Question 1

A government-sponsored health service is running their web application containing information about the clinics, hospitals, medical specialists and other medical services in the country. They also have a set of public web services which enable third-party companies to search medical data for their respective applications and clients. Lambda functions are used for the public APIs. For its database-tier, an Amazon DynamoDB table stores all of the data with an Amazon ES domain which supports the search feature and stores the indexes. A DevOps engineer has been instructed to ensure that in the event of a failed deployment, there should be no downtime and a system should be in place to prevent subsequent deployments. The service must strictly maintain full capacity during API deployment without any reduced capacity to avoid degradation of service.

How can the engineer meet the above requirements in the MOST efficient way?

Options :

A : Deploy the DynamoDB tables, Lambda functions, and Amazon ES domain using AWS CloudFormation. Deploy changes with an AWS CodeDeploy blue/green deployment. Host the web application in AWS Elastic Beanstalk and set the deployment policy to All at Once.

B : Deploy the DynamoDB tables, Lambda functions, and Amazon ES domain using AWS CloudFormation. Deploy changes with an AWS CodeDeploy in-place deployment. Host the web application in AWS Elastic Beanstalk and set the deployment policy to Rolling.

C : Deploy the DynamoDB tables, Lambda functions, and Amazon ES domain using AWS CloudFormation. Deploy changes with an AWS CodeDeploy blue/green deployment. Host the web application in AWS Elastic Beanstalk and set the deployment policy to Immutable.

D : Deploy the DynamoDB tables, Lambda functions, and Amazon ES domain using AWS CloudFormation. Deploy changes with an AWS CodeDeploy blue/green deployment. Host the web application in Amazon S3 and enable cross-region replication.

Answer: C

Question 2

A PHP web application is uploaded to the AWS Elastic Beanstalk of the company's development account to automatically handle the deployment, capacity provisioning, load balancing, auto-scaling, and application health monitoring. Amazon RDS is used as the database, and it is tightly coupled to the Elastic Beanstalk environment. A DevOps Engineer noticed that if you terminate the environment, its database goes down as well. This issue prevents you from performing seamless updates with blue-green deployments. Moreover, this poses a critical security risk if the company decides to deploy the application in its production environment.

How can the DevOps Engineer decouple the database instance from the environment with the LEAST amount of data loss?

Options :

A : Decouple the Amazon RDS instance from your Elastic Beanstalk environment using a blue/green deployment strategy. Enable deletion protection and take an RDS DB snapshot of the database. Set up a new Elastic Beanstalk environment with the necessary information to connect to the Amazon RDS instance and delete the old environment.

B : Decouple the Amazon RDS instance from your Elastic Beanstalk environment using the blue/green deployment strategy to decouple. Take an RDS DB snapshot of the database and enable deletion protection. Set up a new Elastic Beanstalk environment with the necessary information to connect to the Amazon RDS instance. Before terminating the old Elastic Beanstalk environment, remove its security group rule first before proceeding.

C : Decouple the Amazon RDS instance from your Elastic Beanstalk environment using the Canary deployment strategy. Take an RDS DB snapshot of the database and enable deletion protection. Set up a new Elastic Beanstalk environment with the necessary information to connect to the Amazon RDS instance and delete the old environment.

D : Decouple the Amazon RDS instance from your Elastic Beanstalk environment using the Canary deployment strategy. Take an RDS DB snapshot of the database and then set up a new Elastic Beanstalk environment with the necessary information to connect to the Amazon RDS instance.

Answer: B

Question 3

A company has an application that runs on a fleet of Amazon EC2 instances. The application requires frequent restarts. The application logs contain error messages when a restart is required. The application logs are published to a log group in Amazon CloudWatch Logs.

An Amazon CloudWatch alarm notifies an application engineer through an Amazon Simple Notification Service (Amazon SNS) topic when the logs contain a large number of restart-related error messages. The application engineer manually restarts the application on the instances after the application engineer receives a notification from the SNS topic.

A DevOps engineer needs to implement a solution to automate the application restart on the instances without restarting the instances.

Which solution will meet these requirements in the MOST operationally efficient manner?

Options :

A : Configure an AWS Systems Manager Automation runbook that runs a script to restart the application on the instances. Configure the SNS topic to invoke the runbook.

B : Create an AWS Lambda function that restarts the application on the instances. Configure the Lambda function as an event destination of the SNS topic.

C : Configure an AWS Systems Manager Automation runbook that runs a script to restart the application on the instances. Create an AWS Lambda function to invoke the runbook. Configure the Lambda function as an event destination of the SNS topic.

D : Configure an AWS Systems Manager Automation runbook that runs a script to restart the application on the instances. Configure an Amazon EventBridge rule that reacts when the CloudWatch alarm enters ALARM state. Specify the runbook as a target of the rule.

Answer: B

Question 4

A company has an AWS CodeDeploy application. The application has a deployment group that uses a single tag group to identify instances for the deployment of Application. The single tag group configuration identifies instances that have Environment=Production and Name=ApplicationA tags for the deployment of ApplicationA.

The company launches an additional Amazon EC2 instance with Department=Marketing, Environment=Production, and Name=ApplicationB tags. On the next CodeDeploy deployment of Application, the additional instance has ApplicationA installed on it. A DevOps engineer needs to configure the existing deployment group to prevent ApplicationA from being installed on the additional instance.

Which solution will meet these requirements?

Options :

A : Change the current single tag group to include only the Environment=Production tag. Add another single tag group that includes only the Name=ApplicationA tag.

B : Change the current single tag group to include the Department=Marketing, Environment=production, and Name=ApplicationA tags.

C : Add another single tag group that includes only the Department=Marketing tag. Keep the Environment=Production and Name=ApplicationA tags with the current single tag group.

D : Change the current single tag group to include only the Environment=Production tag. Add another single tag group that includes only the Department=Marketing tag.

Answer: D

Question 5

A company's developers use Amazon EC2 instances as remote workstations. The company is concerned that users can create or modify EC2 security groups to allow unrestricted inbound access.

A DevOps engineer needs to develop a solution to detect when users create unrestricted security group rules. The solution must detect changes to security group rules in near real time, remove unrestricted rules, and send email notifications to the security team. The DevOps engineer has created an AWS Lambda function that checks for security group ID from input, removes rules that grant unrestricted access, and sends notifications through Amazon Simple Notification Service (Amazon SNS).

What should the DevOps engineer do next to meet the requirements?

Options :

A : Configure the Lambda function to be invoked by the SNS topic. Create an AWS CloudTrail subscription for the SNS topic. Configure a subscription filter for security group modification events.

B : Create an Amazon EventBridge scheduled rule to invoke the Lambda function. Define a schedule pattern that runs the Lambda function every hour.

C : Create an Amazon EventBridge event rule that has the default event bus as the source. Define the rule’s event pattern to match EC2 security group creation and modification events. Configure the rule to invoke the Lambda function.

D : Create an Amazon EventBridge custom event bus that subscribes to events from all AWS services. Configure the Lambda function to be invoked by the custom event bus.

Answer: C

Higher Test Marks with Free Online DOP-C02 Exam Practice

Buying Options: