DOP-C01 (Page 3)

A company is running an application on Amazon EC2 instances.A DevOps engineer needs to aggregate the application logs to a central system for the company’s application team to search.A critical error message periodically appears in the log files.The DevOps engineer needs to notify the application team by email when these error messages occur.Which solution will meet these requirements in the MOST operationally efficient manner?Read More →

A company stores purchase history in an Amazon DynamoDB table.The company needs other workloads that run on AWS to react to data changes in the table.The company has enabled a DynamoDB stream on the table.Three existing AWS Lambda functions have an event source mapping configured for the DynamoDB stream.The company’s application developers plan to add other applications that will need to react to changes in the table.A DevOps engineer must design an architecture that will give the additional consumers this functionality.Which solution will meet these requirements in the MOST operationally efficient way?Read More →

A company manages a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB).The EC2 instances run in an AutoScaling group across multiple Availability Zones.The application uses an Amazon RDS for MySQL DB instance to store the data.The company has configuredAmazon Route 53 with an alias record that points to the ALB.Anew company guideline requires a geographically isolated disaster recovery (DR) site with an RTO of 4 hours and an RPO of 15 minutes.Which DR strategy will meet these requirements with the LEAST change to the application stack?Read More →

A company has 100 GB of log data in an Amazon S3 bucket stored in .csv format.SQL developers want to query this data and generate graphs to visualize it.They also need an efficient, automated way to store metadata from the .csv file.Which combination of steps should be taken to meet these requirements with the LEAST amount of effort? (Choose three.)Read More →

A company runs applications in AWS accounts that are in an organization in AWS Organizations.The applications use Amazon EC2 instances and Amazon S3.The company wants to detect potentially compromised EC2 instances, suspicious network activity, and unusual API activity in its existing AWS accounts and in any AWS accounts that the company creates in the future.When the company detects one of these events, the company wants to use an existing Amazon Simple Notification Service (Amazon SNS) topic to send a notification to its operational support team for investigation and remediation.Which solution will meet these requirements in accordance with AWS best practices?Read More →

A company’s application development team uses Linux-based Amazon EC2 instances as bastion hosts.Inbound SSH access to the bastion hosts is restricted to specific IP addresses, as defined in the associated security groups.The company’s security team wants to receive a notification if the security group rules are modified to allow SSH access from any IP address.What should a DevOps engineer do to meet this requirement?Read More →

A company wants to ensure that their EC2 instances are secure.They want to be notified if any new vulnerabilities are discovered on their instances, and they also want an audit trail of all login activities on the instances.Which solution will meet these requirements?Read More →

A company has an application that runs on 12 Amazon EC2 instances.The instances run in an Amazon EC2 Auto Scaling group across three Availability Zones.On a typical day each EC2 instance has 30% CPU utilization during business hours and 10% CPU utilization after business hours.The CPU utilization increases suddenly in the first few minutes of business hours each day.Other increases in CPU utilization are gradual.A DevOps engineer needs to optimize costs while maintaining or improving the application’s reliability.Which solution meets these requirements?Read More →

A large enterprise is deploying a web application on AWS.The application runs on Amazon EC2 instances behind an Application Load Balancer.The instances run in an Auto Scaling group across multiple Availability Zones.The application stores data in an Amazon RDS Oracle DB instance and Amazon DynamoDB.There are separate environments for development, testing, and production.What is the MOST secure and flexible way to obtain password credentials during deployment?Read More →

A company has 20 service teams.Each service team is responsible for its own microservice.Each service team uses a separate AWS account for its microservice and a VPC with the 192.168.0.0/22 CIDR block.The company manages the AWS accounts with AWS Organizations.Each service team hosts its microservice on multiple Amazon EC2 instances behind an Application Load Balancer.The microservices communicate with each other across the public Internet.The company’s security team has issued a new guideline that all communication between microservices must use HTTPS over private network connections and cannot traverse the public Internet.A DevOps engineer must implement a solution that fulfills these obligations and minimizes the number of changes for each service team.Which solution will meet these requirements?Read More →