DOP-C01 (Page 16)

A company that runs many workloads on AWS has an Amazon EBS spend that has increased over time.The DevOps team notices there are many unattachedEBS volumes.Although there are workloads where volumes are detached, volumes over 14 days old are stale and no longer needed.A DevOps engineer has been tasked with creating automation that deletes unattached EBS volumes that have been unattached for 14 days.Which solution will accomplish this?Read More →

A company uses AWS Storage Gateway in file gateway mode in front of an Amazon S3 bucket that is used by multiple resources.In the morning when business begins, users do not see the objects processed by a third party the previous evening.When a DevOps engineer looks directly at the S3 bucket, the data is there, but it is missing in Storage Gateway.Which solution ensures that all the updated third-party files are available in the morning?Read More →

A company has deployed an application in a production VPC in a single AWS account.The application is popular and is experiencing heavy usage.The company’s security team wants to add additional security, such as AWS WAF, to the application deployment.However, the application’s product manager is concerned about cost and does not want to approve the change unless the security team can prove that additional security is necessary.The security team believes that some of the application’s demand might come from users that have IP addresses that are on a deny list.The security team provides the deny list to a DevOps engineer.If any of the IP addresses on the deny list access the application, the security team wants to receive automated notification in near real time so that the security team can document that the application needs additional security.The DevOps engineer creates a VPC flow log for the production VPC.Which set of additional steps should the DevOps engineer take to meet these requirements MOST cost-effectively?Read More →

An application running on a set of Amazon EC2 instances in an Auto Scaling group requires a configuration file to operate.The instances are created and maintained with AWS CloudFormation.A DevOps engineer wants the instances to have the latest configuration file when launched, and wants changes to the configuration file to be reflected on all the instances with a minimal delay when the CloudFormation template is updated.Company policy requires that application configuration files be maintained along with AWS infrastructure configuration files in source control.Which solution will accomplish this?Read More →

A DevOps engineer is designing a multi-Region disaster recovery strategy for an application.The application requires an RPO of 1 hour and requires an RTO of 4 hours.The application is deployed with an AWS CloudFormation template that creates an Application Load Balancer (ALB), Amazon EC2 instances in an Auto Scaling group and an Amazon RDS Multi-AZ DB instance with 20 GB of allocated storage.The AMI of the application instance does not contain data and has been copied to the destination Region.Which combination of actions will meet the recovery objectives at the LOWEST cost? (Choose two.)Read More →

A company has an on-premises that is written in Go.A DevOps engineer must move the application to AWS.The company’s development team wants to enable blue/green deployments and perform A/B testing.Which solution will meet these requirements?Read More →

A company develops and maintains a web application using Amazon EC2 instances and an Amazon RDS for SQL Server DB instance in a single AvailabilityZone.The resources need to run only when new deployments are being tested using AWS CodePipeline.Testing occurs one or more times a week and each test takes 2-3 hours to run.A DevOps engineer wants a solution that does not change the architecture components.Which solution will meet these requirements in the MOST cost-effective manner?Read More →

A company uses AWS Organizations to manage multiple accounts.Information security policies require that all unencrypted Amazon EBS volumes be marked as non-compliant.A DevOps engineer needs to automatically deploy the solution and ensure that this compliance check is always present.With solution will accomplish this?Read More →

A DevOps engineer has automated a web service deployment by using AWS CodePipeline with the following steps:1.An AWS CodeBuild project compiles the deployment artifact and runs unit tests.2.An AWS CodeDeploy deployment group deploys the web service to Amazon EC2 instances in the staging environment.3.A CodeDeploy deployment group deploys the web service to EC2 instances in the production environment.The quality assurance (QA) team requests permission to inspect the build artifact before the deployment to the production environment occurs.The QA team wants to run an internal penetration testing tool to conduct manual tests.The tool will be invoked by a REST API call.Which combination of actions should the DevOps engineer take to fulfill this request? (Choose two.)Read More →

A highly regulated company has a policy that DevOps Engineers should not log in to their Amazon EC2 instances except in emergencies.If a DevOps Engineer does log in, the Security team must be notified within 15 minutes of the occurrence.Which solution will meet these requirements?Read More →