DOP-C01 : AWS DevOps Engineer Professional : Part 10

DOP-C01 : AWS DevOps Engineer Professional : Part 10

DOP-C01 : AWS DevOps Engineer Professional : Part 10

  1. A company’s popular global web application is hosted on Amazon EC2 instances behind an Application Load Balancer (ALB) using an Auto Scaling group. The company is launching a new feature and expects unpredictable spikes in web traffic. The site currently includes a large amount of media content, and the new feature adds the ability to submit ratings and comments that will be stored in a new Amazon DynamoDB table. A DevOps Engineer is tasked with ensuring the web application can scale with the increased traffic and workload

    Which combination of steps will accomplish this? (Choose two.)

    • Configure an Amazon CloudFront distribution to cache the web application’s static and dynamic content.
    • Configure the web application’s ALB to cache content in Amazon ElastiCache, honoring the HTTP cache headers.
    • Process the new ratings and comments asynchronously using Amazon SQS.
    • Replace the DynamoDB table with DynamoDB Accelerator to store the ratings and comments to reduce latency.
    • Set up AWS Global Accelerator to cache static content and pass dynamic requests to the web application’s ALB endpoint.

  2. An application is deployed on Amazon EC2 instances running in an Auto Scaling group. During the bootstrapping process, the instances register their private IP addresses with a monitoring system. The monitoring system performs health checks frequently by sending ping requests to those IP addresses and sending alerts if an instance becomes non-responsive.

    The existing deployment strategy replaces the current EC2 instances with new ones. A DevOps Engineer has noticed that the monitoring system is sending false alarms during a deployment, and is tasked with stopping these false alarms.

    Which solution will meet these requirements without affecting the current deployment method?

    • Define an Amazon CloudWatch Events target, an AWS Lambda function, and a lifecycle hook attached to the Auto Scaling group. Configure CloudWatch Events to invoke Amazon SNS to send a message to the Systems Administrator group for remediation.
    • Define an AWS Lambda function and a lifecycle hook attached to the Auto Scaling group. Configure the lifecycle hook to invoke the Lambda function, which removes the entry of the private IP from the monitoring system upon instance termination.
    • Define an Amazon CloudWatch Events target, an AWS Lambda function, and a lifecycle hook attached to the Auto Scaling group. Configure CloudWatch Events to invoke the Lambda function, which removes the entry of the private IP from the monitoring system upon instance termination.
    • Define an AWS Lambda function that will run a script when instance termination occurs in an Auto Scaling group. The script will remove the entry of the private IP from the monitoring system.

  3. An application that runs on Amazon EC2 instances behind an Application Load Balancer is deployed using AWS Elastic Beanstalk. During a recent rolling deployment, users experienced application errors even though application health checks were passing on all instances. A log analysis shows that the errors were caused by user requests being processed by two different versions of the application behind the same load balancer. The analysis also shows a recent change made the responses backward incompatible.

    Which deployment method will address these issues?

    • Update Elastic Beanstalk to deploy using the all at once method.
    • Update Elastic Beanstalk to deploy using the blue/green method.
    • Update Elastic Beanstalk to deploy using the immutable method.
    • Update Elastic Beanstalk to deploy using the rolling with additional batch method.

  4. A DevOps Engineer is tasked with moving a mission-critical business application running in Go to AWS. The Development team running this application is understaffed and requires a solution that allows the team to focus on application development. They also want to enable blue/green deployments and perform A/B testing.

    Which solution will meet these requirements?

    • Deploy the application on an Amazon EC2 instance and create an AMI of this instance. Use this AMI to create an automatic scaling launch configuration that is used in an Auto Scaling group. Use an Elastic Load Balancer to distribute traffic. When changes are made to the application, a new AMI is created and replaces the launch configuration.
    • Use Amazon Lightsail to deploy the application. Store the application in a zipped format in an Amazon S3 bucket. Use this zipped version to deploy new versions of the application to Lightsail. Use Lightsail deployment options to manage the deployment.
    • Use AWS CodePipeline with AWS CodeDeploy to deploy the application to a fleet of Amazon EC2 instances. Use an Elastic Load Balancer to distribute the traffic to the EC2 instances. When making changes to the application, upload a new version to CodePipeline and let it deploy the new version.
    • Use AWS Elastic Beanstalk to host the application. Store a zipped version of the application in Amazon S3, and use that location to deploy new versions of the application using Elastic Beanstalk to manage the deployment options.

  5. An ecommerce company is looking for ways to deploy an application on AWS that satisfies the following requirements:

    – Has a simple and automated application deployment process.
    – Has minimal deployment costs while ensuring that at least half of the instances are available to receive end-user requests.
    – If the application fails, an automated healing mechanism will replace the affected instances.

    Which deployment strategy will meet these requirements?

    • Create an AWS Elastic Beanstalk environment and configure it to use Auto Scaling and an Elastic Load Balancer. Use rolling deployments with a batch size of 50%.
    • Create an AWS OpsWorks stack. Configure the application layer to use rolling deployments as a deployment strategy. Add an Elastic Load Balancing layer. Enable auto healing on the application layer.
    • Use AWS CodeDeploy with Auto Scaling and an Elastic Load Balancer. Use the CodeDeployDefault.HalfAtAtime deployment strategy. Enable an Elastic Load Balancing health check to report the status of the application, and set the Auto Scaling health check to ELB.
    • Use AWS CodeDeploy with Auto Scaling and an Elastic Load Balancer. Use a blue/green deployment strategy. Enable an Elastic Load Balancing health check to report the status of the application, and set the Auto Scaling health check to ELB.

  6. A DevOps engineer is tasked with migrating Docker containers used for a workload to AWS. The solution must allow for changes to be deployed into development and test environments automatically by updating each container and checking it into a container registry. Once the containers are pushed, they must be deployed automatically.

    Which solution will meet these requirements?

    • Store container images in Amazon S3. Run the containers in AWS Elastic Beanstalk using a multicontainer Docker environment. Configure Elastic Beanstalk to redeploy the containers if it detects a new version in Amazon S3.
    • Store container images in AWS Artifact. Use AWS CodePipeline to trigger a deployment if a new container version is created. Use AWS CodeDeploy to deploy new containers to Amazon EKS.
    • Store container images in Amazon ECR. Use AWS CodePipeline to trigger a deployment if a new container version is created. Use AWS CodeDeploy to deploy the image to AWS Fargate.
    • Store container images in Docker Hub. Install Docker on an Amazon EC2 instance and use AWS CodePipeline and AWS CodeDeploy to deploy any new containers.

  7. A Development team wants to deploy an application using AWS CloudFormation stacks, but the Developer IAM role does not currently have the required permissions to provision the resources specified in the CloudFormation template. A DevOps Engineer is tasked with allowing Developers to deploy the stacks while following the principal of least privilege.

    Which solution will meet these requirements?

    • Create an IAM policy that allows Developers to provision the required resources. Attach the policy to the Developer role.
    • Create an IAM policy that allows full access to CloudFormation. Attach the policy to the Developer role.
    • Create an AWS CloudFormation service role that has the required permissions. Grant the developer IAM role a cloudformation:* action. Use the new service role during stack deployments.
    • Create an AWS CloudFormation service role that has the required permissions. Grant the developer IAM role the iam:PassRole permission. Use the new service role during stack deployments.

  8. A company plans to stop using Amazon EC2 key pairs for SSH access, and instead plans to use AWS Systems Manager Session Manager. To further enhance security, access to Session Manager must take place over a private network only.

    Which combinations of actions will accomplish this? (Choose two.)

    • Allow inbound access to TCP port 22 in all associated EC2 security groups from the VPC CIDR range.
    • Attach an IAM policy with the necessary Systems Manager permissions to the existing IAM instance profile.
    • Create a VPC endpoint for Systems Manager in the desired Region.
    • Deploy a new EC2 instance that will act as a bastion host to the rest of the EC2 instance fleet.
    • Remove any default routes in the associated route tables.

  9. A company recently launched an application that is more popular than expected. The company wants to ensure the application can scale to meet increasing demands and provide reliability using multiple Availability Zones (AZs). The application runs on a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB). A DevOps engineer has created an Auto Scaling group across multiple AZs for the application. Instances launched in the newly added AZs are not receiving any traffic for the application.

    What is likely causing this issue?

    • Auto Scaling groups can create new instances in a single AZ only.
    • The EC2 instances have not been manually associated to the ALB.
    • The ALB should be replaced with a Network Load Balancer (NLB).
    • The new AZ has not been added to the ALB.

  10. A DevOps engineer has automated a web service deployment by using AWS CodePipeline with the following steps:

    1. An AWS CodeBuild project compiles the deployment artifact and runs unit tests.
    2. An AWS CodeDeploy deployment group deploys the web service to Amazon EC2 instances in the staging environment.
    3. A CodeDeploy deployment group deploys the web service to EC2 instances in the production environment.

    The quality assurance (QA) team requests permission to inspect the build artifact before the deployment to the production environment occurs. The QA team wants to run an internal penetration testing tool to conduct manual tests. The tool will be invoked by a REST API call.

    Which combination of actions should the DevOps engineer take to fulfill this request? (Choose two.)

    • Insert a manual approval action between the test actions and deployment actions of the pipeline.
    • Modify the buildspec.yml file for the compilation stage to require manual approval before completion.
    • Update the CodeDeploy deployment groups so that they require manual approval to proceed.
    • Update the pipeline to directly call the REST API for the penetration testing tool.
    • Update the pipeline to invoke a Lambda function that calls the REST API for the penetration testing tool.

  11. A development team manually builds an artifact locally and then places it in an Amazon S3 bucket. The application has a local cache that must be cleared when a deployment occurs. The team executes a command to do this, downloads the artifact from Amazon S3, and unzips the artifact to complete the deployment.

    A DevOps team wants to migrate to a CI/CD process and build in checks to stop and roll back the deployment when a failure occurs. This requires the team to track the progression of the deployment.

    Which combination of actions will accomplish this? (Choose three.)

    • Allow developers to check the code into a code repository. Using Amazon CloudWatch Events, on every pull into master, trigger an AWS Lambda function to build the artifact and store it in Amazon S3.
    • Create a custom script to clear the cache. Specify the script in the BeforeInstall lifecycle hook in the AppSpec file.
    • Create user data for each Amazon EC2 instance that contains the clear cache script. Once deployed, test the application. If it is not successful, deploy it again.
    • Set up AWS CodePipeline to deploy the application. Allow developers to check the code into a code repository as a source for the pipeline.
    • Use AWS CodeBuild to build the artifact and place it in Amazon S3. Use AWS CodeDeploy to deploy the artifact to Amazon EC2 instances.
    • Use AWS Systems Manager to fetch the artifact from Amazon S3 and deploy it to all the instances.

  12. A law firm is running a web application on AWS. The system manages legal documents uploaded by users, and stores the documents in Amazon S3. Users have complained that file uploads are taking too long and there are timeouts during peak usage. A DevOps engineer found that web servers are managing concurrent uploads and are overloaded.

    Which actions should be taken to troubleshoot the issue in the MOST cost-effective manner?

    • Create an AWS CloudFront distribution in front of the web servers, and modify the application to upload to Amazon S3 using S3 Transfer Acceleration.
    • Modify the application so the browser uses a signed URL to directly upload to Amazon S3 using multipart uploads.
    • Create an AWS CloudFront distribution in front of the web servers, and modify the application to store files in Amazon EFS in the Max I/O performance mode.
    • Place the web servers in an Amazon EC2 Auto Scaling group to include Spot Instances and modify the application to upload to Amazon S3 using multipart uploads.

  13. An ecommerce company is running an application on AWS. The company wants to create a standby disaster recovery solution in an additional Region that keeps the current application code. The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an EC2 Auto Scaling group across multiple Availability Zones. The database layer is hosted on an Amazon RDS MySQL Multi-AZ DB instance. Amazon Route 53 DNS records point to the ALB.

    Which combination of actions will meet these requirements with the LOWEST cost? (Choose three.)

    • Configure a failover routing policy for the application DNS entry.
    • Configure a geolocation routing policy for the application DNS entry.
    • Create a cross-Region RDS read replica in the new standby Region.
    • Migrate the database layer to Amazon DynamoDB and enable global replication to the new standby Region.
    • Provision the ALB and Auto Scaling group in the new standby Region and set the desired capacity to match the active Region.
    • Provision the ALB and Auto Scaling group in the new standby Region and set the desired capacity to 1.

  14. A DevOps engineer is creating a CI/CD pipeline for an Amazon ECS service. The ECS container instances run behind an Application Load Balancer as the web tier of a three-tier application. An acceptance criterion for a successful deployment is the verification that the web tier can communicate with the database and middleware tiers of the application upon deployment.

    How can this be accomplished in an automated fashion?

    • Create a health check endpoint in the web application that tests connectivity to the data and middleware tiers. Use this endpoint as the health check URL for the load balancer.
    • Create an approval step for the quality assurance team to validate connectivity. Reject changes in the pipeline if there is an issue with connecting to the dependent tiers.
    • Use an Amazon RDS active connection count and an Amazon CloudWatch ELB metric to alarm on a significant change to the number of open connections.
    • Use Amazon Route 53 health checks to detect issues with the web service and roll back the CI/CD pipeline if there is an error.

  15. A DevOps team wants to implement their containerized application using AWS. The deployment must meet the following requirements:

    – There should be minimal downtime during deployment.
    – The application must be functionally tested to be considered a success.

    How can the DevOps team automate this deployment?

    • Use AWS Elastic Beanstalk with a multi-Docker container solution stack. Select immutable updates as a deployment strategy. Select enhanced health as a monitoring type in the Elastic Beanstalk environment to ensure health checks are transmitted at deployment.
    • Use an Amazon ECS cluster and service with an Application Load Balancer and an AWS CodeDeploy blue/green deployment type. Define a production port and a test port in Amazon ECS. Write an AWS Lambda function to test the application, and reference it within the AfterAllowTestTraffic hook in the appspec.yml.
    • Use AWS CloudFormation to provision Amazon EC2 instances behind an Application Load Balancer. Deploy the containers using Amazon ECS. Upon deployment, replicate the configuration in the new EC2 instances, perform testing, and switch traffic from the old Application Load Balancer to the new one using Amazon Route 53.
    • Use an Amazon ECS cluster and service along with Amazon EC2 instances and an Application Load Balancer. Select rolling update as a deployment strategy. Add a Docker health check within the task definition to ensure rollback if the health check fails.

  16. A company is using Amazon EC2 for various workloads. Company policy requires that instances be managed centrally to standardize configurations. These configurations include standard logging, metrics, security assessments, and weekly patching.

    How can the company meet these requirements? (Choose three.)

    • Use AWS Config to ensure all EC2 instances are managed by Amazon Inspector.
    • Use AWS Config to ensure all EC2 instances are managed by AWS Systems Manager.
    • Use AWS Systems Manager to install and manage Amazon Inspector, Systems Manager Patch Manager, and the Amazon CloudWatch agent on all instances.
    • Use Amazon Inspector to install and manage AWS Systems Manager, Systems Manager Patch Manager, and the Amazon CloudWatch agent on all instances.
    • Use AWS Systems Manager maintenance windows with Systems Manager Run Command to schedule Systems Manager Patch Manager tasks. Use the Amazon CloudWatch agent to schedule Amazon Inspector assessment runs.
    • Use AWS Systems Manager maintenance windows with Systems Manager Run Command to schedule Systems Manager Patch Manager tasks. Use Amazon CloudWatch Events to schedule Amazon Inspector assessment runs.

  17. A company has built a web service that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The company has deployed the application in us-east-1. Amazon Route 53 provides an external DNS that routes traffic from example.com to the application, created with appropriate health checks.

    The company has deployed a second environment for the application in eu-west-1. The company wants traffic to be routed to whichever environment results in the best response time for each user. If there is an outage in one Region, traffic should be directed to the other environment.

    Which configuration will achieve these requirements?

    • – A subdomain us.example.com with weighted routing: the US ALB with weight 2 and the EU ALB with weight 1.
      – Another subdomain eu.example.com with weighted routing: the EU ALB with weight 2 and the US ALB with weight 1.
      – Geolocation routing records for example.com: North America aliased to us.example.com and Europe aliased to eu.example.com.
    • – A subdomain us.example.com with latency-based routing: the US ALB as the first target and the EU ALB as the second target.
      – Another subdomain eu.example.com with latency-based routing: the EU ALB as the first target and the US ALB as the second target.
      – Failover routing records for example.com aliased to us.example.com as the first target and eu.example.com as the second target.
    • – A subdomain us.example.com with failover routing: the US ALB as primary and the EU ALB as secondary.
      – Another subdomain eu.example.com with failover routing: the EU ALB as primary and the US ALB as secondary.
      – Latency-based routing records for example.com that are aliased to us.example.com and eu.example.com.
    • – A subdomain us.example.com with multivalue answer routing: the US ALB first and the EU ALB second.
      – Another subdomain eu.example.com with multivalue answer routing: the EU ALB first and the US ALB second.
      – Failover routing records for example.com that are aliased to us.example.com and eu.example.com.

  18. A company hosts its staging website using an Amazon EC2 instance backed with Amazon EBS storage. The company wants to recover quickly with minimal data losses in the event of network connectivity issues or power failures on the EC2 instance.

    Which solution will meet these requirements?

    • Add the instance to an EC2 Auto Scaling group with the minimum, maximum, and desired capacity set to 1.
    • Add the instance to an EC2 Auto Scaling group with a lifecycle hook to detach the EBS volume when the EC2 instance shuts down or terminates.
    • Create an Amazon CloudWatch alarm for the StatusCheckFailed_System metric and select the EC2 action to recover the instance.
    • Create an Amazon CloudWatch alarm for the StatusCheckFailed_Instance metric and select the EC2 action to reboot the instance.

  19. A company has a legacy application running on AWS. The application can only run on one Amazon EC2 instance at a time. Application metadata is stored in Amazon S3 and must be retrieved if the instance is restarted. The instance should be automatically restarted or relaunched if performance degrades.

    Which solution will satisfy these requirements?

    • Create an Amazon CloudWatch alarm to monitor the EC2 instance. When the StatusCheckFailed system alarm is triggered, use the recover action to stop and start the instance. Use a trigger in Amazon S3 to push the metadata to the instance when it is back up and running.
    • Use the auto healing feature in AWS OpsWorks to stop and start the EC2 instance. Use a lifecycle event in OpsWorks to pull the data from Amazon S3 and update it on the instance.
    • Use the Auto Recovery feature in Amazon EC2 to automatically stop and start the EC2 instance in case of a failure. Use a trigger in Amazon S3 to push the metadata to the instance when it is back up and running.
    • Use AWS CloudFormation to create an EC2 instance that includes the user-data property for the EC2 resource. Add a command in user-data to retrieve the application metadata from Amazon S3.

  20. A company wants to migrate a legacy application to AWS and develop a deployment pipeline that uses AWS services only. A DevOps engineer is migrating all of the application code from a Git repository to AWS CodeCommit while preserving the history of the repository. The DevOps engineer has set all the permissions within CodeCommit, installed the Git client and the AWS CLI on a local computer, and is ready to migrate the repository.

    Which actions will follow?

    • Create the CodeCommit repository using the AWS CLI. Clone the Git repository directly to CodeCommit using the AWS CLI. Validate that the files were migrated, and publish the CodeCommit repository.
    • Create the CodeCommit repository using the AWS Management Console. Clone both the Git and CodeCommit repositories to the local computer. Copy the files from the Git repository to the CodeCommit repository on the local computer. Commit the CodeCommit repository. Validate that the files were migrated, and share the CodeCommit repository.
    • Create the CodeCommit repository using the AWS Management Console. Use the console to clone the Git repository into the CodeCommit repository. Validate that the files were migrated, and publish the CodeCommit repository.
    • Create the CodeCommit repository using the AWS Management Console or the AWS CLI. Clone the Git repository with a mirror argument to the local computer and push the repository to CodeCommit. Validate that the files were migrated, and share the CodeCommit repository.