DOP-C01 (Page 3)

An application running on a set of Amazon EC2 instances in an Auto Scaling group requires a configuration file to operate.The instances are created and maintained with AWS CloudFormation.A DevOps engineer wants the instances to have the latest configuration file when launched, and wants changes to the configuration file to be reflected on all the instances with a minimal delay when the CloudFormation template is updated.Company policy requires that application configuration files be maintained along with AWS infrastructure configuration files in source control.Which solution will accomplish this?Read More →

A company has deployed an application in a production VPC in a single AWS account.The application is popular and is experiencing heavy usage.The company’s security team wants to add additional security, such as AWS WAF, to the application deployment.However, the application’s product manager is concerned about cost and does not want to approve the change unless the security team can prove that additional security is necessary.The security team believes that some of the application’s demand might come from users that have IP addresses that are on a deny list.The security team provides the deny list to a DevOps engineer.If any of the IP addresses on the deny list access the application, the security team wants to receive automated notification in near real time so that the security team can document that the application needs additional security.The DevOps engineer creates a VPC flow log for the production VPC.Which set of additional steps should the DevOps engineer take to meet these requirements MOST cost-effectively?Read More →

A company uses AWS Storage Gateway in file gateway mode in front of an Amazon S3 bucket that is used by multiple resources.In the morning when business begins, users do not see the objects processed by a third party the previous evening.When a DevOps engineer looks directly at the S3 bucket, the data is there, but it is missing in Storage Gateway.Which solution ensures that all the updated third-party files are available in the morning?Read More →

A company that runs many workloads on AWS has an Amazon EBS spend that has increased over time.The DevOps team notices there are many unattachedEBS volumes.Although there are workloads where volumes are detached, volumes over 14 days old are stale and no longer needed.A DevOps engineer has been tasked with creating automation that deletes unattached EBS volumes that have been unattached for 14 days.Which solution will accomplish this?Read More →

A company has a single AWS account that runs hundreds of Amazon EC2 instances in a single AWS Region.New EC2 instances are launched and terminated each hour in the account.The account also includes existing EC2 instances that have been running for longer than a week.The company’s security policy requires all running EC2 instances to use an EC2 instance profile.If an EC2 instance does not have an instance profile attached, the EC2 instance must use a default instance profile that has no IAM permissions assigned.A DevOps engineer reviews the account and discovers EC2 instances that are running without an instance profile.During the review, the DevOps engineer also observes that new EC2 instances are being launched without an instance profile.Which solution will ensure that an instance profile is attached to all existing and future EC2 instances in the Region?Read More →

A company is migrating Docker repositories to Amazon Elastic Container Registry (Amazon ECR) in an existing AWS account.A DevOps engineer needs to automate the management of images that are uploaded to the repositories.The solution must limit the number of image versions.As a first step, the DevOps engineer creates a private repository in Amazon ECR for each repository that the company will migrate.What should the DevOps engineer do next to meet the requirements in the MOST operationally efficient manner?Read More →

A video-sharing company stores its videos in Amazon S3.The company has observed a sudden increase in video access requests, but the company does not know which videos are most popular.The company needs to identify the general access pattern for the video files.This pattern includes the number of users who access a certain file on a given day, as well as the number of pull requests for certain files.How can the company meet these requirements with the LEAST amount of effort?Read More →

A DevOps engineer needs to grant several external contractors access to a legacy application that runs on an Amazon Linux Amazon EC2 instance.The application server is available only in a private subnet.The contractors are not authorized for VPN access.What should the DevOps engineer do to grant the contactors access to the application server?Read More →

An application has microservices spread across different AWS accounts and is integrated with an on-premises legacy system for some of its functionality.Because of the segmented architecture and missing logs, every time the application experiences issues, it is taking too long to gather the logs to identify the issues.A DevOps Engineer must fix the log aggregation process and provide a way to centrally analyze the logs.Which is the MOST efficient and cost-effective solution?Read More →

A company’s DevOps engineer is working in a multi-account environment.The company uses AWS Transit Gateway to route all outbound traffic through a network operations account.In the network operations account, all account traffic passes through a firewall appliance for inspection before the traffic goes to an internet gateway.The firewall appliance sends logs to Amazon CloudWatch Logs and includes event severities of CRITICAL, HIGH, MEDIUM, LOW, and INFO.The security team wants to receive an alert if any CRITICAL events occur.What should the DevOps engineer do to meet these requirements?Read More →