Question 1

A company uses Amazon RDS for all databases in its AWS accounts. The company uses AWS Control Tower to build a landing zone that has an audit and logging account. All databases must be encrypted at rest for compliance reasons. The company's security engineer needs to receive notification about any noncompliant databases that are in the company’s accounts.

Which solution will meet these requirements with the MOST operational efficiency?

Options :

A : Use AWS Control Tower to activate the optional detective control (guardrail) to determine whether the RDS storage is encrypted. Create an Amazon Simple Notification Service (Amazon SNS) topic in the company-s audit account. Create an Amazon EventBridge rule to filter noncompliant events from the AWS Control Tower control (guardrail) to notify the SNS topic. Subscribe the security engineer-s email address to the SNS topic.

B : Use AWS CloudFormation StackSets to deploy AWS Lambda functions to every account. Write the Lambda function code to determine whether the RDS storage is encrypted in the account the function is deployed to. Send the findings as an Amazon CloudWatch metric to the management account. Create an Amazon Simple Notification Service (Amazon SNS) topic. Create a CloudWatch alarm that notifies the SNS topic when metric thresholds are met. Subscribe the security engineer-s email address to the SNS topic.

C : Create a custom AWS Config rule in every account to determine whether the RDS storage is encrypted. Create an Amazon Simple Notification Service (Amazon SNS) topic in the audit account. Create an Amazon EventBidge rule to filter noncompliant events from the AWS Control Tower control (guardrail) to notify the SNS topic. Subscribe the security engineer-s email address to the SNS topic.

D : Launch an Amazon C2 instance. Run an hourly cron job by using the AWS CLI to determine whether the RDS storage is encrypted in each AWS account. Store the results in an RDS database. Notify the security engineer by sending email messages from the EC2 instance when noncompliance is detected

Answer: A

Question 2

A company deploys an application in two AWS Regions. The application currently uses an Amazon S3 bucket in the primary Region to store data.

A DevOps engineer needs to ensure that the application is highly available in both Regions. The DevOps engineer has created a new S3 bucket in the secondary Region. All existing and new objects must be in both S3 buckets. The application must fail over between the Regions with no data loss.

Which combination of steps will meet these requirements with the MOST operational efficiency? (Choose three.)

Options :

A : Create a new IAM role that allows the Amazon S3 and S3 Batch Operations service principals to assume the role that has the necessary permissions for S3 replication.

B : Create a new IAM role that allows the AWS Batch service principal to assume the role that has the necessary permissions for S3 replication.

C : . Create an S3 Cross-Region Replication (CRR) rule on the source S3 bucket. Configure the rule to use the IAM role for Amazon S3 to replicate to the target S3 bucket

D : Create a two-way replication rule on the source S3 bucket. Configure the rule to use the IAM role for Amazon S3 to replicate to the target S3 bucket.

E : Create an AWS Batch job that has an AWS Fargate orchestration type. Configure the job to use the IAM role for AWS Batch. Specify a Bash command to use the AWS CLI to synchronize the contents of the source S3 bucket and the target S3 bucket

F : Create an operation in S3 Batch Operations to replicate the contents of the source S3 bucket to the target S3 bucket. Configure the operation to use the IAM role for Amazon S3.

Answer: A,C,F

Question 3

A company recently launched multiple applications that use Application Load Balancers. Application response time often slows down when the applications experience problems A DevOps engineer needs to Implement a monitoring solution that alerts the company when the applications begin to perform slowly The DevOps engineer creates an Amazon Simple Notification Semce (Amazon SNS) topic and subscribe the company's email address to the topic What should the DevOps engineer do next to meet the requirements?

Options :

A :

Create an Amazon EventBridge rule that invokes an AWS Lambda function to query the applications on a 5-minute interval Configure the Lambda function to publish a notification to the SNS topic when the applications return errors.

B :

Create an Amazon CloudWatch Synthetics canary that runs a custom script to query the applications on a 5-minute interval. Configure the canary to use the SNS topic when the applications return errors.

C :

Create an Amazon CloudWatch alarm that uses the AWS/AppljcabonELB namespace RequestCountPerTarget metric Configure the CloudWatch alarm to send a notification when the number of connections becomes greater than the configured number of threads that the application supports Configure the CloudWatch alarm to use the SNS topic.

D :

Create an Amazon CloudWatch alarm that uses the AWS/ApplicationELB namespace RequestCountPerTarget metric Configure the CloudWatch alarm to send a notification when the average response time becomes greater than the longest response time that the application supports Configure the CloudWatch alarm to use the SNS topic

Answer: B

Question 4

A company is hosting their high-frequency trading application in AWS which serves millions of investors around the globe. The application is hosted in an Auto Scaling Group of EC2 instances behind an Application Load Balancer with an Amazon DynamoDB database. The architecture was deployed using a CloudFormation template with a Route 53 record. There recently was a production deployment that had caused system degradation and outage, costing the company a significant monetary loss due to their application's unavailability. As a result, the company instructed their DevOps engineer to implement an efficient strategy for deploying updates to their web application with the ability to perform an immediate rollback of the stack. All deployments should maintain the normal number of active EC2 instances to keep the performance of the application.

Which of the following should the DevOps engineer implement to satisfy these requirements?

Options :

A : Configure the UpdatePolicy of the AWS::AutoScaling::AutoscalingGroup resource in the CloudFormation template to use the AutoScalingReplacingUpdate policy. Set the WillReplace property to false. Also, specify the AutoScalingRollingUpdate policy to update instances that are in an Auto Scaling group in batches.

B : Configure the UpdatePolicy of the AWS::AutoScaling::AutoscalingGroup resource in the CloudFormation template to use the AutoScalingRollingUpdate policy. Update the required properties for the new Auto Scaling group policy. Set the MinSuccessfulInstancesPercent property, as well as its corresponding WaitOnResourceSignals and PauseTime properties.

C : Configure the UpdatePolicy of the AWS::AutoScaling::AutoscalingGroup resource in the CloudFormation template to use the AutoScalingReplacingUpdate policy. Update the required properties for the new Auto Scaling group policy. Set the WillReplace property to true.

D : Configure the UpdatePolicy of the AWS::AutoScaling::DeploymentUpdates resource in the CloudFormation template to use the AutoScalingReplacingUpdate policy. Update the required properties for the new Auto Scaling group policy. Set the WillReplace property to false.

Answer: C

Question 5

A leading game development company is planning to host its latest video game on AWS. It is expected that there will be millions of users around the globe that will play the game. The architecture should allow players to send or receive data on the backend in real-time for a better gaming experience. The application libraries and user data of the game must also comply with the data residency requirement wherein all files must remain in the same region. CodeCommit, CodeBuild, CodeDeploy, and CodePipeline should be utilized to build the CI/CD process.

As a DevOps Engineer, which of the following is the MOST suitable and efficient solution that you should implement to satisfy this requirement?

Options :

A : Create a new pipeline using AWS CodePipeline and a CodeCommit repository as the source on multiple AWS regions. Configure the repository of the pipeline for each region to trigger the build and deployment actions whenever there is a new code update. The pipeline will automatically store output files on a default artifact bucket on each region.

B : Create a new pipeline using AWS CodePipeline and a CodeCommit repository as the source in your primary AWS region. Set a CodeBuild test action to run the automated unit and integration tests. Configure the repository to trigger the build and deployment actions whenever there is a new code update. Using the AWS Management Console, set up the pipeline to use cross-region actions that will run the build and deployment actions to other regions. Manually configure the pipeline to automatically store output files on a single S3 bucket.

C : Create a new pipeline using AWS CodePipeline and a CodeCommit repository as the source in your primary AWS region. Configure the repository to trigger the build and deployment actions whenever there is a new code update. Using the AWS Management Console, set up the pipeline to use cross-region actions that will run the build and deployment actions to other regions. The pipeline will automatically store output files on a default artifact bucket on each region.

D : Create a new pipeline using AWS CodePipeline and a CodeCommit repository as the source in your primary AWS region. Configure the repository to trigger the build and deployment actions whenever there is a new code update. Using the AWS Management Console, set up the pipeline to use cross-AZ actions that will run the build and deployment actions to other Availability Zones. The pipeline will automatically store output files on a default artifact bucket on each AZ.

Answer: C

Higher Test Marks with Free Online DOP-C02 Exam Practice

Buying Options: