkpoint id for the placement in the
    Kinesis Stream in SQS.

Answer: C

Explanation:
Explanation
You can manage Amazon SQS messages with Amazon S3. This is especially useful for storing and consuming
messages with a message size of up to 2 GB. To manage
Amazon SQS messages with Amazon S3, use the Amazon SQS Extended Client Library for Java. Specifically,
you use this library to:
* Specify whether messages are always stored in Amazon S3 or only when a message's size exceeds 256 KB.
* Send a message that references a single message object stored in an Amazon S3 bucket.
* Get the corresponding message object from an Amazon S3 bucket.
* Delete the corresponding message object from an Amazon S3 bucket.
For more information on processing large messages for SQS, please visit the below URL:
* http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-s3-messages.
html

 

NEW QUESTION 41
You need to perform ad-hoc analysis on log data, including searching quickly for specific error codes and reference numbers. Which should you evaluate first?

  • A. AWS Elasticsearch Service
  • B. AWS RedShift
  • C. AWS EMR
  • D. AWS DynamoDB

Answer: A

Explanation:
Amazon Elasticsearch Service (Amazon ES) is a managed service that makes it easy to deploy, operate, and scale Elasticsearch clusters in the AWS cloud. Elasticsearch is a popular open- source search and analytics engine for use cases such as log analytics, real-time application monitoring, and click stream analytics.
http://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/what-is-amazon- elasticsearch-s ervice.html

 

NEW QUESTION 42
A DevOps Engineer is working on a project that is hosted on Amazon Linux and has failed a security review.
The DevOps Manager has been asked to review the company buildspec.yami file for an AWS CodeBuild project and provide recommendations. The builspec.yami file is configured as follows:

What changes should be recommended to comply with AWS security best practices? (Select THREE.)

  • A. Move the environment variables to the 'db-deploy-bucket' Amazon S3 bucket, add a prebuild stage to download, then export the variables.
  • B. Store the DB_PASSWORD as a SecurityString value in AWS Systems Manager Parameter Store and then remove the DB_PASSWORD from the environment variables.
  • C. Scramble the environment variables using XOR followed by Base64, add a section to install, and then run XOR and Base64 to the build phase.
  • D. Add a post-build command to remove the temporary files from the container before termination to ensure they cannot be seen by other CodeBuild users.
  • E. Update the CodeBuild project role with the necessary permissions and then remove the AWS credentials from the environment variable.
  • F. Use AWS Systems Manager run command versus scp and ssh commands directly to the instance.

Answer: A,D,F

 

NEW QUESTION 43
Which of the following tools does not directly support AWS OpsWorks, for monitoring your stacks?

  • A. Amazon CloudWatch Metrics
  • B. AWS CloudTrail
  • C. Amazon CloudWatch Logs
  • D. AWS Config

Answer: D

Explanation:
You can monitor your stacks in the following ways: AWS OpsWorks uses Amazon CloudWatch to provide
thirteen custom metrics with detailed monitoring for each instance in the stack; AWS OpsWorks integrates
with AWS CloudTrail to log every AWS OpsWorks API call and store the data in an Amazon S3 bucket;
You can use Amazon CloudWatch Logs to monitor your stack's system, application, and custom logs.
Reference: http://docs.aws.amazon.com/opsworks/latest/userguide/monitoring.html

 

NEW QUESTION 44
To run an application, a DevOps Engineer launches an Amazon EC2 instances with public IP addresses in a public subnet. A user data script obtains the application artifacts and installs them on the instances upon launch. A change to the security classification of the application now requires the instances to run with no access to the Internet. While the instances launch successfully and show as healthy, the application does not seem to be installed. Which of the following should successfully install the application while complying with the new rule?

  • A. Set up a NAT gateway. Deploy the EC2 instances to a private subnet. Update the private subnet's route table to use the NAT gateway as the default route.
  • B. Launch the instances in a public subnet with Elastic IP addresses attached. Once the application is installed and running, run a script to disassociate the Elastic IP addresses afterwards.
  • C. Create a security group for the application instances and whitelist only outbound traffic to the artifact repository. Remove the security group rule once the install is complete.
  • D. Publish the application artifacts to an Amazon S3 bucket and create a VPC endpoint for S3. Assign an IAM instance profile to the EC2 instances so they can read the application artifacts from the S3 bucket.

Answer: D

Explanation:
EC2 instances running in private subnets of a VPC can now have controlled access to S3 buckets, objects, and API functions that are in the same region as the VPC. You can use an S3 bucket policy to indicate which VPCs and which VPC Endpoints have access to your S3 buckets 1- https://aws.amazon.com/pt/blogs/aws/new-vpc-endpoint-for-amazon-s3/

 

NEW QUESTION 45
A DevOps Engineer manages a large commercial website that runs on Amazon EC2. The website uses Amazon Kinesis Data Streams to collect and process web logs. The Engineer manages the Kinesis consumer application, which also runs on EC2. Spikes of data cause the Kinesis consumer application to fall behind, and the streams drop records before they can be processed.
What is the FASTEST method to improve stream handling?

  • A. Modify the Kinesis consumer application to store the logs durably in amazon S3. Use Amazon EMR to process the data directly on S3 to derive customer insights and store the results in S3.
  • B. Convert the Kinesis consumer application to run as an AWS Lambda function. Configure the Kinesis Data Streams as the event source for the Lambda function to process the data streams.
  • C. Increase the number of shards in the Kinesis Data Streams to increase the overall throughput so that the consumer processes data faster.
  • D. Horizontally scale the Kinesis consumer application by adding more EC2 instances based on the GetRecord.IteratorAgeMiliseconds Amazon CloudWatch metric. Increase the Kinesis Data Streams retention period.

Answer: D

 

NEW QUESTION 46
You have an application consisting of a stateless web server tier running on Amazon EC2 instances behind load balancer, and are using Amazon RDS with read replicas.
Which of the following methods should you use to implement a self-healing and cost-effective architecture? Choose 2 answers.

  • A. Set up scripts on each Amazon EC2 instance to frequently send ICMP pings to the load balancer in order to determine which instance is unhealthy and replace it.
  • B. Set up an Auto Scaling group for the web server tier along with an Auto Scaling policy that uses the Amazon RDS DB CPU utilization CloudWatch metric to scale the instances.
  • C. Set up an Auto Scaling group for the database tier along with an Auto Scaling policy that uses the Amazon RDS read replica lag CloudWatch metric to scale out the Amazon RDS read replicas.
  • D. Set up an Auto Scaling group for the web server tier along with an Auto Scaling policy that uses the Amazon EC2 CPU utilization CloudWatch metric to scale the instances.
  • E. Use a larger Amazon EC2 instance type for the web server tier and a larger DB instance type for the data storage layer to ensure that they don't become unhealthy.
  • F. Set up a third-party monitoring solution on a cluster of Amazon EC2 instances in order to emit custom CloudWatch metrics to trigger the termination of unhealthy Amazon EC2 instances.
  • G. Use an Amazon RDS Multi-AZ deployment.

Answer: D,G

 

NEW QUESTION 47
You are planning on using encrypted snapshots in the design of your AWS Infrastructure. Which of the following statements are true with regards to EBS Encryption

  • A. Snapshotting an encrypted volume makes an encrypted snapshot when specified / requested; restoring an encrypted snapshot always creates an encrypted volume.
  • B. Snapshotting an encrypted volume makes an encrypted snapshot; restoring an encrypted snapshot always creates an encrypted volume.
  • C. Snapshottingan encrypted volume makes an encrypted snapshot; restoring an encrypted snapshot creates an encrypted volume when specified / requested.
  • D. Snapshotting an encrypted volume makes an encrypted snapshot when specified / requested; restoring an encrypted snapshot creates an encrypted volume when specified / requested.

Answer: B

Explanation:
Explanation
Amazon CBS encryption offers you a simple encryption solution for your CBS volumes without the need for you to build, maintain, and secure your own key management infrastructure. When you create an encrypted CBS volume and attach it to a supported instance type, the following types of data are encrypted:
* Data at rest inside the volume
* All data moving between the volume and the instance
* All snapshots created from the volume
Snapshots that are taken from encrypted volumes are automatically encrypted. Volumes that are created from encrypted snapshots are also automatically encrypted.
For more information on CBS encryption, please visit the below URL:
* http://docs.aws.amazon.com/AWSCC2/latest/UserGuide/CBSCncryption.html

 

NEW QUESTION 48
Which of the following services along with Cloudformation helps in building a Continuous Delivery release practice

  • A. AWSCodePipeline
  • B. AWSCIoudtrail
  • C. AWSLambda
  • D. AWSConfig

Answer: A

Explanation:
Explanation
The AWS Documentation mentions
Continuous delivery is a release practice in which code changes are automatically built, tested, and prepared for release to production. With AWS Cloud Formation and AWS CodePipeline, you can use continuous delivery to automatically build and test changes to your AWS Cloud Formation templates before promoting them to production stacks. This release process lets you rapidly and reliably make changes to your AWS infrastructure.
For more information on Continuous Delivery, please visit the below URL:
http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/continuous-delivery-codepipeline.html

 

NEW QUESTION 49
You are experiencing performance issues writing to a DynamoDB table. Your system tracks high scores for video games on a marketplace. Your most popular game experiences all of the performance issues.
What is the most likely problem?

  • A. Users of the most popular video game each perform more read and write requests than average.
  • B. DynamoDB's vector clock is out of sync, because of the rapid growth in request for the most popular game.
  • C. You did not provision enough read or write throughput to the table.
  • D. You selected the Game ID or equivalent identifier as the primary partition key for the table.

Answer: D

Explanation:
The primary key selection dramatically affects performance consistency when reading or writing to DynamoDB. By selecting a key that is tied to the identity of the game, you forced DynamoDB to create a hotspot in the table partitions, and over-request against the primary key partition for the popular game. When it stores data, DynamoDB divides a table's items into multiple partitions, and distributes the data primarily based upon the partition key value. The provisioned throughput associated with a table is also divided evenly among the partitions, with no sharing of provisioned throughput across partitions.
http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/GuidelinesForTables.html# Guideli nesForTables.UniformWorkload

 

NEW QUESTION 50
You are using Elastic Beanstalk to manage your e-commerce store. The store is based on an open source e- commerce platform and is deployed across multiple instances in an Auto Scaling group. Your development team often creates new "extensions" for the e-commerce store.
These extensions include PHP source code as well as an SQL upgrade script used to make any necessary updates to the database schema.
You have noticed that some extension deployments fail due to an error when running the SQL upgrade script. After further investigation, you realize that this is because the SQL script is being executed on all of your Amazon EC2 instances.
How would you ensure that the SQL script is only executed once per deployment regardless of how many Amazon EC2 instances are running at the time?

  • A. Make use of the Amazon EC2 metadata service to query whether the instance is marked as the leader" in the Auto Scaling group.
    Only execute the script if "true" is returned.
  • B. Use a "Solo Command" within an Elastic Beanstalk configuration file to execute the script.
    The Elastic Beanstalk service will ensure that the command is only executed once.
  • C. Use a "Container command" within an Elastic Beanstalk configuration file to execute the script, ensuring that the "leader only" flag is set to true.
  • D. Update the Amazon RDS security group to only allow write access from a single instance in the Auto Scaling group; that way, only one instance will successfully execute the script on the database.

Answer: C

 

NEW QUESTION 51
Some of your EC2 instances are configured to use a Proxy. Can you use Amazon Inspector for regular assessment of instances behind proxy?

  • A. No, AWS Agent does NOT support proxy environments.
  • B. Yes, AWS Agent supports proxy environments on both Linux-based and Windows-based systems.
  • C. Only Linux-based systems are supported, and AWS agent supports HTTPS proxy on these systems.
  • D. Only Windows-based systems are supported as Linux-based systems use custom configurations that are not supported by AWS Agent in the current release.

Answer: B

Explanation:
The AWS agent supports proxy environments. For Linux instances, Inspector supports HTTPS Proxy, and for Windows instances, it supports WinHTTP proxy.
Reference: https://docs.aws.amazon.com/inspector/latest/userguide/inspector_agents.html

 

NEW QUESTION 52
A company's application is currently deployed to a single AWS Region. Recently, the company opened a new office on a different continent. The users in the new office are experiencing high latency. The company's application runs on Amazon EC2 instances behind an Application Load Balancer (ALB) and uses Amazon DynamoDB as the database layer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. A DevOps Engineer is tasked with minimizing application response times and improving availability for users in both Regions.
Which combination of actions should be taken to address the latency issues? (Choose three.)

  • A. Create a new DynamoDB table in the new Region with cross-Region replication enabled.
  • B. Create new ALB and Auto Scaling group global resources and configure the new ALB to direct traffic to the new Auto Scaling group.
  • C. Create Amazon Route 53 records, health checks, and latency-based routing policies to route to the AL
  • D. Convert the DynamoDB table to a global table.
  • E. Create new ALB and Auto Scaling group resources in the new Region and configure the new ALB to direct traffic to the new Auto Scaling group.
  • F. Create Amazon Route 53 aliases, health checks, and failover routing policies to route to the ALB.

Answer: C,D,E

 

NEW QUESTION 53
......

Authentic Best resources for DOP-C01 Online Practice Exam: https://www.getvalidtest.com/DOP-C01-exam.html

Get the superior quality DOP-C01 Dumps with explanations waiting just for you, get it now: https://drive.google.com/open?id=1JnKRKCa3Z_35f68PXyXwgVBEMd343EFF

Related Articles

more
Amazon DOP-C01 Certification Practice Exam