DOP-C01 Exam Training Practice Tests (Amazon AWS Certified DevOps Engineer

Question 1

A company that uses electronic health records is running a fleet of Amazon EC2 instances with an Amazon Linux operating system. As part of patient privacy requirements, the company must ensure continuous compliance for patches for operating system and applications running on the EC2 instances. How can the deployments of the operating system and application patches be automated using a default and custom repository?

A. Use AWS Systems Manager to create a new patch baseline including the custom repository.
Execute the AWS-RunPatchBaseline document using the run command to verify and install patches. B. Use yum-config-manager to add the custom repository under /etc/yum.repos.d and run yum- to activate the repository.
config-manager-enable C. Use AWS Direct Connect to integrate the corporate repository and deploy the patches using Amazon CloudWatch scheduled events, then use the CloudWatch dashboard to create reports. D. Use AWS Systems Manager to create a new patch baseline including the corporate repository.
Execute the AWS-AmazonLinuxDefaultPatchBaseline document using the run command to verify and install patches.

Correct Answer: A

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 2

A DevOps engineer is troubleshooting deployments to a new application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. Instances sometimes come online before they are ready, which is leading to increased error rates among users. The current health check configuration gives instances a 60-second grace period and considers instances healthy after two
200 response codes from /index.php, a page that may respond intermittently during the deployment process. The development team wants instances to come online as soon as possible.
Which strategy would address this issue?

A. Increase the instance grace period from 60 second to 120 seconds, and change the response code requirement from 200 to 204. B. Modify the deployment script to create a /health-check.php file when all tasks are complete, then modify the health check path to point to that file. C. Modify the deployment script to create a /health-check.php file when the deployment begins, then modify the health check path to point to that file. D. Increase the instance grace period from 60 seconds to 180 seconds, and the consecutive health check requirement from 2 to 3.

Correct Answer: B

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 3

A rapidly growing company wants to scale for Developer demand for AWS development environments. Development environments are created manually in the AWS Management Console. The Networking team uses AWS CloudFormation to manage the networking infrastructure, exporting stack output values for the Amazon VPC and all subnets. The development environments have common standards, such as Application Load Balancers, Amazon EC2 Auto Scaling groups, security groups, and Amazon DynamoDB tables.
To keep up with the demand, the DevOps Engineer wants to automate the creation of development environments. Because the infrastructure required to support the application is expected to grow, there must be a way to easily update the deployed infrastructure.
CloudFormation will be used to create a template for the development environments.
Which approach will meet these requirements and quickly provide consistent AWS environments for Developers?

A. Use nested stacks to define common infrastructure components. Use Fn::ImportValue intrinsic functions with the resources of the nested stack to retrieve Virtual Private Cloud (VPC) and subnet values. Use the CreateChangeSet and ExecuteChangeSet commands to update existing development environments. B. Use Fn:ImportValue intrinsic functions in the Parameters section of the master template to retrieve Virtual Private Cloud (VPC) and subnet values. Define the development resources in the order they need to be created in the CloudFormation nested stacks. Use the CreateChangeSet and commands to update existing development environments.
ExecuteChangeSet C. Use nested stacks to define common infrastructure components. To access the exported values, use to reference the Networking team's template. To retrieve Virtual Private Cloud (VPC) TemplateURL and subnet values, use Fn::ImportValue intrinsic functions in the Parameters section of the master template. Use the CreateChangeSet and ExecuteChangeSet commands to update existing development environments. D. Use Fn:ImportValue intrinsic functions in the Resources section of the template to retrieve Virtual Private Cloud (VPC) and subnet values. Use CloudFormation StackSets for the development environments, using the Count input parameter to indicate the number of environments needed.
use the UpdateStackSet command to update existing development environments.

Correct Answer: A

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 4

A DevOps Engineer at a startup cloud-based gaming company has the task formalizing deployment strategies. The strategies must meet the following requirements:
- Use standard Git commands, such as git clone and git push for the
code repository.
- Management tools should maximize the use of platform solutions where
possible.
- Deployment packages must be immutable and in the form of Docker
images.
How can the Engineer meet these requirements?

A. Use AWS CodePipeline to trigger a build process when software is pushed to a self-hosted GitHub repository.
CodePipeline will use a Jenkins build server to build new Docker images.
CodePipeline will deploy into a second target group in Amazon ECS behind an Application Load Balancer.
Cutover will be managed by swapping the listener rules on the Application Load Balancer. B. Use AWS CodePipeline to trigger a build process when software is pushed to a private GitHub repository.
CodePipeline will use AWS CodeBuild to build new Docker images.
CodePipeline will deploy into a second target group in Amazon ECS behind an Application Load Balancer.
Cutover will be managed by swapping the listener rules on the Application Load Balancer. C. Use a Jenkins pipeline to trigger a build process when software is pushed to a private GitHub repository.
AWS CodePipeline will use AWS CodeBuild new Docker images.
CodePipeline will deploy into a second target group in Amazon ECS behind an Application Load Balancer.
Cutover will be managed by swapping the listener rules on the Application Load Balancer. D. Use AWS CodePipeline to trigger a build process when software is pushed to an AWS CodeCommit repository CodePipeline will use an AWS CodeBuild build server to build new Docker images.
CodePipeline will deploy into a second target group in a Kubernetes Cluster hosted on Amazon EC2 behind an Application Load Balancer.
Cutover will be managed by swapping the listener rules on the Application Load Balancer.

Correct Answer: B

Question 5

A DevOps Engineer just joined a new company that is already running workloads on Amazon EC2 instances. AWS has been adopted incrementally with no central governance. The Engineer must now assess how well the existing deployments comply with the following requirements:
- EC2 instances are running only approved AMIs.
- Amazon EBS volumes are encrypted.
- EC2 instances have an Owner tag.
- Root login over SSH is disabled on EC2 instances.
Which services should the Engineer use to perform this assessment with the LEAST amount of effort? (Select TWO.)

A. AWS Directory Service B. Amazon Inspector C. AWS Config D. Amazon GuardDuty E. AWS System Manager

Correct Answer: B,C

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 6

After a daily scrum with your development teams, you've agreed that using Blue/Green style deployments would benefit the team.
Which technique should you use to deliver this new requirement?

A. Re-deploy your application behind a load balancer that uses Auto Scaling groups, create a new identical Auto Scaling group, and associate it to the load balancer. During deployment, set the desired number of instances on the old Auto Scaling group to zero, and when all instances have terminated, delete the old Auto Scaling group. B. Re-deploy your application on AWS Elastic Beanstalk, and take advantage of Elastic Beanstalk deployment types. C. Using an AWS CloudFormation template, re-deploy your application behind a load balancer, launch a new AWS CloudFormation stack during each deployment, update your load balancer to send half your traffic to the new stack while you test, after verification update the load balancer to send 100% of traffic to the new stack, and then terminate the old stack. D. Using an AWS OpsWorks stack, re-deploy your application behind an Elastic Load Balancing load balancer and take advantage of OpsWorks stack versioning, during deployment create a new version of your application, tell OpsWorks to launch the new version behind your load balancer, and when the new version is launched, terminate the old OpsWorks stack.

Correct Answer: A

Question 7

Your system automatically provisions EIPs to EC2 instances in a VPC on boot. The system provisions the whole VPC and stack at once. You have two of them per VPC. On your new AWS account, your attempt to create a Development environment failed, after successfully creating Staging and Production environments in the same region. What happened?

A. You hit the soft limit of 2 VPCs per region and requested a 3rd. B. You didn't set the Development flag to true when deploying EC2 instances. C. You hit the soft limit of 5 EIPs per region and requested a 6th. D. You didn't choose the Development version of the AMI you are using.

Correct Answer: C

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 8

A DevOps Engineer discovered a sudden spike in a website's page load times and found that a recent deployment occurred. A brief diff of the related commit shows that the URL for an external API call was altered and the connecting port changed from 80 to 443. The external API has been verified and works outside the application. The application logs show that the connection is now timing out, resulting in multiple retries and eventual failure of the call.
Which debug steps should the Engineer take to determine the root cause of the issue'?

A. Check the egress security group rules and network ACLs for the VPC. Also check the VPC flow logs looking for accepts originating from the web Auto Scaling group. B. Check the application logs being written to Amazon CloudWatch Logs for debug information.
Check the ingress security group rules and routing rules for the VPC. C. Check the existing egress security group rules and network ACLs for the VPC. Also check the application logs being written to Amazon CloudWatch Logs for debug information. D. Check the VPC Flow Logs looking for denies originating from Amazon EC2 instances that are part of the web Auto Scaling group. Check the ingress security group rules and routing rules for the VPC.

Correct Answer: A

Question 9

A company is using AWS to deploy an application. The development team must automate the deployments. The team has created an AWS CodePipeline pipeline to deploy the application to Amazon EC2 instances using AWS CodeDeploy after it has been built using AWS CodeBuild.
The team wants to add automated testing to the pipeline to confirm that the application is healthy before deploying the code to the EC2 instances. The team also requires a manual approval action before the application is deployed, even if the tests are successful. The testing and approval must be accomplished at the lowest costs, using the simplest management solution.
Which solution will meet these requirements?

A. Create a test action after the build action.
Use a Jenkins server on Amazon EC2 to perform the required tests and mark the action as successful if the tests pass.
Create a manual approval action that uses Amazon SQS to notify the team and add a deploy action to deploy the application to the next stage. B. Create a new pipeline that uses a source action that gets the code from the same repository as the first pipeline.
Add a deploy action to deploy the code to a test environment.
Use a test action using AWS Lambda to test the deployment.
Add a manual approval action by using Amazon SNS to notify the team, and add a deploy action to deploy the application to the next stage. C. Create a test action after the CodeBuild build of the pipeline.
Configure the action to use CodeBuild to perform the required test.
If these tests are successful, mark the action as successful.
Add a manual approval action that uses Amazon SNS to notify the team, and add a deploy action to deploy the application to the next stage. D. Create a manual approval action after the build action of the pipeline.
Use Amazon SNS to inform the team of the stage being triggered.
Next, add a test action using CodeBuild to perform the required tests.
At the end of the pipeline, add a deploy action to deploy the application to the next stage.

Correct Answer: C

Question 10

You have just come from your Chief Information Security Officer's (CISO) office with the instructions to provide an audit report of all AWS network rules used by the organization's Amazon EC2 instances. You have discovered that a single Describe-Security-Groups API call will return all of an account's security groups and rules within a region.
You create the following pseudo-code to create the required report:
- Parse "aws ec2 describe-security-groups" output
- For each security group
- Create report of ingress and egress rules
Which two additional pieces of logic should you include to meet the CISO's requirements?
Choose 2 answers

A. Evaluate AWS CloudTrail logs. B. Parse security groups in each Availability Zone and region. C. Evaluate Elastic Load Balancing access control lists. D. Parse security groups in each region. E. Evaluate VPC network access control lists. F. Parse CloudFront access control lists.

Correct Answer: D,E

Question 11

Two teams are working together on different portions of an architecture and are using AWS CloudFormation to manage their resources. One team administers operating system-level updates and patches, while the other team manages application-level dependencies and updates. The Application team must take the most recent AMI when creating new instances and deploying the application. What is the MOST scalable method for linking these two teams and processes?

A. The Operating System team uses CloudFormation to create new versions of their AMIs and lists the Amazon Resource names (ARNs) of the AMIs in an encrypted Amazon S3 object as part of the stack output section. The Application team uses a cross-stack reference to load the encrypted S3 object and obtain the most recent AMI ARNs. B. The Operating System team uses CloudFormation stack to create an AWS CodePipeline pipeline that builds new AMIs, then places the latest AMI ARNs in an encrypted Amazon S3 object as part of the pipeline output. The Application team uses a cross-stack reference within their own CloudFormation template to get that S3 object location and obtain the most recent AMI ARNs to use when deploying their application. C. The Operating System team uses CloudFormation stack to create an AWS CodePipeline pipeline that builds new AMIs. The team then places the AMI ARNs as parameters in AWS Systems Manager Parameter Store as part of the pipeline output. The Application team specifies a parameter of type ssm in their CloudFormation stack to obtain the most recent AMI ARN from the Parameter Store. D. The Operating System team maintains a nested stack that includes both the operating system and Application team templates. The Operating System team uses a stack update to deploy updates to the application stack whenever the Application team changes the application code.

Correct Answer: C

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 12

A company is testing a web application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The company uses a blue/green deployment process with immutable instances when deploying new software. During testing, users are being automatically logged out of the application at random times. Testers also report that, when a new version of the application is deployed, all users are logged out. The Development team needs a solution to ensure users remain logged in across scaling events and application deployments.
What is the MOST efficient way to ensure users remain logged in?

A. Store user session information in an Amazon S3 bucket and modify the application to read session information from the bucket. B. Enable smart sessions on the load balancer and modify the application to check for an existing session. C. Enable session sharing on the load balancer and modify the application to read from the session store. D. Modify the application to store user session information in an Amazon ElastiCache cluser.

Correct Answer: D

Question 13

An ecommerce company is looking for ways to deploy an application on AWS that satisfies the following requirements:
- Has a simple and automated application deployment process.
- Has minimal deployment costs while ensuring that at least half of the instances are available to receive end-user requests.
- If the application fails, an automated healing mechanism will replace the affected instances.
Which deployment strategy will meet these requirements?

A. Create an AWS Elastic Beanstalk environment and configure it to use Auto Scaling and an Elastic Load Balancer.
Use rolling deployments with a batch size of 50%. B. Create an AWS OpsWorks stack.
Configure the application layer to use rolling deployments as a deployment strategy.
Add an Elastic Load Balancing layer.
Enable auto healing on the application layer. C. Use AWS CodeDeploy with Auto Scaling and an Elastic Load Balancer.
Use the CodeDeployDefault.HalfAtAtime deployment strategy.
Enable an Elastic Load Balancing health check to report the status of the application, and set the Auto Scaling health check to ELB. D. Use AWS CodeDeploy with Auto Scaling and an Elastic Load Balancer.
Use a blue/green deployment strategy.
Enable an Elastic Load Balancing health check to report the status of the application, and set the Auto Scaling health check to ELB.

Correct Answer: C

Question 14

You were just hired as a DevOps Engineer for a startup. Your startup uses AWS for 100% of their infrastructure. They currently have no automation at all for deployment, and they have had many failures while trying to deploy to production. The company has told you deployment process risk mitigation is the most important thing now, and you have a lot of budget for tools and AWS resources.
Their stack:
2-tier API
Data stored in DynamoDB or S3, depending on type
Compute layer is EC2 in Auto Scaling Groups
They use Route53 for DNS pointing to an ELB
An ELB balances load across the EC2 instances
The scaling group properly varies between 4 and 12 EC2 servers. Which of the following approaches, given this company's stack and their priorities, best meets the company's needs?

A. Model the stack in 3 CloudFormation templates: Data layer, compute layer, and networking layer.
Write stack deployment and integration testing automation following Blue-Green methodologies. B. Model the stack in AWS OpsWorks as a single Stack, with 1 compute layer and its associated ELB.
Use Chef and App Deployments to automate Rolling Deployment. C. Model the stack in 1 CloudFormation template, to ensure consistency and dependency graph resolution. Write deployment and integration testing automation following Rolling Deployment methodologies. D. Model the stack in AWS Elastic Beanstalk as a single Application with multiple Environments. Use Elastic Beanstalk's Rolling Deploy option to progressively roll out application code changes when promoting across environments.

Correct Answer: A

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Amazon AWS Certified DevOps Engineer - Professional - DOP-C01 Exam Practice Test