100% Guarantee Amazon-Web-Services DOP-C01 Exam Online

NEW QUESTION 1
You have an Autoscaling Group configured to launch EC2 Instances for your application. But you notice that the Autoscaling Group is not launching instances in the right proportion. In fact instances are being launched too fast. What can you do to mitigate this issue? Choose 2 answers from the options given below

• A. Adjust the cooldown period set for the Autoscaling Group
• B. Set a custom metric which monitors a key application functionality forthe scale-in and scale-out process.
• C. Adjust the CPU threshold set for the Autoscaling scale-in and scale-out process.
• D. Adjust the Memory threshold set forthe Autoscaling scale-in and scale-out process.

Answer: AB

Explanation:
The Auto Scaling cooldown period is a configurable setting for your Auto Scaling group that helps to ensure that Auto Scaling doesn't launch or terminate additional instances before the previous scaling activity takes effect.
For more information on the cool down period, please refer to the below link:
• http://docs^ws.a mazon.com/autoscaling/latest/userguide/Cooldown.html
Also it is better to monitor the application based on a key feature and then trigger the scale-in and scale-out feature accordingly. In the question, there is no mention of CPU or memory causing the issue.

NEW QUESTION 2
You run a multi-tier architecture on AWS with webserver instances running Nginx. Your users are getting errors when they use the web application. How can diagnose the errors quickly and efficiently

• A. Installthe Cloud Watch Logs agent and send Nginx access log data to CloudWatc
• B. Fromthere, pipe the log data through to a third party logging and graphing tool.
• C. Installthe CloudWatch Logs agent and send Nginx access log data to CloudWatc
• D. Then/filter the log streams for searching the relevant errors.
• E. Sendall the errors to AWS Lambda for processing.
• F. Sendall the errors to AWS Config for processing

Answer: B

Explanation:
The AWS Documentation mentions the following
You use metric filters to search for and match terms, phrases, or values in your log events. When a metric filter finds one of the terms, phrases, or values in your log events, you can increment the value of a CloudWatch metric. For example, you can create a metric filter to search for and count the occurrence of the word CRROR in your log events.
For more information on Cloudwatch logs Analysis, please see the below link:
• http://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/ FilterAndPatternSyntax.html

NEW QUESTION 3
Your team wants to begin practicing continuous delivery using CloudFormation, to enable automated builds and deploys of whole, versioned stacks or stack layers. You have a 3-tier, mission-critical system. Which of the following is NOT a best practice for using CloudFormation in a continuous delivery environment?

• A. Use the AWS CloudFormation ValidateTemplate call before publishing changes to AWS.
• B. Model your stack in one template, so you can leverage CloudFormation's state management and dependency resolution to propagate all changes.
• C. Use CloudFormation to create brand new infrastructure for all stateless resources on each push, and run integration tests on that set of infrastructure.
• D. Parametrize the template and use Mappings to ensure your template works in multiple Regions.

Answer: B

Explanation:
Answer - B
Some of the best practices for Cloudformation are
• Created Nested stacks
As your infrastructure grows, common patterns can emerge in which you declare the same components in each of your templates. You can separate out these common components and create dedicated templates for them. That way, you can mix and match different templates but use nested stacks to create a single, unified stack. Nested stacks are stacks that create other stacks. To create nested stacks, use the AWS::CloudFormation::Stackresource in your template to reference other templates.
• Reuse Templates
After you have your stacks and resources set up, you can reuse your templates to replicate your infrastructure in multiple environments. For example, you can create environments for development, testing, and production so that you can test changes before implementing them into production. To make templates reusable, use the parameters, mappings, and conditions sections so that you can customize your stacks when you create them. For example, for your development environments, you can specify a lower-cost instance type compared to your production environment, but all other configurations and settings remain the same. For more information on Cloudformation best practises, please visit the below URL: http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/best-practices.html

NEW QUESTION 4
Your application's Auto Scaling Group scales up too quickly, too much, and stays scaled when traffic decreases. What should you do to fix this?

• A. Set a longer cooldown period on the Group, so the system stops overshooting the target capacit
• B. The issue is that the scaling system doesn't allow enough time for new instances to begin servicing requests before measuring aggregate load again.
• C. Calculate the bottleneck or constraint on the compute layer, then select that as the new metric, and set the metric thresholds to the bounding values that begin to affect response latency.
• D. Raise the CloudWatch Alarms threshold associated with your autoscaling group, so the scaling takes more of an increase in demand before beginning.
• E. Use larger instances instead of lots of smaller ones, so the Group stops scaling out so much and wasting resources as the OS level, since the OS uses a higher proportion of resources on smaller instances.

Answer: B

Explanation:
The ideal case is that the right metric is not being used for the scale up and down.
Option A is not valid because it mentions that the cooldown is not happening when the traffic decreases, that means the metric threshold for the scale down is not occurring in Cloudwatch
Option C is not valid because increasing the Cloudwatch alarm metric will not ensure that the instances scale down when the traffic decreases.
Option D is not valid because the question does not mention any constraints that points to the instance size. For an example on using custom metrics for scaling in and out, please follow the below link for a use case.
• https://blog.powerupcloud.com/aws-autoscaling-based-on-database-query-custom-metrics- f396c16e5e6a

NEW QUESTION 5
By default in Opswork, how many application versions can you rollback up to?

• A. 1
• B. 2
• C. 3
• D. 4

Answer: D

Explanation:
The AWS Documentation mentions the following Restores the previously deployed app version. For example, if you have deployed the app three times and then run Rollback, the server will serve the app from the second deployment. If you run Rollback again, the server will serve the app from the first deployment. By default, AWS OpsWorks Stacks stores the five most recent deployments, which allows you to roll back up to four versions. If you exceed the number of stored versions, the command fails and leaves the oldest version in place.
For more information on Opswork app deployment, please visit the below U RL: http://docs.aws.amazon.com/opsworks/latest/userguide/workingapps-deploying.html

NEW QUESTION 6
What is required to achieve gigabit network throughput on EC2? You already selected cluster- compute, 10GB instances with enhanced networking, and your workload is already network-bound, but you are not seeing 10 gigabit speeds.

• A. Enable biplex networking on your servers, so packets are non-blocking in both directions and there's no switching overhead.
• B. Ensure the instances are in different VPCs so you don't saturate the Internet Gateway on any one VPC.
• C. Select PIOPS for your drives and mount several, so you can provision sufficient disk throughput.
• D. Use a placement group for your instances so the instances are physically near each other in the same Availability Zone.

Answer: D

Explanation:
A placement group is a logical grouping of instances within a single Availability Zone. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both. To provide the lowest latency, and the highest packet-per-second network performance for your placement group, choose an instance type that supports enhanced networking. For more information on Placement Groups, please visit the below URL: http://docs.aws.amazon.com/AWSCC2/latest/UserGuide/placement-groups.html

NEW QUESTION 7
One of the instances in your Auto Scaling group health check returns the status of Impaired to Auto Scaling. What will Auto Scaling do in this case.

• A. Terminate the instance and launch a new instance
• B. Send an SNS notification
• C. Perform a health check until cool down before declaring that the instance has failed
• D. Wait for the instance to become healthy before sending traffic

Answer: A

Explanation:
Auto Scaling periodically performs health checks on the instances in your Auto Scaling group and identifies any instances that are unhealthy. You can configure Auto Scaling to determine the health status of an instance using Amazon EC2 status checks. Clastic Load Balancing health checks, or custom health checks
By default. Auto Scaling health checks use the results of the CC2 status checks to determine the health status of an instance. Auto Scaling marks an instance as
unhealthy if its instance fails one or more of the status checks.
For more information monitoring in Autoscaling, please visit the below URL: http://docs.aws.a mazon.com/autoscaling/latest/userguide/as-mon itoring-features.html

NEW QUESTION 8
You are a Devops Enginneer in your company. You have been instructed to ensure there is an automated backup solution in place for EBS Volumes. These snapshots need to be retained only for a period of 20 days. How can you achieve this requirement in an efficient manner?

• A. Usethe aws ec2 create-volume API to create a snapshot of the EBS Volum
• B. The usethe describe- volume to see those snapshots which are greater than 20 days andthen delete them accordingly using the delete-volume API call.
• C. UseLifecycle policies to push the EBS Volumes to Amazon Glacie
• D. Then use furtherlifecycle policies to delete the snapshots after 20 days.
• E. UseLifecycle policies to push the EBS Volumes to Amazon S3. Then use further lifecyclepolicies to delete the snapshots after 20 days.
• F. Use Amazon Data Lifecycle Manager to automate the process.

Answer: D

Explanation:
Use Amazon Data Lifecycle Manager (Amazon DLM) to automate the creation, retention, and deletion of snapshots taken to back up your Amazon EBS volumes.
Automating snapshot management helps you to:
•Protect valuable data by enforcing a regular backup schedule. Retain backups as required by auditors or internal compliance.
•Reduce storage costs by deleting outdated backups.
For more Information, Please check the below AWS Docs:
• https://docs.aws.amazon.com/AWSCC2/latest/UserGuide/snapshot-lifecycle.html

NEW QUESTION 9
Your company has developed a web application and is hosting it in an Amazon S3 bucket configured for static website hosting. The application is using the AWS SDK for JavaScript in the browser to access data stored in an Amazon DynamoDB table. How can you ensure that API keys for access to your data in DynamoDB are kept secure?

• A. Create an Amazon S3 role in 1AM with access to the specific DynamoDB tables, and assign it to the bucket hosting your website.
• B. Configure S3 bucket tags with your AWS access keys for your bucket hosing your website so that the application can query them for access.
• C. Configure a web identity federation role within 1AM to enable access to the correct DynamoDB resources and retrieve temporary credentials.
• D. Store AWS keys in global variables within your application and configure the application to use these credentials when making requests.

Answer: C

Explanation:
With web identity federation, you don't need to create custom sign-in code or manage your own user identities. Instead, users of your app can sign in using a well-known identity provider (IdP) — such as Login with Amazon, Facebook, Google, or any other OpenID Connect (OIDC)-compatible IdP, receive an authentication token, and then exchange that token for temporary security credentials in AWS that map to an 1AM role with permissions to use the resources in your AWS account. Using an IdP helps you keep your AWS account secure, because you don't have to embed and distribute long- term security credentials with your application. For more information on Web Identity Federation, please refer to the below document link: from AWS http://docs.wsamazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html

NEW QUESTION 10
You have an Auto Scaling group with 2 AZs. One AZ has 4 EC2 instances and the other has 3 EC2 instances. None of the instances are protected from scale in. Based on the default Auto Scaling termination policy what will happen?

• A. Auto Scaling selects an instance to terminate randomly
• B. Auto Scaling will terminate unprotected instances in the Availability Zone with the oldest launch configuration.
• C. Auto Scaling terminates which unprotected instances are closest to the next billing hour.
• D. Auto Scaling will select the AZ with 4 EC2 instances and terminate an instance.

Answer: D

Explanation:
The default termination policy is designed to help ensure that your network architecture spans Availability Zones evenly. When using the default termination policy.
Auto Scaling selects an instance to terminate as follows:
Auto Scaling determines whether there are instances in multiple Availability Zones. If so, it selects the Availability Zone with the most instances and at least one instance that is not protected from scale in. If there is more than one Availability Zone with this number of instances. Auto Scaling selects the Availability Zone with the instances that use the oldest launch configuration. For more information on Autoscaling instance termination please refer to the below link: http://docs.aws.amazon.com/autoscaling/latest/userguide/as-instance-termination.html

NEW QUESTION 11
When storing sensitive data on the cloud which of the below options should be carried out on AWS. Choose 3 answers from the options given below.

• A. WithAWS you do not need to worry about encryption
• B. EnableEBS Encryption
• C. Encryptthe file system on an EBS volume using Linux tools
• D. EnableS3 Encryption

Answer: BCD

Explanation:
Amazon CBS encryption offers you a simple encryption solution for your CBS volumes without the need for you to build, maintain, and secure your own key management infrastructure. When you create an encrypted CBS volume and attach it to a supported instance type, the following types of data are encrypted:
Data at rest inside the volume
All data moving between the volume and the instance
All snapshots created from the volume For more information on CBS encryption, please refer to the below link:
• http://docs.aws.amazon.com/AWSCC2/latest/UserGuide/CBSCncryption.htrril
Data protection refers to protecting data while in-transit (as it travels to and from Amazon S3) and at rest (while it is stored on disks in Amazon S3 data centers). You can protect data in transit by using SSL or by using client-side encryption. For more information on S3 encryption, please refer to the below link:
• http://docs-aws.amazon.com/AmazonS3/latest/dev/UsingCncryption.html

NEW QUESTION 12
When thinking of AWS Elastic Beanstalk's model, which is true?

• A. Applications have many deployments, deployments have many environments.
• B. Environments have many applications, applications have many deployments.
• C. Applications have many environments, environments have many deployments.
• D. Deployments have many environments, environments have many applications.

Answer: C

Explanation:
The first step in using Elastic Beanstalk is to create an application, which represents your web application in AWS. In Elastic Beanstalk an application serves as a
container for the environments that run your web app, and versions of your web app's source code, saved configurations, logs and other artifacts that you create
while using Elastic Beanstalk.
For more information on Applications, please refer to the below link: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/applications.html
Deploying a new version of your application to an environment is typically a fairly quick process. The new source bundle is deployed to an instance and extracted, and the the web container or application server picks up the new version and restarts if necessary. During deployment, your application might still become unavailable to users for a few seconds. You can prevent this by configuring your environment to use rolling deployments to deploy the new version to instances in batches. For more information on deployment, please refer to the below link: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.de ploy-existing-version, html

NEW QUESTION 13
In AWS Code Deploy which of the following deployment types are available. Choose 2 answers from the options given below

• A. In-placedeployments
• B. Rollingdeployments
• C. Immutabledeployments
• D. Blue/Greendeployments

Answer: AD

Explanation:
The AWS documentation mentions the following
Deployment type: The method used to make the latest application revision available on instances in a deployment group.
In-place deployment: The application on each instance in the deployment group is stopped, the latest application revision is installed, and the new version of the application is started and validated. You can choose to use a load balancer so each instance is deregistered during its deployment and then restored to service after the deployment is complete.
Blue/green deployment: The instances in a deployment group (the original environment) are replaced by a different set of instances (the replacement environment) using these steps:
Instances are provisioned for the replacement environment.
o The latest application revision is installed on the replacement instances,
o An optional wait time occurs for activities such as application testing and system verification. Instances in the replacement environment are registered with an Elastic Load Balancing load balancer, causing traffic to be rerouted to them. Instances in the original environment are deregistered and can be terminated or kept running for other uses. For more information on the components of AWS Code Deploy, please refer to the below link:
• http://docs.aws.amazon.com/codedeploy/latest/userguide/primary-components.html

NEW QUESTION 14
What is web identity federation?

• A. Use of an identity provider like Google or Facebook to become an AWS1AM User.
• B. Use of an identity provider like Google or Facebook to exchange for temporary AWS security credentials.
• C. Use of AWS 1AM Usertokens to log in as a Google or Facebook user.
• D. Use STS service to create an user on AWS which will allow them to login from facebook orgoogle app.

Answer: B

Explanation:
With web identity federation, you don't need to create custom sign-in code or manage your own user identities. Instead, users of your app can sign in using a well-known identity provider (IdP) — such as Login with Amazon, Facebook, Google, or any other OpenID Connect (OIDC)-compatible IdP, receive an authentication token, and then exchange that token for temporary security credentials in AWS that map to an 1AM role with permissions to use the resources in your AWS account. Using an IdP helps you keep your AWS account secure, because you don't have to embed and distribute long- term security credentials with your application. For more information on Web Identity federation please refer to the below link:
http://docs^ws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html

NEW QUESTION 15
You are using Elastic Beanstalk to manage your e-commerce store. The store is based on an open source e- commerce platform and is deployed across multiple instances in an Auto Scaling group. Your development team often creates new "extensions" for the e-commerce store. These extensions include PHP source code as well as an SQL upgrade script used to make any necessary updates to the database schema. You have noticed that some extension deployments fail due to an error when running the SQL upgrade script. After further investigation, you realize that this is because the SQL script is being executed on all of your Amazon EC2 instances. How would you ensure that the SQL script is only executed once per deployment regardless of how many Amazon EC2 instances are running at the time?

• A. Use a "Container command" within an Elastic Beanstalk configuration file to execute the script, ensuring that the "leader only" flag is set to true.
• B. Make use of the Amazon EC2 metadata service to query whether the instance is marked as the leader" in the Auto Scaling grou
• C. Only execute the script if "true" is returned.
• D. Use a "Solo Command" within an Elastic Beanstalk configuration file to execute the scrip
• E. The Elastic Beanstalk service will ensure that the command is only executed once.
• F. Update the Amazon RDS security group to only allow write access from a single instance in the Auto Scaling group; that way, only one instance will successfully execute the script on the database.

Answer: A

Explanation:
You can use the container_commands key to execute commands that affect your application source code. Container commands run after the application and web server have been set up and the application version archive has been extracted, but before the application version is deployed. Non-container commands and other customization operations are performed prior to the application source code being extracted.
You can use leader_only to only run the command on a single instance, or configure a test to only run the command when a test command evaluates to true. Leader-only container commands are only executed during environment creation and deployments, while other commands and server customization operations are performed every time an instance is provisioned or updated. Leader- only container commands are not executed due to launch configuration changes, such as a change in the AMI Id or instance type. For more information on customizing containers, please visit the below URL:
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-containers-ec2.html

NEW QUESTION 16
You have deployed a Cloudformation template which is used to spin up resources in your account. Which of the following status in Cloudformation represents a failure.

• A. UPDATE_COMPLETE_CLEANUPJN_PROGRESS
• B. DELETE_COMPLETE
• C. ROLLBACK_IN_PROGRESS
• D. UPDATE_IN_PROGRESS

Answer: C

Explanation:
AWS Cloud Formation provisions and configures resources by making calls to the AWS services that are described in your template.
After all the resources have been created, AWS Cloud Formation reports that your stack has been created. You can then start using the resources in your stack. If
stack creation fails, AWS CloudFormation rolls back your changes by deleting the resources that it created.
The below snapshot from Cloudformation shows what happens when there is an error in the stack creation.

For more information on how Cloud Formation works, please refer to the below link: http://docs.ws.amazon.com/AWSCIoudFormation/latest/UserGuide/cfn-whatis-howdoesitwork-html

NEW QUESTION 17
You currently have a set of instances running on your Opswork stacks. You need to install security updates on these servers. What does AWS recommend in terms of how the security updates should be deployed?
Choose 2 answers from the options given below.

• A. Createand start new instances to replace your current online instance
• B. Then deletethe current instances.
• C. Createa new Opswork stack with the new instances.
• D. OnLinux-based instances in Chef 11.10 or older stacks, run the UpdateDependencies stack command.
• E. Create a cloudformation template which can be used to replace the instances.

Answer: AC

Explanation:
The AWS Documentation mentions the following
By default, AWS OpsWorks Stacks automatically installs the latest updates during setup, after an instance finishes booting. AWS OpsWorks Stacks does not automatically install updates after an instance is online, to avoid interruptions such as restarting application servers. Instead, you manage updates to your online instances yourself, so you can minimize any disruptions.
We recommend that you use one of the following to update your online instances.
Create and start new instances to replace your current online instances. Then delete the current instances. The new instances will have the latest set of security patches installed during setup.
On Linux-based instances in Chef 11.10 or older stacks, run the Update Dependencies stack command, which installs the current set of security patches and other updates on the specified instances.
For more information on Opswork updates, please visit the below url • http://docs.aws.amazon.com/opsworks/latest/userguide/best-practices-updates. htmI

NEW QUESTION 18
You have a web application that is currently running on a three M3 instances in three AZs. You have an Auto Scaling group configured to scale from three to thirty instances. When reviewing your Cloud Watch metrics, you see that sometimes your Auto Scalinggroup is hosting fifteen instances. The web application is reading and writing to a DynamoDB.configured backend and configured with 800 Write Capacity Units and 800 Read Capacity Units. Your DynamoDB Primary Key is the Company ID. You are hosting 25 TB of data in your web application. You have a single customer that is complaining of long load times when their staff arrives at the office at 9:00 AM and loads the website, which consists of content that is pulled from DynamoDB. You have other customers who routinely use the web application. Choose the answer that will ensure high availability and reduce the customer's access times.

• A. Adda caching layer in front of your web application by choosing ElastiCacheMemcached instances in one of the AZs.
• B. Doublethe number of Read Capacity Units in your DynamoDB instance because theinstance isprobably being throttled when the customer accesses the website andyour web application.
• C. Changeyour Auto Scalinggroup configuration to use Amazon C3 instance types, becausethe web application layer is probably running out of compute capacity.
• D. Implementan Amazon SQS queue between your DynamoDB database layer and the webapplication layer to minimize the large burst in traffic the customergenerateswhen everyone arrives at the office at 9:00AM and begins accessing the website.
• E. Usedata pipelines to migrate your DynamoDB table to a new DynamoDB table with aprimary key that is evenly distributed across your datase
• F. Update your webappl ication to request data from the new table

Answer: E

Explanation:
The AWS documentation provide the following information on the best performance for DynamoDB tables
The optimal usage of a table's provisioned throughput depends on these factors: The primary key selection.
The workload patterns on individual items. The primary key uniquely identifies each item in a table. The primary key can be simple (partition key) or composite (partition key and sort key). When it stores data, DynamoDB divides a table's items into multiple partitions, and distributes the data primarily based upon the partition key value. Consequently, to achieve the full amount of request throughput you have provisioned for a table, keep your workload spread evenly across the partition key values. Distributing requests across partition key values distributes the requests across partitions. For more information on DynamoDB best practises please visit the link:
• http://docs.aws.a mazon.com/amazondynamodb/latest/developerguide/Guide I inesForTables.htm I
Note: One of the AWS forumns is explaining the steps for this process in detail. Based on that, while importing data from S3 using datapipeline to a new table in dynamodb we can create a new index. Please find the steps given below.

NEW QUESTION 19
Which of the following tools for EC2 can be used to administer instances without the need to SSH or RDP into the instance.

• A. AWSConfig
• B. AWSCodePipeline
• C. RunCommand
• D. EC2Config

Answer: C

Explanation:
You can use Run Command from the Amazon L~C2 console to configure instances without having to login to each instance
For more information on the Run Command, please visit the below URL:
• http://docs.aws.a mazon.com/systems-manager/latest/userguide/rc-console.html

NEW QUESTION 20
When your application is loaded onto an Opsworks stack, which of the following event is triggered by Opsworks?

• A. Deploy
• B. Setup
• C. Configure
• D. Shutdown

Answer: A

Explanation:
When you deploy an application, AWS Ops Works Stacks triggers a Deploy event, which runs each layer's Deploy recipes. AWS OpsWorks Stacks also installs stack configuration and deployment attributes that contain all of the information needed to deploy the app, such as the app's repository and database connection data. For more information on the Deploy event please refer to the below link:
• http://docs.aws.amazon.com/opsworks/latest/userguide/workingapps.html

NEW QUESTION 21
......