All About Precise DOP-C01 Test Preparation

NEW QUESTION 1
Your company has multiple applications running on AWS. Your company wants to develop a tool that notifies on-call teams immediately via email when an alarm is triggered in your environment. You have multiple on-call teams that work different shifts, and the tool should handle notifying the correct teams at the correct times. How should you implement this solution?

• A. Create an Amazon SNS topic and an Amazon SQS queu
• B. Configure the Amazon SQS queue as a subscriber to the Amazon SNS topic.Configure CloudWatch alarms to notify this topic when an alarm is triggere
• C. Create an Amazon EC2 Auto Scaling group with both minimum and desired Instances configured to 0. Worker nodes in thisgroup spawn when messages are added to the queu
• D. Workers then use Amazon Simple Email Service to send messages to your on call teams.
• E. Create an Amazon SNS topic and configure your on-call team email addresses as subscriber
• F. Use the AWS SDK tools to integrate your application with Amazon SNS and send messages to this new topi
• G. Notifications will be sent to on-call users when a CloudWatch alarm is triggered.
• H. Create an Amazon SNS topic and configure your on-call team email addresses as subscriber
• I. Create a secondary Amazon SNS topic for alarms and configure your CloudWatch alarms to notify this topic when triggere
• J. Create an HTTP subscriber to this topic that notifies your application via HTTP POST when an alarm is triggere
• K. Use the AWS SDK tools to integrate your application with Amazon SNS and send messages to the first topic so that on-call engineers receive alerts.
• L. Create an Amazon SNS topic for each on-call group, and configure each of these with the team member emails as subscriber
• M. Create another Amazon SNS topic and configure your CloudWatch alarms to notify this topic when triggere
• N. Create an HTTP subscriber to this topic that notifies your application via HTTP POST when an alarm is triggere
• O. Use the AWS SDK tools to integrate your application with Amazon SNS and send messages to the correct team topic when on shift.

Answer: D

Explanation:
Option D fulfils all the requirements
1) First is to create a SNS topic for each group so that the required members get the email addresses.
2) Ensure the application uses the HTTPS endpoint and the SDK to publish messages Option A is invalid because the SQS service is not required.
Option B and C are incorrect. As per the requirement we need to provide notification to only those on-call teams who are working in that particular shift when an alarm is triggered. It need not have to be send to all the on-call teams of the company. With Option B & C, since we are not configuring the SNS topic for each on call team the notifications will be send to all the on-call teams. Hence these 2 options are invalid. For more information on setting up notifications, please refer to the below document link: from AWS http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/US_SetupSNS.html

NEW QUESTION 2
Which of the following is false when it comes to using the Elastic Load balancer with Opsworks stacks?

• A. Youcan attach only one load balancer to a layer.
• B. A Classic Load Balancer can span across AWSOpsWorks Stacks layers.
• C. Eachload balancer can handle only one layer.
• D. Youneed to create the load balancer before hand and then attach it to the Opsworkstack.

Answer: B

Explanation:
The AWS Documentation mentions the following
To use Clastic Load Balancing with a stack, you must first create one or more load balancers in the same region by using the Clastic Load Balancing console, CLI, or API. You should be aware of the following:
You can attach only one load balancer to a layer. Cach load balancer can handle only one layer.
AWS OpsWorks Stacks does not support Application Load Balancer. You can only use Classic Load Balancer with AWS OpsWorks Stacks. For more information on Clastic Load Balancer with Opswork,
please visit the below url http://docs.aws.a mazon.com/opsworks/latest/userguide/layers-elb.html

NEW QUESTION 3
You are a Devops engineer for your company. The company hosts a web application that is hosted on a single EC2 Instance. The end users are complaining of slow response times for the application. Which of the following can be used to effectively scale the application?

• A. UseAutoscaling Groups to launch multiple instances and place them behind an ELB.
• B. UseAutoscaling launch configurations to launch multiple instances and place thembehing an ELB.
• C. UseAmazonRDS with the Multi-AZ feature.
• D. UseCloudformation to deploy the app again with an Amazon RDS with the Multi-AZfeature.

Answer: A

Explanation:
The AWS Documentation mentions the below
When you use Auto Scaling, you can automatically increase the size of your Auto Scalinggroup when demand goes up and decrease it when demand goes down. As Auto Scaling adds and removes CC2 instances, you must ensure that the traffic for your application is distributed across all of your CC2 instances. The Clastic Load Balancing service automatically routes incoming web traffic across such a dynamically changing number of L~C2 instances. Your load balancer acts as a single point
of contact for all incoming traffic to the instances in your Auto Scalinggroup. For more information on Autoscaling and ELB, please refer to the below link:
• http://docs.aws.a mazon.com/autoscaling/latest/userguide/autosca I ing-load-balancer.html

NEW QUESTION 4
Which of the following are ways to secure data at rest and in transit in AWS. Choose 3 answers from the options given below

• A. Encryptall EBS volumes attached to EC2 Instances
• B. Useserver side encryption for S3
• C. UseSSL/HTTPS when using the Elastic Load Balancer
• D. UselOPS volumes when working with EBS volumes on EC2 Instances

Answer: ABC

Explanation:
The AWS documentation mentions the following
Amazon CBS encryption offers you a simple encryption solution for your EBS volumes without the need for you to build, maintain, and secure your own key management infrastructure. When you create an encrypted CBS volume and attach it to a supported instance type, the following types of data are encrypted:
Data at rest inside the volume
All data moving between the volume and the instance
All snapshots created from the volume Data protection refers to protecting data while in-transit (as it travels to and from Amazon S3) and at rest (while it is stored on disks in Amazon S3 data centers). You can protect data in transit by using SSL or by using client-side encryption. You have the following options of protecting data at rest in Amazon S3.
Use Server-Side encryption - You request Amazon S3 to encrypt your object before saving it on disks in its data centers and decrypt it when you download the objects.
Use Client-Side Encryption - You can encrypt data client-side and upload the encrypted data to Amazon S3. In this case, you manage the encryption process, the encryption keys, and related tools. You can create a load balancer that uses the SSL/TLS protocol for encrypted connections (also known as SSL offload). This feature enables traffic encryption between your load balancer and the clients that initiate HTTPS sessions, and for connections between your load balancer and your L~C2 instances. For more information on securing data at rest, please refer to the below link:
• https://dO3wsstatic.com/whitepapers/aws-securing-data-at-rest-with-encryption.pdf

NEW QUESTION 5
You are building out a layer in a software stack on AWS that needs to be able to scale out to react to increased demand as fast as possible. You are running the code on EC2 instances in an Auto Scaling Group behind an ELB. Which application code deployment method should you use?

• A. SSH into new instances that come online, and deploy new code onto the system by pulling it from an S3 bucket, which is populated by code that you refresh from source control on new pushes.
• B. Bake an AMI when deploying new versions of code, and use that AMI for the Auto Scaling Launch Configuration.
• C. Create a Dockerfile when preparing to deploy a new version to production and publish it to S3. Use UserData in the Auto Scaling Launch configuration to pull down the Dockerfile from S3 and run it when new instances launch.
• D. Create a new Auto Scaling Launch Configuration with UserData scripts configured to pull the latest code at all times.

Answer: B

Explanation:
Since the time required to spin up an instance is required to be fast, its better to create an AMI rather than use User Data. When you use User Data, the script will be
run during boot up, and hence this will be slower.
An Amazon Machine Image (AMI) provides the information required to launch an instance, which is a virtual server in the cloud. You specify an AM I when you launch
an instance, and you can launch as many instances from the AMI as you need. You can also launch instances from as many different AMIs as you need.
For more information on the AMI, please refer to the below link:
• http://docs.aws.amazon.com/AWSCC2/latest/UserGuide/AMIs.html

NEW QUESTION 6
You need to grant a vendor access to your AWS account. They need to be able to read protected messages in a private S3 bucket at their leisure. They also use AWS. What is the best way to accomplish this?

• A. Create an 1AM User with API Access Key
• B. Grant the User permissions to access the bucke
• C. Give the vendor the AWS Access Key ID and AWS Secret Access Key for the User.
• D. Create an EC2 Instance Profile on your accoun
• E. Grant the associated 1AM role full access to the bucke
• F. Start an EC2 instance with this Profile and give SSH access to the instance to the vendor.
• G. Create a cross-account I AM Role with permission to access the bucket, and grant permission to use the Role to the vendor AWS account.D- Generate a signed S3 PUT URL and a signed S3 PUT URL, both with wildcard values and 2 year duration
• H. Pass the URLs to the vendor.

Answer: C

Explanation:
You can use AWS Identity and Access Management (I AM) roles and AWS Security Token Service (STS) to set up cross-account access between AWS accounts. When you assume an 1AM role in another AWS account to obtain cross-account access to services and resources in that account, AWS CloudTrail logs the cross-account activity For more information on Cross Account Access, please visit the below URL:
• https://aws.amazon.com/blogs/security/tag/cross-account-access/

NEW QUESTION 7
Which of the following services can be used in conjunction with Cloudwatch Logs. Choose the 3 most viable services from the options given below

• A. Amazon Kinesis
• B. Amazon S3
• C. Amazon SQS
• D. Amazon Lambda

Answer: ABD

Explanation:
The AWS Documentation the following products which can be integrated with Cloudwatch logs
1) Amazon Kinesis - Here data can be fed for real time analysis
2) Amazon S3 - You can use CloudWatch Logs to store your log data in highly durable storage such as S3.
3) Amazon Lambda - Lambda functions can be designed to work with Cloudwatch log For more information on Cloudwatch Logs, please refer to the below link: link:http://docs^ws.amazon.com/AmazonCloudWatch/latest/logs/WhatlsCloudWatchLogs.html

NEW QUESTION 8
You are a DevOps engineer for a company. You have been requested to create a rolling deployment solution that is cost-effective with minimal downtime. How should you achieve this? Choose two answers from the options below

• A. Re-deploy your application using a CloudFormation template to deploy Elastic Beanstalk
• B. Re-deploy with a CloudFormation template, define update policies on Auto Scalinggroups in your CloudFormation template
• C. Use UpdatePolicy attribute to specify how CloudFormation handles updates to Auto Scaling Group resource.
• D. After each stack is deployed, tear down the old stack

Answer: BC

Explanation:
The AWS::AutoScaling::AutoScalingGroup resource supports an UpdatePolicy attribute. This is used to define how an Auto Scalinggroup resource is updated when
an update to the Cloud Formation stack occurs. A common approach to updating an Auto Scaling group is to perform a rolling update, which is done by specifying the
AutoScalingRollingUpdate policy. This retains the same Auto Scalinggroup and replaces old instances with new ones, according to the parameters specified.
Option A is invalid because it is not efficient to use Cloudformation to use Clastic Beanstalk.
Option D is invalid because this is an inefficient process to tear down stacks when there are stack policies available
For more information on Autoscaling Rolling Updates please refer to the below link:
• https://aws.amazon.com/premiumsupport/knowledge-center/auto-scaling-group-rolling- updates/

NEW QUESTION 9
You are using Elastic Beanstalk for your development team. You are responsible for deploying multiple versions of your application. How can you ensure, in an ideal way, that you don't cross the application version limit in Elastic beanstalk?

• A. Createa lambda function to delete the older versions.
• B. Createa script to delete the older versions.
• C. UseAWSConfig to delete the older versions
• D. Uselifecyle policies in Elastic beanstalk

Answer: D

Explanation:
The AWS Documentation mentions
Each time you upload a new version of your application with the Clastic Beanstalk console or the CB CLI, Elastic Beanstalk creates an application version. If you don't delete versions that you no longer use, you will eventually reach the application version limit and be unable to create new versions of that application.
You can avoid hitting the limit by applying an application version lifecycle policy to your applications.
A lifecycle policy tells Clastic Beanstalk to delete application versions that are old, or to delete application versions when the total number of versions for an application exceeds a specified number.
For more information on Clastic Beanstalk lifecycle policies please see the below link:
• http://docs.aws.a mazon.com/elasticbeanstalk/latest/dg/appl ications-lifecycle.html

NEW QUESTION 10
Explain what the following resource in a CloudFormation template does? Choose the best possible answer.

• A. Createsan SNS topic which allows SQS subscription endpoints to be added as a parameteron thetemplate
• B. Createsan SNS topic that allow SQS subscription endpoints
• C. Createsan SNS topic and then invokes the call to create an SQS queue with a logicalresource name of SQSQueue
• D. Creates an SNS topic and adds asubscription ARN endpoint for the SQS resource created under the logical nameSQSQueue

Answer: D

Explanation:
The intrinsic function Fn::GetAtt returns the value of an attribute from a resource in the template. This has nothing to do with adding parameters (Option A is wrong) or allowing endpoints (Option B is wrong) or invoking relevant calls (Option C is wrong)
For more information on Fn:: GetAtt function please refer to the below link
http://docs.aws.a mazon.com/AWSCIoudFormation/latest/UserGuide/intrinsic-function -reference- getatt.htm I

NEW QUESTION 11
What are the benefits when you implement a Blue Green deployment for your infrastructure or application level changes. Choose 3 answers from the options given below

• A. Nearzero-downtime release for new changes
• B. Betterrollback capabilities
• C. Abilityto deploy with higher risk
• D. Goodturnaround time for application deployments

Answer: ABD

Explanation:
The AWS Documentation mentions the following
Blue/green deployments provide near zero-downtime release and rollback capabilities. The fundamental idea behind blue/green deployment is to shift traffic between two identical environments that are running different versions of your application. The blue environment represents the current application version serving production traffic. In parallel, the green environment is staged running a different version of your application. After the green environment is ready and tested, production traffic is redirected from blue to green.
For more information on Blue Green deployments please see the below link:
• https://dOawsstatic.com/whitepapers/AWS_Blue_Green_Deployments.pdf

NEW QUESTION 12
You have a set of applications hosted in AWS. There is a requirement to store the logs from this application onto durable storage. After a period of 3 months, the logs can be placed in archival storage. Which of the following steps would you carry out to achieve this requirement. Choose 2 answers from the options given below

• A. Storethe logfiles as they emitted from the application on to Amazon Glacier
• B. Storethe log files as they emitted from the application on to Amazon Simple Storageservice
• C. UseLifecycle policies to move the data onto Amazon Glacier after a period of 3months
• D. UseLifecycle policies to move the data onto Amazon Simple Storage service after aperiod of 3 months

Answer: BC

Explanation:
The AWS Documentation mentions the following
Amazon Simple Storage Service (Amazon S3) makes it simple and practical to collect, store, and analyze data - regardless of format - all at massive scale. S3 is object storage built to store and retrieve any amount of data from anywhere - web sites and mobile apps, corporate applications, and data from loT sensors or devices.
For more information on S3, please visit the below URL:
• https://aws.amazon.com/s3/
Lifecycle configuration enables you to specify the lifecycle management of objects in a bucket. The configuration is a set of one or more rules, where each rule defines an action for Amazon S3 to apply to a group of objects. These actions can be classified as follows: Transition actions - In which you define when objects transition to another storage class. For example, you may choose to transition objects to the STANDARDJ A (IA, for infrequent access) storage class 30 days after creation, or archive objects to the GLACIER storage class one year after creation. Cxpiration actions - In which you specify when the objects expire. Then Amazon S3 deletes the expired objects on your behalf. For more information on S3 Lifecycle policies please visit the below URL:
• http://docs.aws.a mazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.htmI

NEW QUESTION 13
You have an asynchronous processing application usingan Auto Scaling Group and an SQS Queue. The Auto Scaling Group scales according to the depth of the job queue. The completion velocity of the jobs has gone down, the Auto Scaling Group size has maxec out, but the inbound job velocity did not increase. What is a possible issue?

• A. Some of the new jobs coming in are malformed and unprocessable.
• B. The routing tables changed and none of the workers can process events anymore.
• C. Someone changed the 1AM Role Policy on the instances in the worker group and broke permissions to access the queue.
• D. The scaling metric is not functioning correctly.

Answer: A

Explanation:
This question is more on the grounds of validating each option
Option B is invalid, because the Route table would have an effect on all worker processes and no jobs would have been completed.
Option C is invalid because if the 1AM Role was invalid then no jobs would be completed.
Option D is invalid because the scaling is happening, its just that the jobs are not getting completed. For more information on Scaling on Demand, please visit the below URL:
• http://docs.aws.a mazon.com/autoscaling/latest/userguide/as-scale-based-on-demand.html

NEW QUESTION 14
Which of the following are advantages of using AWS CodeCommit over hosting your own source code repository system?

• A. Reduction in hardware maintenance costs
• B. Reduction in fees paid over licensing
• C. No specific restriction on files andbranches
• D. All of the above

Answer: D

Explanation:
The AWS Documentation mentions the following on CodeCommit
Self-hosted version control systems have many potential drawbacks, including: Expensive per-developer licensing fees.
High hardware maintenance costs. High support staffing costs.
Limits on the amount and types of files that can be stored and managed.
Limits on the number of branches, the amount of version history, and other related metadata that can be stored. For more information on CodeCommit please refer to the below link
• http://docs.aws.amazon.com/codecommit/latest/userguide/wel come.html

NEW QUESTION 15
For AWS Auto Scaling, what is the first transition state an instance enters after leaving steady state when scaling in due to health check failure or decreased load?

• A. Terminating
• B. Detaching
• C. Terminating:Wait
• D. EnteringStandby

Answer: A

Explanation:
The below diagram shows the Lifecycle policy. When the scale-in happens, the first action is the Terminating action.

For more information on Autoscaling Lifecycle, please refer to the below link: http://docs.aws.amazon.com/autoscaling/latest/userguide/AutoScaingGroupLifecycle.html

NEW QUESTION 16
Your application is having a very high traffic, so you have enabled autoscaling in multi availability zone to suffice the needs of your application but you observe that one of the availability zone is not receiving any traffic. What can be wrong here?

• A. Autoscalingonly works for single availability zone
• B. Autoscalingcan be enabled for multi AZ only in north Virginia region
• C. Availabilityzone is not added to Elastic load balancer
• D. Instancesneed to manually added to availability zone

Answer: C

Explanation:
When you add an Availability Zone to your load balancer. Clastic Load Balancing creates a load balancer node in the Availability Zone. Load balancer nodes accept traffic from clients and forward requests to the healthy registered instances in one or more Availability Zones.
For more information on adding AZ's to CLB, please refer to the below U RL:
htto://docs aws.amazon.com/eiasticloadbaIancins/latest/classic/enable-disable-az.html

NEW QUESTION 17
You have an application consisting of a stateless web server tier running on Amazon EC2 instances behind load balancer, and are using Amazon RDS with read replicas. Which of the following methods should you use to implement a self-healing and cost-effective architecture? Choose 2 answers from the optionsgiven below

• A. Set up a third-party monitoring solution on a cluster of Amazon EC2 instances in order to emit custom Cloud Watch metrics to trigger the termination of unhealthy Amazon EC2 instances.
• B. Set up scripts on each Amazon EC2 instance to frequently send ICMP pings to the load balancer in order to determine which instance is unhealthy and replace it.
• C. Set up an Auto Scalinggroup for the web server tier along with an Auto Scaling policy that uses the Amazon RDS DB CPU utilization Cloud Watch metric to scale the instances.
• D. Set up an Auto Scalinggroup for the web server tier along with an Auto Scaling policy that uses the Amazon EC2 CPU utilization CloudWatch metric to scale the instances.
• E. Use a larger Amazon EC2 instance type for the web server tier and a larger DB instance type for the data storage layer to ensure that they don't become unhealthy.
• F. Set up an Auto Scalinggroup for the database tier along with an Auto Scaling policy that uses the Amazon RDS read replica lag CloudWatch metric to scale out the Amazon RDS read replicas.
• G. Use an Amazon RDS Multi-AZ deployment.

Answer: DG

Explanation:
The scaling of CC2 Instances in the Autoscaling group is normally done with the metric of the CPU utilization of the current instances in the Autoscaling group
For more information on scaling in your Autoscaling Group, please refer to the below link:
• http://docs.aws.amazon.com/autoscaling/latest/userguide/as-scaling-simple-step.html
Amazon RDS Multi-AZ deployments provide enhanced availability and durability for Database (DB) Instances, making them a natural fit for production database workloads. When you provision a Multi- AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). Cach AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable. In case of an infrastructure failure, Amazon RDS performs an automatic failover to the standby (or to a read replica in the case of Amazon Aurora), so that you can resume database operations as soon as the failover is complete. For more information on RDS Multi-AZ please refer to the below link: https://aws.amazon.com/rds/details/multi-az/
Option A is invalid because if you already have in-built metrics from Cloudwatch, why would you want to spend more in using a a third-party monitoring solution.
Option B is invalid because health checks are already a feature of AWS CLB
Option C is invalid because the database CPU usage should not be used to scale the web tier.
Option C is invalid because increasing the instance size does not always guarantee that the solution will not become unhealthy.
Option F is invalid because increasing Read-Replica's will not suffice for write operations if the primary DB fails.

NEW QUESTION 18
Which of the following is not a supported platform for the Elastic beanstalk service

• A. Java
• B. AngularJS
• C. PHP
• D. .Net

Answer: B

Explanation:

For more information on Elastic beanstalk, please visit the below URL:
http://docs.aws.a mazon.com/elasticbeanstalk/latest/dg/concepts.platforms. htm I

NEW QUESTION 19
You are in charge of designing a number of Cloudformation templates for your organization. You need to ensure that no one can accidentally update the production based resources on the stack during a stack update. How can this be achieved in the most efficient way?

• A. Createtags for the resources and then create 1AM policies to protect the resources.
• B. Usea Stack based policy to protect the production based resources.
• C. UseS3 bucket policies to protect the resources.
• D. UseMFA to protect the resources

Answer: B

Explanation:
The AWS Documentation mentions
When you create a stack, all update actions are allowed on all resources. By default, anyone with stack update permissions can update all of the resources in the stack. During an update, some resources might require an interruption or be completely replaced, resulting in new physical IDs or completely new storage. You can prevent stack resources from being unintentionally updated or deleted during a stack update by using a stack policy. A stack policy is a JSON document that defines the update action1.-; that car1 be performed on designated resources.
For more information on protecting stack resources, please visit the below url http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/protect-stack-resources.html

NEW QUESTION 20
You are planning on using AWS Code Deploy in your AWS environment. Which of the below features of AWS Code Deploy can be used to Specify scripts to be run on each instance at various stages of the deployment process

• A. AppSpecfile
• B. CodeDeployfile
• C. Configfile
• D. Deploy file

Answer: A

Explanation:
The AWS Documentation mentions the following on AWS Code Deploy
An application specification file (AppSpec file), which is unique to AWS CodeDeploy, is a YAML- formatted file used to:
Map the source files in your application revision to their destinations on the instance. Specify custom permissions for deployed files.
Specify scripts to be run on each instance at various stages of the deployment process. For more information on AWS CodeDeploy, please refer to the URL: http://docs.aws.amazon.com/codedeploy/latest/userguide/application-specification-files.htmI

NEW QUESTION 21
......