DOP-C02 (Page 9)

A company has an application that runs on Amazon EC2 instances.The company uses an AWS CodePipeline pipeline to deploy the application into multiple AWS Regions.The pipeline is configured with a stage for each Region.Each stage contains an AWS CloudFormation action for each Region.When the pipeline deploys the application to a Region, the company wants to confirm that the application is in a healthy state before the pipeline moves on to the next Region.Amazon Route 53 record sets are configured for the application in each Region.A DevOps engineer creates a Route 53 health check that is based on an Amazon CloudWatch alarm for each Region where the application is deployed.What should the DevOps engineer do next to meet the requirements?Read More →

A company uses AWS Secrets Manager to store a set of sensitive API keys that an AWS Lambda function uses.When the Lambda function is invoked the Lambda function retrieves the API keys and makes an API call to an external service.The Secrets Manager secret is encrypted with the default AWS Key Management Service (AWS KMS) key.A DevOps engineer needs to update the infrastructure to ensure that only the Lambda function’s execution role can access the values in Secrets Manager.The solution must apply the principle of least privilege.Which combination of steps will meet these requirements? (Choose two.)Read More →

A company is using AWS to run digital workloads.Each application team in the company has its own AWS account for application hosting.The accounts are consolidated in an organization in AWS Organizations.The company wants to enforce security standards across the entire organization.To avoid noncompliance because of security misconfiguration, the company has enforced the use of AWS CloudFormation.A production support team can modify resources in the production environment by using the AWS Management Console to troubleshoot and resolve application-related issues.A DevOps engineer must implement a solution to identify in near real time any AWS service misconfiguration that results in noncompliance.The solution must automatically remediate the issue within 15 minutes of identification.The solution also must track noncompliant resources and events in a centralized dashboard with accurate timestamps.Which solution will meet these requirements with the LEAST development overhead?Read More →

A company updated the AWS CloudFormation template for a critical business application.The stack update process failed due to an error in the updated template, and AWS CloudFormation automatically began the stack rollback process.Later, a DevOps engineer discovered that the application was still unavailable and that the stack was in the UPDATE_ROLLBACK_FAILED state.Which combination of actions should the DevOps engineer perform so that the stack rollback can complete successfully? (Choose two.)Read More →

A company is building a new pipeline by using AWS CodePipeline and AWS CodeBuild in a build account.The pipeline consists of two stages.The first stage is a CodeBuild job to build and package an AWS Lambda function.The second stage consists of deployment actions that operate on two different AWS accounts: a development environment account and a production environment account.The deployment stages use the AWS CloudFormation action that CodePipeline invokes to deploy the infrastructure that the Lambda function requires.A DevOps engineer creates the CodePipeline pipeline and configures the pipeline to encrypt build artifacts by using the AWS Key Management Service (AWS KMS) AWS managed key for Amazon S3 (the aws/s3 key).The artifacts are stored in an S3 bucket.When the pipeline runs, the CloudFormation actions fail with an access denied error.Which combination of actions must the DevOps engineer perform to resolve this error? (Choose two.)Read More →

A company has containerized all of its in-house quality control applications.The company is running Jenkins on Amazon EC2 instances, which require patching and upgrading.The compliance officer has requested a DevOps engineer begin encrypting build artifacts since they contain company intellectual property.What should the DevOps engineer do to accomplish this in the MOST maintainable manner?Read More →

A company has a mobile application that makes HTTP API calls to an Application Load Balancer (ALB).The ALB routes requests to an AWS Lambda function.Many different versions of the application are in use at any given time, including versions that are in testing by a subset of users.The version of the application is defined in the user-agent header that is sent with all requests to the API.After a series of recent changes to the API, the company has observed issues with the application.The company needs to gather a metric for each API operation by response code for each version of the application that is in use.A DevOps engineer has modified the Lambda function to extract the API operation name, version information from the user-agent header and response code.Which additional set of actions should the DevOps engineer take to gather the required metrics?Read More →

A company manages AWS accounts in AWS Organizations.The company needs a solution to send Amazon CloudWatch Logs data to an Amazon S3 bucket in a dedicated AWS account.The solution must support all existing and future CloudWatch Logs log groups.Which solution will meet these requirements?Read More →

A company uses AWS Organizations to manage its AWS accounts.The organization root has a child OU that is named Department.The Department OU has a child OU that is named Engineering.The default FullAWSAccess policy is attached to the root, the Department OU, and the Engineering OU.The company has many AWS accounts in the Engineering OU.Each account has an administrative IAM role with the AdministratorAccess IAM policy attached.The default FullAWSAccessPolicy is also attached to each account.A DevOps engineer plans to remove the FullAWSAccess policy from the Department OU.The DevOps engineer will replace the policy with a policy that contains an Allow statement for all Amazon EC2 API operations.What will happen to the permissions of the administrative 1AM roles as a result of this change?Read More →

A company has a single developer writing code for an automated deployment pipeline.The developer is storing source code in an Amazon S3 bucket for each project.The company wants to add more developers to the team but is concerned about code conflicts and lost work.The company also wants to build a test environment to deploy newer versions of code for testing and allow developers to automatically deploy to both environments when code is changed in the repository.What is the MOST efficient way to meet these requirements?Read More →