DOP-C01 (Page 14)

A company is using AWS CodePipeline to automate its release pipeline.AWS CodeDeploy is being used in the pipeline to deploy an application to Amazon ECS using the blue/green deployment model.The company wants to implement scripts to test the green version of the application before shifting traffic.These scripts will complete in 5 minutes or less.If errors are discovered during these tests, the application must be rolled back.Which strategy will meet these requirements?Read More →

A security review has identified that an AWS CodeBuild project is downloading a database population script from an Amazon S3 bucket using an unauthenticated request.The security team does not allow unauthenticated requests to S3 buckets for this project.How can this issue be corrected in the MOST secure manner?Read More →

A DevOps engineer is working on a data archival project that requires the migration of on-premises data to an Amazon S3 bucket.The DevOps engineer develops a script that incrementally archives on-premises data that is older than 1 month to Amazon S3.Data that is transferred to Amazon S3 is deleted from the on-premises location.The script uses the S3 PutObject operation.During a code review, the DevOps engineer notices that the script does not verify whether the data was successfully copied to Amazon S3.The DevOps engineer must update the script to ensure that data is not corrupted during transmission.The script must use MD5 checksums to verify data integrity before the on-premises data is deleted.Which solutions for the script will meet these requirements? (Choose two.)Read More →

A company hosts a multi-tenant application on Amazon EC2 instances behind an Application Load Balancer.The instances run Windows Server and are in an Auto Scaling group.The application uses a license file on the instances that can be updated on the instances without customer disruption.When a new customer purchases access to the application, the company’s licensing team adds a new license key to a file in an Amazon S3 bucket.After the license file is updated, the operations team manually updates the EC2 instances.A DevOps engineer needs to automate the EC2 instance file update process.The automated process must decrease the time for EC2 instances to get the updated license file and must notify the operations team about success or failure of the update process.The DevOps engineer creates a resource group in AWS Resource Groups.The resource group uses a tag that the Auto Sealing group applies to the EC2 instances.What should the DevOps engineer do next to meet the requirements MOST cost-effectively?Read More →

A production account has a requirement that any Amazon EC2 instance that has been logged in to manually must be terminated within 24 hours.All applications in the production account are using Auto Scaling groups with the Amazon CloudWatch Logs agent configured.How can this process be automated?Read More →

A company gives its employees limited rights to AWS.DevOps engineers have the ability to assume an administrator role.For tracking purposes, the security team wants to receive a near-real-time notification when the administrator role is assumed.How should this be accomplished?Read More →

A company requires that its internally facing web application be highly available.The architecture is made up of one Amazon EC2 web server instance and one NAT instance that provides outbound internet access for updates and accessing public data.Which combination of architecture adjustments should the company implement to achieve high availability? (Choose two.)Read More →

A company runs a three-tier web application in its production environment, which is built on a single AWS CloudFormation template made up of Amazon EC2 instances behind an ELB Application Load Balancer.The instances run in an EC2 Auto Scaling group across multiple Availability Zones.Data is stored in an Amazon RDS Multi-AZ DB instance with read replicas.Amazon Route 53 manages the application’s public DNS record.A DevOps engineer must create a workflow to mitigate a failed software deployment by rolling back changes in the production environment when a software cutover occurs for new application software.What steps should the engineer perform to meet these requirements with the LEAST amount of downtime?Read More →

A company uses AWS CodeCommit for source code control.Developers apply their changes to various feature branches and create pull requests to move those changes to the main branch when the changes are ready for production.The developers should not be able to push changes directly to the main branch.The company applied the AWSCodeCommitPowerUser managed policy to the developers’ IAM role, and now these developers can push changes to the main branch directly on every repository in the AWS account.What should the company do to restrict the developers’ ability to push changes to the main branch directly?Read More →

A company is deploying a container-based application using AWS CodeBuild.The Security team mandates that all containers are scanned for vulnerabilities prior to deployment using a password-protected endpoint.All sensitive information must be stored securely.Which solution should be used to meet these requirements?Read More →