DOP-C01 (Page 2)

A company uses AWS CloudFormation to manage an application that runs on Amazon EC2 Instances.The instances are in an Amazon EC2 Auto Scaling group.The company wants to treat its infrastructure as immutable.A DevOps engineer must implement a solution to replace two EC2 instances at a time whenever operating system configuration updates are needed or when new Amazon Machine.Images (AMIs) are needed.A minimum of four EC2 instances must be running whenever an update is in progress.Which solution will meet these requirements?Read More →

A company needs to scan code changes for security issues before deployment and must prevent noncompliant code from being deployed.The company uses an AWS CodePipeline pipeline that starts when code changes occur.The code changes occur many times each day.The company’s security team supports a third-party application for code scans and has provided command-line integration steps to submit code scans.The code scan step requires a user name and password.Which solution will meet these requirements in the MOST secure way?Read More →

A company has migrated its container-based applications to Amazon EKS and want to establish automated email notifications.The notifications sent to each email address are for specific activities related to EKS components.The solution will include Amazon SNS topics and an AWS Lambda function to evaluate incoming log events and publish messages to the correct SNS topic.Which logging solution will support these requirements?Read More →

A DevOps engineer is creating an AWS CloudFormation template to deploy a web service.The web service will run on Amazon EC2 instances in a private subnet behind an Application Load Balancer (ALB).The DevOps engineer must ensure that the service can accept requests from clients that have IPv6 addresses.What should the DevOps engineer do with the CloudFormation template so that IPv6 clients can access the web service?Read More →

A DevOps engineer is implementing governance controls for a company that requires its infrastructure to be housed within the United States.The engineer must restrict which AWS Regions can be used, and ensure an alert is sent as soon as possible if any activity outside the governance policy takes place.The controls should be automatically enabled on any new Region outside the United States (US).Which combination of actions will meet these requirements? (Choose two.)Read More →

A company is using an Amazon API Gateway API and an AWS Lambda function to host a microservice.The microservice accesses pricing data in an Amazon DynamoDB table for the company’s online store.Interest in the online store has increased.As a result, latency issues and throttling on the DynamoDB table are occurring when a specific query runs.Some internal services access the DynamoDB table directly.No caching is enabled for the current solution.A DevOps engineer notices that repeat requests to the API are taking the same amount of time as unique requests.The DevOps engineer must reduce the latency for the repeat requests to the API and must reduce the throttling on the DynamoDB table.Which solution will meet these requirements?Read More →

A company has a single AWS account where active development occurs.The company’s security team has implemented Amazon GuardDuty, AWS Config, and AWS CloudTrail within the account.The security team wants to receive notifications in near real time for only high-severity findings from GuardDuty.The security team uses an Amazon Simple Notification Service (Amazon SNS) topic for notifications from other security tools in the account.How can a DevOps engineer meet these requirements?Read More →

A company deploys updates to its Amazon API Gateway API several times a week by using an AWS CodePipeline pipeline.As part of the update process, the company exports the JavaScript SDK for the API from the API Gateway console and uploads the SDK to an Amazon S3 bucket.The company has configured an Amazon CloudFront distribution that uses the S3 bucket as an origin.Web clients then download the SDK by using the CloudFront distribution’s endpoint.A DevOps engineer needs to implement a solution to make the new SDK available automatically during new API deployments.Which solution will meet these requirements?Read More →

During the next CodePipeline run, the pipeline exits with a FAILED state during the build stage.The DevOps engineer verifies that the correct Systems Manager parameter path is in place for the environment variable values that were changed.The DevOps engineer also validates that the environment variable type is Parameter.Why did the pipeline fail?Read More →

A company has developed a serverless web application that is hosted on AWS.The application consists of Amazon S3.Amazon API Gateway, several AWS Lambda functions, and an Amazon RDS for MySQL database.The company is using AWS CodeCommit to store the source code.The source code is a combination of AWS Serverless Application Model (AWS SAM) templates and Python code.A security audit and penetration test reveal that user names and passwords for authentication to the database are hardcoded within CodeCommit repositories.A DevOps engineer must implement a solution to automatically detect and prevent hardcoded secrets.What is the MOST secure solution that meets these requirements?Read More →