Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Amazon Web Services DOP-C02 - AWS Certified DevOps Engineer - Professional

Amazon Web Services DOP-C02 Premium Access     Download Demo    
Page: 6 / 9
Total 322 questions

A company recently launched multiple applications that use Application Load Balancers. Application response time often slows down when the applications experience problems A DevOps engineer needs to Implement a monitoring solution that alerts the company when the applications begin to perform slowly The DevOps engineer creates an Amazon Simple Notification Semce (Amazon SNS) topic and subscribe the company's email address to the topic

What should the DevOps engineer do next to meet the requirements?

A.

Create an Amazon EventBridge rule that invokes an AWS Lambda function to query the applications on a 5-minute interval Configure the Lambda function to publish a notification to the SNS topic when the applications return errors.

B.

Create an Amazon CloudWatch Synthetics canary that runs a custom script to query the applications on a 5-minute interval. Configure the canary to use the SNS topic when the applications return errors.

C.

Create an Amazon CloudWatch alarm that uses the AWS/AppljcabonELB namespace RequestCountPerTarget metric Configure the CloudWatch alarm to send a notification when the number of connections becomes greater than the configured number of threads that the application supports Configure the CloudWatch alarm to use the SNS topic.

D.

Create an Amazon CloudWatch alarm that uses the AWS/ApplicationELB namespace RequestCountPerTarget metric Configure the CloudWatch alarm to send a notification when the average response time becomes greater than the longest response time that the application supports Configure the CloudWatch alarm to use the SNS topic

A company runs a microservices application on Amazon EKS. Users report delays accessing an account summary feature during peak hours. CloudWatch metrics and logs show normal CPU and memory utilization on EKS nodes. The DevOps engineer cannot identify where delays occur within the microservices.

Which solution will meet these requirements?

A.

Deploy the AWS X-Ray daemon as a DaemonSet in the EKS cluster. Use the X-Ray SDK to instrument the application code. Redeploy the application.

B.

Enable CloudWatch Container Insights for the EKS cluster. Use the Container Insights data to diagnose delays.

C.

Create alarms based on existing CloudWatch metrics. Set up SNS email alerts.

D.

Increase the timeout settings in the application code for network operations.

A company is implementing AWS CodePipeline to automate its testing process The company wants to be notified when the execution state fails and used the following custom event pattern in Amazon EventBridge:

Which type of events will match this event pattern?

A.

Failed deploy and build actions across all the pipelines

B.

All rejected or failed approval actions across all the pipelines

C.

All the events across all pipelines

D.

Approval actions across all the pipelines

A company has an application that stores data that includes personally Identifiable Information (Pll) In an Amazon S3 bucket All data Is encrypted with AWS Key Management Service (AWS KMS) customer managed keys. All AWS resources are deployed from an AWS Cloud Formation template.

A DevOps engineer needs to set up a development environment for the application in a different AWS account The data in the development environment's S3 bucket needs to be updated once a week from the production environment's S3 bucket.

The company must not move Pll from the production environment without anonymizmg the Pll first The data in each environment must be encrypted with different KMS customer managed keys.

Which combination of steps should the DevOps engineer take to meet these requirements? (Select TWO )

A.

Activate Amazon Macie on the S3 bucket In the production account Create an AWS Step Functions state machine to initiate a discovery job and redact all Pll before copying files to the S3 bucket in the development account. Give the state machine tasks decrypt permissions on the KMS key in the production account. Give the state machine tasks encrypt permissions on the KMS key in the development account

B.

Set up S3 replication between the production S3 bucket and the development S3 bucket Activate Amazon Macie on the development S3 bucket Create an AWS Step Functions state machine to initiate a discovery job and redact all Pll as the files are copied to the development S3 bucket. Give the state machine tasks encrypt and decrypt permissions on the KMS key in the development account.

C.

Set up an S3 Batch Operations job to copy files from the production S3 bucket to the development S3 bucket. In the development account, configure anAWS Lambda function to redact all Pll. Configure S3 Object Lambda to use the Lambda function for S3 GET requests Give the Lambda function's 1AM role encrypt and decrypt permissions on the KMS key in the development account.

D.

Create a development environment from the CloudFormatlon template in the development account. Schedule an Amazon EventBridge rule to start the AWS Step Functions state machine once a week

E.

Create a development environment from the CloudFormation template in the development account. Schedule a cron job on an Amazon EC2 instance to run once a week to start the S3 Batch Operations job.

A large company recently acquired a small company. The large company invited the small company to join the large company's existing organization in AWS Organizations as a new OU. A DevOps engineer determines that the small company needs to launch t3.small Amazon EC2 instance types for the company's application workloads. The small company needs to deploy the instances only within US-based AWS Regions. The DevOps engineer needs to use an SCP in the small company's new OU to ensure that the small company can launch only the required instance types. Which solution will meet these requirements?

A.

Configure a statement to deny the ec2:RunInstances action for all EC2 instance resources when the ec2:InstanceType condition is not equal to t3.small. Configure another statement to deny the ec2:RunInstances action for all EC2 instance resources when the aws:RequestedRegion condition is not equal to us-.

B.

Configure a statement to allow the ec2:RunInstances action for all EC2 instance resources when the ec2:InstanceType condition is not equal to t3.small. Configure another statement to allow the ec2:RunInstances action for all EC2 instance resources when the aws:RequestedRegion condition is not equal to us-.

C.

Configure a statement to deny the ec2:RunInstances action for all EC2 instance resources when the ec2:InstanceType condition is equal to t3.small. Configure another statement to deny the ec2:RunInstances action for all EC2 instance resources when the aws:RequestedRegion condition is equal to us-.

D.

Configure a statement to allow the ec2:RunInstances action for all EC2 instance resources when the ec2:InstanceType condition is equal to t3.small. Configure another statement to allow the ec2:RunInstances action for all EC2 instance resources when the aws:RequestedRegion condition is equal to us-.

A company’s web app runs on EC2 with a relational database. The company wants highly available multi-Region architecture with latency-based routing for global customers.

Which solution meets these requirements?

A.

ALB in each Region with Auto Scaling groups; Aurora global database with read replicas; Route 53 latency-based routing to ALBs.

B.

ALB in each Region with Auto Scaling groups; RDS primary in one Region with read replicas in others; Route 53 failover routing to ALBs.

C.

Elastic Beanstalk with ALB in each Region; Aurora global database with read replicas; CloudFront with custom origins for ALBs; Route 53 latency-based routing to CloudFront.

D.

Elastic Beanstalk with ALB in each Region; RDS primary in one Region with read replicas; CloudFront with custom origins for ALBs; Route 53 failover routing to CloudFront.

A company plans to use Amazon CloudWatch to monitor its Amazon EC2 instances. The company needs to stop EC2 instances when the average of the NetworkPacketsIn metric is less than 5 for at least 3 hours in a 12-hour time window. The company must evaluate the metric every hour. The EC2 instances must continue to run if there is missing data for the NetworkPacketsIn metric during the evaluation period.

A DevOps engineer creates a CloudWatch alarm for the NetworkPacketsIn metric. The DevOps engineer configures a threshold value of 5 and an evaluation period of 1 hour.

Which set of additional actions should the DevOps engineer take to meet these requirements?

A.

Configure the Datapoints to Alarm value to be 3 out of 12. Configure the alarm to treat missing data as breaching the threshold. Add an AWS Systems Manager action to stop the instance when the alarm enters the ALARM state.

B.

Configure the Datapoints to Alarm value to be 3 out of 12. Configure the alarm to treat missing data as not breaching the threshold. Add an EC2 action to stop the instance when the alarm enters the ALARM state.

C.

Configure the Datapoints to Alarm value to be 9 out of 12. Configure the alarm to treat missing data as breaching the threshold. Add an EC2 action to stop the instance when the alarm enters the ALARM state.

D.

Configure the Datapoints to Alarm value to be 9 out of 12. Configure the alarm to treat missing data as not breaching the threshold. Add an AWS Systems Manager action to stop the instance when the alarm enters the ALARM state.

A company uses an Amazon API Gateway regional REST API to host its application API. The REST API has a custom domain. The REST API's default endpoint is deactivated.

The company's internal teams consume the API. The company wants to use mutual TLS between the API and the internal teams as an additional layer of authentication.

Which combination of steps will meet these requirements? (Select TWO.)

A.

Use AWS Certificate Manager (ACM) to create a private certificate authority (CA). Provision a client certificate that is signed by the private CA.

B.

Provision a client certificate that is signed by a public certificate authority (CA). Import the certificate into AWS Certificate Manager (ACM).

C.

Upload the provisioned client certificate to an Amazon S3 bucket. Configure the API Gateway mutual TLS to use the client certificate that is stored in the S3 bucket as the trust store.

D.

Upload the provisioned client certificate private key to an Amazon S3 bucket. Configure the API Gateway mutual TLS to use the private key that is stored in the S3 bucket as the trust store.

E.

Upload the root private certificate authority (CA) certificate to an Amazon S3 bucket. Configure the API Gateway mutual TLS to use the private CA certificate that is stored in the S3 bucket as the trust store.

A DevOps engineer successfully creates an Amazon Elastic Kubernetes Service (Amazon EKS) cluster that includes managed node groups. When the DevOps engineer tries to add node groups to the cluster, the cluster returns an error that states, "NodeCreationFailure: Instances failed to join the Kubernetes cluster." The DevOps engineer confirms that the EC2 worker nodes are running and that the EKS cluster is in an active state. How should the DevOps engineer troubleshoot this issue?

A.

Ensure that the EKS cluster's VPC subnets do not overlap with the 172.17.0.0/16 CIDR range.

B.

Use kubectl to update the kubeconfig file to use the credentials that created the cluster.

C.

Run the AWSSupport-TroubleshootEKSWorkerNode runbook.

D.

Create an AWS Identity and Access Management (IAM) OpenID Connect (OIDC) provider for the cluster.

A company uses Amazon RDS for Microsoft SQL Server as its primary database. They need high availability within and across AWS Regions, with an RPO <1 min and RTO <10 min. Route 53 CNAME is used for the DB endpoint and must redirect to standby during failover.

Which solution meets these requirements?

A.

Deploy an Amazon RDS for SQL Server Multi-AZ DB cluster with cross-Region read replicas. Use automation to promote replica and update Route 53.

B.

Deploy RDS Multi-AZ with snapshots copied every 5 minutes; use Lambda to restore snapshot and update Route 53 on failover.

C.

Deploy Single-AZ RDS and use AWS DMS to continuously replicate to another Region. Use CloudWatch alarms for failover notification.

D.

Deploy Single-AZ RDS and use AWS Backup for cross-Region backups every 30 seconds. Use automation to restore and update Route 53 during failover.