All About Breathing DOP-C01 Actual Test

NEW QUESTION 1
Which of the following is a reliable and durable logging solution to track changes made to your AWS resources?

• A. Createa new CloudTrail trail with one new S3 bucket to store the logs and with theglobal services option selecte
• B. Use 1AM roles S3 bucket policies and MultiFactor Authentication (MFA) Delete on the S3 bucket that stores your log
• C. V
• D. Createa new CloudTrail with one new S3 bucket to store the log
• E. Configure SNS tosend log file delivery notifications to your management syste
• F. Use 1AM rolesand S3 bucket policies on the S3 bucket that stores your logs.
• G. Createa new CloudTrail trail with an existing S3 bucket to store the logs and withthe global services option selecte
• H. Use S3 ACLs and Multi FactorAuthentication (M FA) Delete on the S3 bucket that stores your logs.
• I. Createthree new CloudTrail trails with three new S3 buckets to store the logs one forthe AWS Management console, one for AWS SDKs and one for command line tools.Use 1AM roles and S3 bucket policies on the S3 buckets that store your logs.

Answer: A

Explanation:
AWS Identity and Access Management (1AM) is integrated with AWS CloudTrail, a sen/ice that logs AWS events made by or on behalf of your AWS account. CloudTrail logs authenticated AWS API calls and also AWS sign-in events, and collects this event information in files that are delivered to Amazon S3 buckets. You need to ensure that all services are included. Hence option B is partially correct.
Option B and D is wrong because it just adds an overhead for having 3 S3 buckets and SNS notifications.
For more information on Cloudtrail, please visit the below URL:
• http://docs.aws.a mazon.com/IAM/latest/UserGuide/cloudtrail-integration.htm I

NEW QUESTION 2
Your company is concerned with EBS volume backup on Amazon EC2 and wants to ensure they have proper backups and that the data is durable. What solution would you implement and why? Choose the correct answer from the options below

• A. ConfigureAmazon Storage Gateway with EBS volumes as the data source and store thebackups on premise through the storage gateway
• B. Writea cronjob on the server that compresses the data that needs to be backed upusing gzip compression, then use AWS CLI to copy the data into an S3 bucket for durability
• C. Usea lifecycle policy to back up EBS volumes stored on Amazon S3 for durability
• D. Writea cronjob that uses the AWS CLI to take a snapshot of production EBS volume
• E. The data is durable because EBS snapshots are stored on the Amazon S3 standard storage class

Answer: D

Explanation:
You can take snapshots of CBS volumes and to automate the process you can use the CLI. The snapshots are automatically stored on S3 for durability.
For more information on CBS snapshots, please refer to the below link: http://docs.aws.amazon.com/AWSCC2/latest/UserGuide/CBSSnapshots.html

NEW QUESTION 3
A company is running three production web server reserved EC2 instances with EBS-backed root volumes. These instances have a consistent CPU load of 80%. Traffic is being distributed to these instances by an Elastic Load Balancer. They also have production and development Multi-AZ RDS MySQL databases. What recommendation would you make to reduce cost in this environment without affecting availability of mission-critical systems? Choose the correct answer from the options given below

• A. Considerusing on-demand instances instead of reserved EC2 instances
• B. Considernot using a Multi-AZ RDS deployment for the development database
• C. Considerusing spot instances instead of reserved EC2 instances
• D. Considerremovingthe Elastic Load Balancer

Answer: B

Explanation:
Multi-AZ databases is better for production environments rather than for development environments, so you can reduce costs by not using this for development environments Amazon RDS Multi-AZ deployments provide enhanced availability and durability for Database (DB) Instances, making them a natural fit for production database workloads. When you provision a Multi- AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). Cach AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable.
In case of an infrastructure failure, Amazon RDS performs an automatic failover to the standby (or to a read replica in the case of Amazon Aurora), so that you can resume database operations as soon as the failover is complete. Since the endpoint for your DB Instance remains the same after a failover, your application can resume database operation without the need for manual administrative intervention
For more information on Multi-AZ RDS, please refer to the below link: https://aws.amazon.com/rds/details/multi-az/

NEW QUESTION 4
You have just recently deployed an application on EC2 instances behind an ELB. After a couple of weeks, customers are complaining on receiving errors from the application. You want to diagnose the errors and are trying to get errors from the ELB access logs. But the ELB access logs are empty. What is the reason for this.

• A. You do not have the appropriate permissions to access the logs
• B. You do not have your CloudWatch metrics correctly configured
• C. ELB Access logs are only available for a maximum of one week.
• D. Access logging is an optional feature of Elastic Load Balancing that is disabled by default

Answer: D

Explanation:
Clastic Load Balancing provides access logs that capture detailed information about requests sent to
your load balancer. Cach log contains information such as the
time the request was received, the client's IP address, latencies, request paths, and server responses.
You can use these access logs to analyze traffic patterns and to troubleshoot issues.
Access logging is an optional feature of Elastic Load Balancing that is disabled by default. After you enable access logging for your load balancer. Clastic Load
Balancing captures the logs and stores them in the Amazon S3 bucket that you specify. You can disable access logging at any time.
For more information on CLB access logs, please refer to the below document link: from AWS http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/access-log-collection.html

NEW QUESTION 5
When using EC2 instances with the Code Deploy service, which of the following are some of the pre- requisites to ensure that the EC2 instances can work with Code Deploy. Choose 2 answers from the options given below

• A. Ensurean 1AM role is attached to the instance so that it can work with the CodeDeploy Service.
• B. Ensurethe EC2 Instance is configured with Enhanced Networking
• C. Ensurethe EC2 Instance is placed in the default VPC
• D. Ensurethat the CodeDeploy agent is installed on the EC2 Instance

Answer: AD

Explanation:
This is mentioned in the AWS documentation

For more information on instances for CodeDeploy, please visit the below URL:
• http://docs.aws.amazon.com/codedeploY/latest/userguide/instances.html

NEW QUESTION 6
What is the amount of time that Opswork stacks services waits for a response from an underlying instance before deeming it as a failed instance?

• A. Iminute.
• B. 5minutes.
• C. 20minutes.
• D. 60minutes

Answer: B

Explanation:
The AWS Documentation mentions
Every instance has an AWS OpsWorks Stacks agent that communicates regularly with the service. AWS OpsWorks Stacks uses that communication to monitor instance health. If an agent does not communicate with the service for more than approximately five minutes, AWS OpsWorks Stacks considers the instance to have failed.
For more information on the Auto healing feature, please visit the below URL: http://docs.aws.amazon.com/opsworks/latest/userguide/workinginstances-auto healing.htmI

NEW QUESTION 7
You are creating a cloudformation templates which takes in a database password as a parameter. How can you ensure that the password is not visible when anybody tries to describes the stack

• A. Usethe password attribute for the resource
• B. Usethe NoEcho property for the parameter value
• C. Usethe hidden property for the parameter value
• D. Setthe hidden attribute for the Cloudformation resource.

Answer: B

Explanation:
The AWS Documentation mentions
For sensitive parameter values (such as passwords), set the NoEcho property to true. That way, whenever anyone describes your stack, the parameter value is shown as asterisks (*•*").
For more information on Cloudformation parameters, please visit the below URL:
• http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/parameters-section- structure.html

NEW QUESTION 8
You are using CloudFormation to launch an EC2 instance and then configure an application after the instance is launched. You need the stack creation of the ELB and Auto Scaling to wait until the EC2 instance is launched and configured properly. How do you do this?

• A. It is not possible for the stack creation to wait until one service is created and launched
• B. Use the WaitCondition resource to hold the creation of the other dependent resources
• C. Use a CreationPolicy to wait for the creation of the other dependent resources >/
• D. Use the HoldCondition resource to hold the creation of the other dependent resources

Answer: C

Explanation:
When you provision an Amazon EC2 instance in an AWS Cloud Formation stack, you might specify additional actions to configure the instance, such as install software packages or bootstrap applications. Normally, CloudFormation proceeds with stack creation after the instance has been successfully created. However, you can use a Creation Pol icy so that CloudFormation proceeds with stack creation only after your configuration actions are done. That way you'll know your applications are ready to go after stack creation succeeds.
A Creation Policy instructs CloudFormation to wait on an instance until CloudFormation receives the specified number of signals
Option A is invalid because this is possible
Option B is invalid because this is used make AWS CloudFormation pause the creation of a stack and wait for a signal before it continues to create the stack
For more information on this, please visit the below URL:
• https://aws.amazon.com/blogs/devops/use-a-creationpolicy-to-wait-for-on-instance- configurations/

NEW QUESTION 9
Your application consists of 10% writes and 90% reads. You currently service all requests through a Route53 Alias Record directed towards an AWS ELB, which sits in front of an EC2 Auto Scaling Group. Your system isgetting very expensive when there are large traffic spikes during certain news events, during which many more people request to read similar data all at the same time. What is the simplest and cheapest way to reduce costs and scale with spikes like this?

• A. Create an S3 bucket and asynchronously replicate common requests responses into S3 object
• B. When a request comes in for a precomputed response, redirect to AWS S3.
• C. Create another ELB and Auto Scaling Group layer mounted on top of the other system, adding a tier to the syste
• D. Serve most read requests out of the top layer.
• E. Create a CloudFront Distribution and direct Route53 to the Distributio
• F. Use the ELB as an Origin and specify Cache Behaviours to proxy cache requests which can be served late.
• G. Create a Memcached cluster in AWS ElastiCach
• H. Create cache logic to serve requests which can be served late from the in-memory cache for increased performance.

Answer: C

Explanation:
Use Cloudf rant distribution for distributing the heavy reads for your application. You can create a
zone apex record to point to the Cloudfront distribution.
You can control how long your objects stay in a CloudFront cache before CloudFront forwards another request to your origin. Reducing the duration allows you to serve dynamic content. Increasing the duration means your users get better performance because your objects are more likely to be served directly from the edge cache. A longer duration also reduces the load on your origin.
For more information on Cloudfront object expiration, please visit the below URL: http://docs.aws.amazon.com/AmazonCloudFrant/latest/DeveloperGuide/Cxpiration.html

NEW QUESTION 10
Your development team is using access keys to develop an application that has access to S3 and DynamoDB. A new security policy has outlined that the credentials should not be older than 2 months, and should be rotated. How can you achieve this

• A. Use the application to rotate the keys in every 2 months via the SDK
• B. Use a script which will query the date the keys are create
• C. If older than 2 months, delete them and recreate new keys
• D. Delete the user associated with the keys after every 2 month
• E. Then recreate the user again.D- Delete the I AM Role associated with the keys after every 2 month
• F. Then recreate the I AM Roleagain.

Answer: B

Explanation:
One can use the CLI command list-access-keys to get the access keys. This command also returns the "CreateDate" of the keys. If the CreateDate is older than 2 months, then the keys can be deleted.
The Returns list-access-keys CLI command returns information about the access key IDs associated with the specified I AM user. If there are none, the action returns
an empty list.
For more information on the CLI command, please refer to the below link: http://docs.aws.amazon.com/cli/latest/reference/iam/list-access-keys.html

NEW QUESTION 11
You are responsible for an application that leverages the Amazon SDK and Amazon EC2 roles for storing and retrieving data from Amazon S3, accessing multiple DynamoDB tables, and exchanging message with Amazon SQS queues. Your VP of Compliance is concerned that you are not following security best practices for securing all of this access. He has asked you to verify that the application's AWS access keys are not older than six months and to provide control evidence that these keys will be rotated a minimum of once every six months.
Which option will provide your VP with the requested information?

• A. Createa script to query the 1AM list-access keys API to get your application accesskey creation date and create a batch process to periodically create acompliance report for your VP.
• B. Provideyour VP with a link to 1AM AWS documentation to address the VP's key rotationconcerns.
• C. Updateyour application to log changes to its AWS access key credential file and use aperiodic Amazon EMR job to create a compliance report for your VP
• D. Createa new set of instructions for your configuration management tool that willperiodically create and rotate the application's existing access keys andprovide a compliance report to your VP.

Answer: B

Explanation:
The question is focusing on 1AM roles rather than using access keys for accessing the services, AWS will take care of the temporary credentials provided through the roles in accessing these services.

NEW QUESTION 12
Your application requires long-term storage for backups and other data that you need to keep readily available but with lower cost. Which S3 storage option should you use?

• A. AmazonS3 Standard- Infrequent Access
• B. S3Standard
• C. Glacier
• D. ReducedRedundancy Storage

Answer: A

Explanation:
The AWS Documentation mentions the following
Amazon S3 Standard - Infrequent Access (Standard - IA) is an Amazon S3 storage class for data that is accessed less frequently, but requires rapid access when needed. Standard - IA offers the high durability, throughput, and low latency of Amazon S3 Standard, with a low per GB storage price and per GB retrieval fee.
For more information on S3 Storage classes, please visit the below URL:
• https://aws.amazon.com/s3/storage-classes/

NEW QUESTION 13
When you implement a lifecycle hook in Autoscaling, by default what is the time limit in which the instance will be a pending state.

• A. 60seconds
• B. 5minutes
• C. 60minutes
• D. 120minutes

Answer: C

Explanation:
The AWS Documentation mentions
By default, the instance remains in a wait state for one hour, and then Auto Scaling continues the launch or terminate process (Pending: Proceed or Terminating: Proceed). If you need more time, you can restart the timeout period by recording a heartbeat. If you finish before the timeout
period ends, you can complete the lifecycle action, which continues the launch or termination process.
For more information on Autoscaling lifecycle hooks please see the below link:
• http://docs.aws.a mazon.com/autoscaling/latest/userguide/lifecycle-hooks.htm I

NEW QUESTION 14
One of your instances is reporting an unhealthy system status check. However, this is not something you should have to monitor and repair on your own. How might you automate the repair of the system status check failure in an AWS environment? Choose the correct answer from the options given below

• A. Create Cloud Watch alarms for StatuscheckFailed_System metrics and select EC2 action-Recover the instance
• B. Writea script that queries the EC2 API for each instance status check
• C. Writea script that periodically shuts down and starts instances based on certainstats.
• D. Implementa third party monitoring tool.

Answer: A

Explanation:
Using Amazon Cloud Watch alarm actions, you can create alarms that automatically stop, terminate, reboot, or recover your CC2 instances. You can use the stop or terminate actions to help you save money when you no longer need an instance to be running. You can use the reboot and recover actions to automatically reboot those instances or recover them onto new hardware if a system impairment occurs.
For more information on using alarm actions, please refer to the below link: http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/UsingAlarmActions.html

NEW QUESTION 15
You have an application hosted in AWS. You wanted to ensure that when certain thresholds are reached, a Devops Engineer is notified. Choose 3 answers from the options given below

• A. Use CloudWatch Logs agent to send log data from the app to CloudWatch Logs from Amazon EC2 instances
• B. Pipe data from EC2 to the application logs using AWS Data Pipeline and CloudWatch
• C. Once a CloudWatch alarm is triggered, use SNS to notify the Senior DevOps Engineer.
• D. Set the threshold your application can tolerate in a CloudWatch Logs group and link a CloudWatch alarm on that threshold.

Answer: ACD

Explanation:
You can use Cloud Watch Logs to monitor applications and systems using log data. For example,
CloudWatch Logs can track the number of errors that occur in your
application logs and send you a notification whenever the rate of errors exceeds a threshold you specify. CloudWatch Logs uses your log data for monitoring; so, no code changes are required. For example, you can monitor application logs for specific literal terms (such as "NullReferenceLxception") or count the number of occurrences of a literal term at a particular position in log data (such as "404" status codes in an Apache access log). When the term you are searching for is found, CloudWatch Logs reports the data to a CloudWatch metric that you specify. For more information on Cloudwatch Logs please refer to the below link:
http://docs.ws.amazon.com/AmazonCloudWatch/latest/logs/WhatlsCloudWatchLogs.html
Amazon CloudWatch uses Amazon SNS to send email. First, create and subscribe to an SNS topic.
When you create a CloudWatch alarm, you can add this SNS topic to send an email notification when the alarm changes state.
For more information on Cloudwatch and SNS please refer to the below link: http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/US_SetupSNS.html

NEW QUESTION 16
You have a set of web servers hosted in A WS which host a web application used by a section of users. You want to monitor the number of errors which occur when using the web application. Which of the below options can be used for this purpose. Choose 3 answers from the options given below.

• A. Sendthe logs from the instances onto Cloudwatch logs.
• B. Searchfor the keyword "ERROR" in the log files on the server.
• C. Searchforthe keyword "ERROR" in Cloudwatch logs.
• D. Incrementa metric filter in Cloudwatch whenever the pattern is matched.

Answer: ACD

Explanation:
The AWS documentation mentions the following
You use metric filters to search for and match terms, phrases, or values in your log events. When a metric filter finds one of the terms, phrases, or values in your log events, you can increment the value of a CloudWatch metric. For example, you can create a metric filter to search for and count the occurrence of the word CRRORin your log events.
For more information on Cloudwatch logs - Filter and pattern matching, please refer to the below link:
http://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html

NEW QUESTION 17
You are designing a cloudformation stack which involves the creation of a web server and a database server. You need to ensure that the web server in the stack gets created after the database server is created. How can you achieve this?

• A. Ensurethat the database server is defined first and before the web server in thecloudformation templat
• B. The stack creation normally goes in order to create the resources.
• C. Ensurethat the database server is defined as a child of the web server in thecloudformation template.
• D. Ensurethat the web server is defined as a child of the database server in thecloudformation template.
• E. Usethe DependsOn attribute to ensure that the database server is created before the web server.

Answer: D

Explanation:
The AWS Documentation mentions
With the DependsOn attribute you can specify that the creation of a specific resource follows another. When you add a DependsOn attribute to a resource, that resource is created only after the creation of the resource specified in the DependsOn attribute.
For more information on the DependsOn attribute, please visit the below url http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/aws-attribute-dependson.html

NEW QUESTION 18
Which of the following tools from AWS allows the automatic collection of software inventory from EC2 instances and helps apply OS patches.

• A. AWSCode Deploy
• B. EC2Systems Manager
• C. EC2AMI's
• D. AWSCode Pipeline

Answer: B

Explanation:
The Amazon CC2 Systems Manager helps you automatically collect software inventory, apply OS patches, create system images, and configure Windows and Linux operating systems. These capabilities enable automated configuration and ongoing management of systems at scale, and help maintain software compliance for instances running in Amazon L~C2 or on-premises.
One feature within Systems Manager is Automation, which can be used to patch, update agents, or bake applications into an Amazon Machine Image (AMI). With
Automation, you can avoid the time and effort associated with manual image updates, and instead build AMIs through a streamlined, repeatable, and auditable process.
For more information on EC2 Systems manager, please refer to the below link:
• https://aws.amazon.com/blogs/aws/streamline-ami-maintenance-and-patching-using-amazon- ec2-systems-manager-automation/

NEW QUESTION 19
Your company develops a variety of web applications using many platforms and programming languages with different application dependencies. Each application must be developed and deployed quickly and be highly available to satisfy your business requirements. Which of the following methods should you use to deploy these applications rapidly?

• A. Develop the applications in Docker containers, and then deploy them to Elastic Beanstalk environments with Auto Scaling and Elastic Load Balancing.
• B. Use the AWS CloudFormation Docker import service to build and deploy the applications with high availability in multiple Availability Zones.
• C. Develop each application's code in DynamoDB, and then use hooks to deploy it to Elastic Beanstalk environments with Auto Scaling and Elastic Load Balancing.
• D. Store each application's code in a Git repository, develop custom package repository managers for each application's dependencies, and deploy to AWS OpsWorks in multiple Availability Zones.

Answer: A

Explanation:
Elastic Beanstalk supports the deployment of web applications from Docker containers. With Docker containers, you can define your own runtime environment. You can choose your own platform, programming language, and any application dependencies (such as package managers or tools), that aren't supported by other platforms. Docker containers are self-contained and include all the configuration information and software your web application requires to run.
By using Docker with Elastic Beanstalk, you have an infrastructure that automatically handles the details of capacity provisioning, load balancing, scaling, and application health monitoring.
For more information on Dockers and Elastic beanstalk please refer to the below link:
• http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker.html

NEW QUESTION 20
You run accounting software in the AWS cloud. This software needs to be online continuously during the day every day of the week, and has a very static requirement for compute resources. You also have other, unrelated batch jobs that need to run once per day at anytime of your choosing. How should you minimize cost?

• A. Purchase a Heavy Utilization Reserved Instance to run the accounting softwar
• B. Turn it off after hour
• C. Run the batch jobs with the same instance class, so the Reserved Instance credits are also applied to the batch jobs.
• D. Purch ase a Medium Utilization Reserved Instance to run the accounting softwar
• E. Turn it off after hour
• F. Run the batch jobs with the same instance class, so the Reserved Instance credits are also applied to the batch jobs.
• G. Purchase a Light Utilization Reserved Instance to run the accounting softwar
• H. Turn it off after hour
• I. Run the batch jobs with the same instance class, so the Reserved Instance credits are also applied to the batch jobs.
• J. Purch ase a Full Utilization Reserved Instance to run the accounting softwar
• K. Turn it off after hour
• L. Run the batch jobs with the same instance class, so the Reserved Instance credits are also applied to the batch jobs.

Answer: A

Explanation:
Reserved Instances provide you with a significant discount compared to On-Demand Instance pricing.
Reserved Instances are not physical instances, but rather a
billing discount applied to the use of On-Demand Instances in your account. These On-Demand Instances must match certain attributes in order to benefit from the
billing discount
For more information, please refer to the below link:
• https://aws.amazon.com/about-aws/whats-new/2011/12/01/New-Amazon-CC2-Reserved- lnstances-Options-Now-Available/
• https://aws.amazon.com/blogs/aws/reserved-instance-options-for-amazon-ec2/
• http://docs.aws.a mazon.com/AWSCC2/latest/UserGuide/ec2-reserved-instances.html Note:
It looks like these options are also no more available at present.
It looks like Convertible, Standard and scheduled are the new instance options. However the exams may still be referring to the old RIs. https://aws.amazon.com/ec2/pricing/reserved-instances/

NEW QUESTION 21
......