Up To Date DOP-C01 Dumps For AWS Certified DevOps Engineer- Professional Certification

NEW QUESTION 1
The operations team and the development team want a single place to view both operating system and application logs. How should you implement this using A WS services? Choose two from the options below

• A. Using AWS CloudFormation, create a Cloud Watch Logs LogGroup and send the operating system and application logs of interest using the Cloud Watch Logs Agent.
• B. Using AWS CloudFormation and configuration management, set up remote logging to send events via UDP packets to CloudTrail.
• C. Using configuration management, set up remote logging to send events to Amazon Kinesis and insert these into Amazon CloudSearch or Amazon Redshift, depending on available analytic tools.
• D. Using AWS CloudFormation, merge the application logs with the operating system logs, and use 1AM Roles to allow both teams to have access to view console output from Amazon EC2.

Answer: AC

Explanation:
Option B is invalid because Cloudtrail is not designed specifically to take in UDP packets
Option D is invalid because there are already Cloudwatch logs available, so there is no need to have specific logs designed for this.
You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon L~C2) instances, AWS CloudTrail,
and other sources. You can then retrieve the associated log data from CloudWatch Logs. For more information on Cloudwatch logs please refer to the below link:
http://docs^ws.amazon.com/AmazonCloudWatch/latest/logs/WhatlsCloudWatchLogs.html You can the use Kinesis to process those logs
For more information on Amazon Kinesis please refer to the below link: http://docs.aws.a mazon.com/streams/latest/dev/introduction.html

NEW QUESTION 2
Your development team use .Net to code their web application. They want to deploy it to AWS for the purpose of continuous integration and deployment. The application code is hosted in a Git repository. Which of the following combination of steps can be used to fulfil this requirement. Choose 2 answers from the options given below

• A. Use the Elastic beanstalk service to provision an IIS platform web environment to host the application.
• B. Use the Code Pipeline service to provision an IIS environment to host the application.
• C. Create a source bundle for the .Net code and upload it as an application revision.
• D. Use a chef recipe to deploy the code and attach it to the Elastic beanstalk environment.

Answer: AC

Explanation:
When you provision an environment using the Clastic beanstalk service, you can choose the IIS platform to host the .Net based application as shown below.

You can also upload the application as a zip file and specify it as an application revision.
For more information on Elastic beanstalk and .Net environments, please refer to the below link: http://docs^ws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_NCT.html

NEW QUESTION 3
You need to create a Route53 record automatically in CloudFormation when not running in production during all launches of a Template. How should you implement this?

• A. Use a Parameter for environment, and add a Condition on the Route53 Resource in the template to create the record only when environment is not production.
• B. Create two templates, one with the Route53 record value and one with a null value for the recor
• C. Use the one without it when deploying to production.
• D. Use a Parameterfor environment, and add a Condition on the Route53 Resource in the template to create the record with a null string when environment is production.
• E. Create two templates, one with the Route53 record and one without i
• F. Use the one without it when deploying to production.

Answer: A

Explanation:
The optional Conditions section includes statements that define when a resource is created or when a property is defined. For example, you can compare whether a value is equal to another value. Based on the result of that condition, you can conditionally create resources. If you have multiple conditions, separate them with commas.
You might use conditions when you want to reuse a template that can create resources in different contexts, such as a test environment versus a production environment In your template, you can add an Environ me ntType input parameter, which accepts either prod or test as inputs. For the production environment, you might include Amazon CC2 instances with certain capabilities; however, for the test environment, you want to use reduced capabilities to save money. With conditions, you can define which resources are created and how they're configured for each environment type.
For more information on Cloudformation conditions please refer to the below link: http://docs.ws.amazon.com/AWSCIoudFormation/latest/UserGuide/cond itions-section- structure.htm I

NEW QUESTION 4
You are using Chef in your data center. Which service is designed to let the customer leverage existing Chef recipes in AWS?

• A. AWS Elastic Beanstalk
• B. AWSOpsWorks
• C. AWS CloudFormation
• D. Amazon Simple Workflow Service

Answer: B

Explanation:
AWS OpsWorks is a configuration management service that uses Chef, an automation platform that treats server configurations as code. OpsWorks uses Chef to
automate how servers are configured, deployed, and managed across your Amazon Clastic Compute Cloud (Amazon CC2) instances or on-premises compute
environments. OpsWorks has two offerings, AWS Opsworks for Chef Automate, and AWS OpsWorks Stacks.
For more information on Opswork and SNS please refer to the below link:
• https://aws.amazon.com/opsworks/

NEW QUESTION 5
You are working with a customer who is using Chef Configuration management in their data center. Which service is designed to let the customer leverage existing Chef recipes in AWS?

• A. AmazonSimple Workflow Service
• B. AWSEIastic Beanstalk
• C. AWSCIoudFormation
• D. AWSOpsWorks

Answer: D

Explanation:
AWS OpsWorks is a configuration management service that helps you configure and operate applications of all shapes and sizes using Chef. You can define the application's architecture and the specification of each component including package installation, software configuration and resources
such as storage. Start from templates for common technologies like application servers and databases or build your own to perform any task that can be scripted. AWS OpsWorks includes automation to scale your application based on time or load and dynamic configuration to orchestrate changes as your environment scales.
For more information on Opswork, please visit the link:
• https://aws.amazon.com/opsworks/

NEW QUESTION 6
As part of your continuous deployment process, your application undergoes an I/O load performance test before it is deployed to production using new AMIs. The application uses one Amazon EBS PIOPS volume per instance and requires consistent I/O performance.
Which of the following must be carried out to ensure that I/O load performance tests yield the correct results in a repeatable manner?

• A. Ensurethat the I/O block sizes for the test are randomly selected.
• B. Ensurethat the Amazon EBS volumes have been pre-warmed by reading all the blocksbefore the test.
• C. Ensurethat snapshots of the Amazon EBS volumes are created as a backup.
• D. Ensurethat the Amazon EBS volume is encrypted.

Answer: B

Explanation:
Since the AMI will get all the data from S3 as snapshots, always ensure the volume prewarmed before it is set for the load test.
For more information on benchmarking procedures please see the below link:
• hrtp://docs^ws.amazon.com/AWSCC2/latest/UserGuide/berK;hmark_prooedures.html

NEW QUESTION 7
Which of the following tools does not directly support AWS OpsWorks, for monitoring your stacks?

• A. AWSConfig
• B. Amazon CloudWatch Metrics
• C. AWSCIoudTrail
• D. Amazon CloudWatch Logs

Answer: A

Explanation:
You can monitor your stacks in the following ways.
• AWS OpsWorks Stacks uses Amazon CloudWatch to provide thirteen custom metrics with detailed monitoring for each instance in the stack.
• AWS OpsWorks Stacks integrates with AWS CloudTrail to log every AWS OpsWorks Stacks API call and store the data in an Amazon S3 bucket.
• You can use Amazon CloudWatch Logs to monitor your stack's system, application, and custom logs.
For more information on Opswork monitoring, please visit the below URL:
• http://docs.aws.amazon.com/opsworks/latest/userguide/monitoring.html

NEW QUESTION 8
You have an Opswork stack setup in AWS. You want to install some updates to the Linux instances in the stack. Which of the following can be used to publish those updates. Choose 2 answers from the options given below

• A. Create and start new instances to replace your current online instance
• B. Then delete the current instances.
• C. Use Auto-scaling to launch new instances and then delete the older instances
• D. On Linux-based instances in Chef 11.10 or older stacks, run the Update Dependencies stack command
• E. Delete the stack and create a new stack with the instances and their relavant updates

Answer: AC

Explanation:
As per AWS documentation.
By default, AWS OpsWorks Stacks automatically installs the latest updates during setup, after an instance finishes booting. AWS OpsWorks Stacks does not automatically install updates after an instance is online, to avoid interruptions such as restarting application servers. Instead, you manage updates to your online instances yourself, so you can minimize any disruptions.
We recommend that you use one of the following to update your online instances.
•Create and start new instances to replace your current online instances. Then delete the current instances.
The new instances will have the latest set of security patches installed during setup.
•On Linux-based instances in Chef 11.10 or older stacks, run the Update Dependencies stack command, which installs the current set of security patches and other updates
on the specified instances.
More information is available at: https://docs.aws.amazon.com/opsworks/latest/userguide/workingsecurity-updates.html

NEW QUESTION 9
You have an Autoscaling Group which is launching a set of t2.small instances. You now need to replace those instances with a larger instance type. How would you go about making this change in an ideal manner?

• A. Changethe Instance type in the current launch configuration to the new instance type.
• B. Createanother Autoscaling Group and attach the new instance type.
• C. Createa new launch configuration with the new instance type and update yourAutoscaling Group.
• D. Changethe Instance type of the Underlying EC2 instance directly.

Answer: C

Explanation:
Answer - C
The AWS Documentation mentions
A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances. When you create a launch configuration, you specify information for the instances such as the ID of the Amazon Machine Image (AMI), the instance type, a key pair, one or more security groups, and a block device mapping. If you've launched an EC2 instance before, you specified the same information in order to launch the instance. When you create an Auto Scalinggroup, you must specify a launch configuration. You can specify your launch configuration with multiple Auto Scaling groups.
However, you can only specify one launch configuration for an Auto Scalinggroup at a time, and you can't modify a launch configuration after you've created it.
Therefore, if you want to change the launch configuration for your Auto Scalinggroup, you must create a launch configuration and then update your Auto Scaling group with the new launch configuration.
For more information on launch configurations please see the below link:
• http://docs.aws.amazon.com/autoscaling/latest/userguide/l_au nchConfiguration.html

NEW QUESTION 10
You are using Jenkins as your continuous integration systems for the application hosted in AWS. The builds are then placed on newly launched EC2 Instances. You want to ensure that the overall cost of the entire continuous integration and deployment pipeline is minimized. Which of the below options would meet these requirements? Choose 2 answers from the options given below

• A. Ensurethat all build tests are conducted using Jenkins before deploying the build tonewly launched EC2 Instances.
• B. Ensurethat all build tests are conducted on the newly launched EC2 Instances.
• C. Ensurethe Instances are launched only when the build tests are completed.
• D. Ensurethe Instances are created beforehand for faster turnaround time for theapplication builds to be placed.

Answer: AC

Explanation:
To ensure low cost, one can carry out the build tests on the Jenkins server itself. Once the build tests are completed, the build can then be transferred onto newly launched CC2 Instances.
For more information on AWS and Jenkins, please visit the below URL:
• https://aws.amazon.com/getting-started/projects/setup-jenkins-build-server/
Option D is incorrect. It would be right choice in case the requirement is to get better speed.

NEW QUESTION 11
Your company wants to understand where cost is coming from in the company's production AWS account. There are a number of applications and services running at any given time. Without expending too much initial development time.how best can you give the business a good understanding of which applications cost the most per month to operate?

• A. Create an automation script which periodically creates AWS Support tickets requesting detailed intra-month information about your bill.
• B. Use custom CloudWatch Metrics in your system, and put a metric data point whenever cost is incurred.
• C. Use AWS Cost Allocation Taggingfor all resources which support i
• D. Use the Cost Explorer to analyze costs throughout the month.
• E. Use the AWS Price API and constantly running resource inventory scripts to calculate total price based on multiplication of consumed resources over time.

Answer: C

Explanation:
A tag is a label that you or AWS assigns to an AWS resource. Each tag consists of a Areyand a value. A key can have more than one value. You can use tags to organize your resources, and cost allocation tags to track your AWS costs on a detailed level. After you activate cost allocation tags, AWS uses the cost allocation tags to organize your resource costs on your cost allocation report, to make it easier
for you to categorize and track your AWS costs. AWS provides two types of cost allocation tags, an A WS-generated tagand user-defined tags. AWS defines, creates, and applies the AWS-generated tag for you, and you define, create, and apply user-defined tags. You must activate both types of tags separately before they can appear in Cost Explorer or on a cost allocation report.
For more information on Cost Allocation tags, please visit the below URL: http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloctags.html

NEW QUESTION 12
What is required to achieve gigabit network throughput on EC2? You already selected cluster- compute, 10GB instances with enhanced networking, and your workload is already network-bound, but you are not seeing 10 gigabit speeds.

• A. Enable biplex networking on your servers, so packets are non-blocking in both directions and there's no switching overhead.
• B. Ensure the instances are in different VPCs so you don't saturate the Internet Gateway on any one VPC.
• C. Select PIOPS for your drives and mount several, so you can provision sufficient disk throughput.
• D. Use a placement group for your instances so the instances are physically near each other in the same Availability Zone.

Answer: D

Explanation:
A placement group is a logical grouping of instances within a single Availability Zone. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both. To provide the lowest latency, and the highest packet-per-second network performance for your placement group, choose an instance type that supports enhanced networking. For more information on Placement Groups, please visit the below URL: http://docs.aws.amazon.com/AWSCC2/latest/UserGuide/placement-groups.html

NEW QUESTION 13
You have a web application hosted on EC2 instances. There are application changes which happen to the web application on a quarterly basis. Which of the following are example of Blue Green deployments which can be applied to the application? Choose 2 answers from the options given below

• A. Deploythe application to an elastic beanstalk environmen
• B. Have a secondary elasticbeanstalk environment in place with the updated application cod
• C. Use the swapURL's feature to switch onto the new environment.
• D. Placethe EC2 instances behind an EL
• E. Have a secondary environment with EC2lnstances and ELB in another regio
• F. Use Route53 with geo-location to routerequests and switch over to the secondary environment.
• G. Deploythe application using Opswork stack
• H. Have a secondary stack for the newapplication deploymen
• I. Use Route53 to switch over to the new stack for the newapplication update.
• J. Deploythe application to an elastic beanstalk environmen
• K. Use the Rolling updatesfeature to perform a Blue Green deployment.

Answer: AC

Explanation:
The AWS Documentation mentions the following
AWS Elastic Beanstalk is a fast and simple way to get an application up and running on AWS.6 It's perfect for developers who want to deploy code without worrying about managing the underlying infrastructure. Elastic Beanstalk supports Auto Scaling and Elastic Load Balancing, both of which enable blue/green deployment.
Elastic Beanstalk makes it easy to run multiple versions of your application and provides capabilities to swap the environment URLs, facilitating blue/green deployment.
AWS OpsWorks is a configuration management service based on Chef that allows customers to deploy and manage application stacks on AWS.7 Customers can specify resource and application configuration, and deploy and monitor running resources. OpsWorks simplifies cloning entire stacks when you're preparing blue/green environments.
For more information on Blue Green deployments, please refer to the below link:
• https://dO3wsstatic.com/whitepapers/AWS_Blue_Green_Deployments.pdf

NEW QUESTION 14
You are using Elastic Beanstalk to manage your e-commerce store. The store is based on an open source e- commerce platform and is deployed across multiple instances in an Auto Scaling group. Your development team often creates new "extensions" for the e-commerce store. These extensions include PHP source code as well as an SQL upgrade script used to make any necessary updates to the database schema. You have noticed that some extension deployments fail due to an error when running the SQL upgrade script. After further investigation, you realize that this is because the SQL script is being executed on all of your Amazon EC2 instances. How would you ensure that the SQL script is only executed once per deployment regardless of how many Amazon EC2 instances are running at the time?

• A. Use a "Container command" within an Elastic Beanstalk configuration file to execute the script, ensuring that the "leader only" flag is set to true.
• B. Make use of the Amazon EC2 metadata service to query whether the instance is marked as the leader" in the Auto Scaling grou
• C. Only execute the script if "true" is returned.
• D. Use a "Solo Command" within an Elastic Beanstalk configuration file to execute the scrip
• E. The Elastic Beanstalk service will ensure that the command is only executed once.
• F. Update the Amazon RDS security group to only allow write access from a single instance in the Auto Scaling group; that way, only one instance will successfully execute the script on the database.

Answer: A

Explanation:
You can use the container_commands key to execute commands that affect your application source code. Container commands run after the application and web server have been set up and the application version archive has been extracted, but before the application version is deployed. Non-container commands and other customization operations are performed prior to the application source code being extracted.
You can use leader_only to only run the command on a single instance, or configure a test to only run the command when a test command evaluates to true. Leader-only container commands are only executed during environment creation and deployments, while other commands and server customization operations are performed every time an instance is provisioned or updated. Leader- only container commands are not executed due to launch configuration changes, such as a change in the AMI Id or instance type. For more information on customizing containers, please visit the below URL:
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-containers-ec2.html

NEW QUESTION 15
You are incharge of creating a Cloudformation template that will be used to spin our resources on demand for your Devops team. The requirement is that this cloudformation template should be able to spin up resources in different regions. Which of the following aspects of Cloudformation templates can help you design the template to spin up resources based on the region.

• A. Use mappings section in the Cloudformation template, so that based on the relevant region, the relevant resource can be spinned up.
• B. Use the outputs section in the Cloudformation template, so that based on the relevant region, the relevant resource can be spinned up.
• C. Use the parameters section in the Cloudformation template, so that based on the relevant region, the relevant resource can be spinned up.
• D. Use the metadata section in the Cloudformation template, so that based on the relevant region, the relevant resource can be spinned up.

Answer: A

Explanation:
The AWS Documentation mentions
The optional Mappings section matches a key to a corresponding set of named values. For example, if you want to set values based on a region, you can create a
mapping that uses the region name as a key and contains the values you want to specify for each specific region. You use the Fn::FindlnMap intrinsic function to
retrieve values in a map.
For more information on mappings please refer to the below link:
◆ http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/mappings-section-structure.html

NEW QUESTION 16
Your mobile application includes a photo-sharing service that is expecting tens of thousands of users at launch. You will leverage Amazon Simple Storage Service (S3) for storage of the user Images, and you must decide how to authenticate and authorize your users for access to these images. You also need to manage the storage of these images. Which two of the following approaches should you use? Choose two answers from the options below

• A. Create an Amazon S3 bucket per user, and use your application to generate the S3 URI for the appropriate content.
• B. Use AWS Identity and Access Management (1AM) user accounts as your application-level user database, and offload the burden of authentication from your application code.
• C. Authenticate your users at the application level, and use AWS Security Token Service (STS) to grant token-based authorization to S3 objects.
• D. Authenticate your users at the application level, and send an SMS token message to the use
• E. Create an Amazon S3 bucket with the same name as the SMS message token, and move the user's objects to that bucket.
• F. Use a key-based naming scheme comprised from the user IDs for all user objects in a single Amazon S3 bucket.

Answer: CE

Explanation:
The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access
Management (1AM) users or for users that you authenticate (federated users). The token can then be used to grant access to the objects in S3.
You can then provides access to the objects based on the key values generated via the user id. Option A is possible but then becomes a maintenance overhead because of the number of buckets. Option B is invalid because 1AM users is not a good security practice.
Option D is invalid because SMS tokens are not efficient for this requirement.
For more information on the Security Token Service please refer to the below link: http://docs.aws.amazon.com/STS/latest/APIReference/Welcome.htrril

NEW QUESTION 17
When one creates an encrypted EBS volume and attach it to a supported instance type ,which of the following data types are encrypted?
Choose 3 answers from the options below

• A. Dataat rest inside the volume
• B. Alldata copied from the EBS volume to S3
• C. Alldata moving between the volume and the instance
• D. Allsnapshots created from the volume

Answer: ACD

Explanation:
This is clearly given in the aws documentation. Amazon EBS Encryption
Amazon CBS encryption offers a simple encryption solution for your CBS volumes without the need to build, maintain, and secure your own key management infrastructure. When you create an encrypted CBS volume and attach it to a supported instance type, the following types of data are encrypted:
• Data at rest inside the volume
• All data moving between the volume and the instance
• All snapshots created from the volume
• All volumes created from those snapshots
For more information on CBS encryption, please refer to the below url http://docs.aws.a mazon.com/AWSCC2/latest/UserGuide/CBSCncryption.html

NEW QUESTION 18
You need to create a simple, holistic check for your system's general availablity and uptime. Your system presents itself as an HTTP-speaking API. What is the most simple tool on AWS to achieve this with?

• A. Route53 Health Checks
• B. CloudWatch Health Checks
• C. AWS ELB Health Checks
• D. EC2 Health Checks

Answer: A

Explanation:
Amazon Route 53 health checks monitor the health and performance of your web applications, web servers, and other resources. Each health check that you create
can monitor one of the following:
• The health of a specified resource, such as a web server
• The status of an Amazon Cloud Watch alarm
• The status of other health checks
For more information on Route53 Health checks, please refer to the below link:
• http://docs.aws.a mazon.com/Route53/latest/DeveloperGuide/dns-fa ilover.html

NEW QUESTION 19
For AWS Auto Scaling, what is the first transition state an instance enters after leaving steady state when scaling in due to health check failure or decreased load?

• A. Terminating
• B. Detaching
• C. Terminating:Wait
• D. EnteringStandby

Answer: A

Explanation:
The below diagram shows the Lifecycle policy. When the scale-in happens, the first action is the Terminating action.

For more information on Autoscaling Lifecycle, please refer to the below link: http://docs.aws.amazon.com/autoscaling/latest/userguide/AutoScaingGroupLifecycle.html

NEW QUESTION 20
You are planning on using encrypted snapshots in the design of your AWS Infrastructure. Which of the following statements are true with regards to EBS Encryption

• A. Snapshottingan encrypted volume makes an encrypted snapshot; restoring an encrypted snapshot creates an encrypted volume when specified / requested.
• B. Snapshotting an encrypted volume makes an encrypted snapshot when specified / requested; restoring an encrypted snapshot creates an encrypted volume when specified / requested.
• C. Snapshotting an encrypted volume makes an encrypted snapshot; restoring an encrypted snapshot always creates an encrypted volume.
• D. Snapshotting an encrypted volume makes an encrypted snapshot when specified / requested; restoring an encrypted snapshot always creates an encrypted volume.

Answer: C

Explanation:
Amazon CBS encryption offers you a simple encryption solution for your CBS volumes without the need for you to build, maintain, and secure your own key management infrastructure. When you create an encrypted CBS volume and attach it to a supported instance type, the following types of data are encrypted:
• Data at rest inside the volume
• All data moving between the volume and the instance
• All snapshots created from the volume
Snapshots that are taken from encrypted volumes are automatically encrypted. Volumes that are created from encrypted snapshots are also automatically
encrypted.
For more information on CBS encryption, please visit the below URL:
• http://docs.aws.amazon.com/AWSCC2/latest/UserGuide/ CBSCncryption.html

NEW QUESTION 21
......