Question 1

A leading media company has recently moved its .NET web application from its on-premises network to AWS Elastic Beanstalk for easier deployment and management. An Amazon S3 bucket stores static contents such as PDF files, images, videos, and the likes. An Amazon DynamoDB table stores all of the data of the application. The company has recently launched a series of global marketing campaigns that resulted in unpredictable spikes of incoming traffic. Upon checking, the Operations team discovered that over 80% of the traffic is just duplicate read requests.

As a DevOps Engineer, how can you improve the application's performance for its users around the world?

Options :

A : Use Lambda@Edge to cache the images stored in the S3 bucket. Use DynamoDB Accelerator (DAX) to cache repeated read requests on the web application.

B : Cache the images stored in the S3 bucket using the AWS Elemental MediaPackage. Set up a distributed cache layer using an ElastiCache for Memcached Cluster to serve the repeated read requests on the web application.

C : Create a CloudFront web distribution to cache images stored in the S3 bucket. Use DynamoDB Accelerator (DAX) to cache repeated read requests on the web application.

D : Cache the images stored in the S3 bucket using the AWS Elemental MediaStore. Set up a distributed cache layer using an ElastiCache for Redis Cluster to serve the repeated read requests on the web application.

Answer: C

Question 2

A company uses a single AWS account to test applications on Amazon EC2 instances. The company has turned on AWS Config in the AWS account and has activated the restricted-ssh AWS Config managed rule.

The company needs an automated monitoring solution that will provide a customized notification in real time if any security group in the account is not compliant with the restricted-ssh rule. The customized notification must contain the name and ID of the noncompliant security group.

A DevOps engineer creates an Amazon Simple Notification Service (Amazon SNS) topic in the account and subscribes the appropriate personnel to the topic.

What should the DevOps engineer do next to meet these requirements?

Options :

A : Create an Amazon EventBridge rule that matches an AWS Config evaluation result of NON_COMPLIANT for the restricted-ssh rule. Configure an input transformer for the EventBridge rule. Configure the EventBridge rule to publish a notification to the SNS topic.

B : Configure AWS Config to send all evaluation results for the restricted-ssh rule to the SNS topic. Configure a filter policy on the SNS topic to send only notifications that contain the text of NON_COMPLIANT in the notification to subscribers.

C : Create an Amazon EventBridge rule that matches an AWS Config evaluation result of NON_COMPLIANT for the restricted-ssh rule. Configure the EventBridge rule to invoke AWS Systems Manager Run Command on the SNS topic to customize a notification and to publish the notification to the SNS topic.

D : Create an Amazon EventBridge rule that matches all AWS Config evaluation results of NON_COMPLIANT. Configure an input transformer for the restricted-ssh rule. Configure the EventBridge rule to publish a notification to the SNS topic.

Answer: A

Question 3

A space exploration company receives telemetry data from multiple satellites. Small packets of data are received through Amazon API Gateway and are placed directly into an Amazon Simple Queue Service (Amazon SQS) standard queue. A custom application is subscribed to the queue and transforms the data into a standard format.

Because of inconsistencies in the data that the satellites produce, the application is occasionally unable to transform the data. In these cases, the messages remain in the SQS queue. A DevOps engineer must develop a solution that retains the failed messages and makes them available to scientists for review and future processing.

Which solution will meet these requirements?

Options :

A : Configure AWS Lambda to poll the SQS queue and invoke a Lambda function to check whether the queue messages are valid. If validation fails, send a copy of the data that is not valid to an Amazon S3 bucket so that the scientists can review and correct the data. When the data is corrected, amend the message in the SQS queue by using a replay Lambda function with the corrected data.

B : Convert the SQS standard queue to an SQS FIFO queue. Configure AWS Lambda to poll the SQS queue every 10 minutes by using an Amazon EventBridge schedule. Invoke the Lambda function to identify any messages with a SentTimestamp value that is older than 5 minutes, push the data to the same location as the application-s output location, and remove the messages from the queue.

C : Create an SQS dead-letter queue. Modify the existing queue by including a redrive policy that sets the Maximum Receives setting to 1 and sets the dead-letter queue ARN to the ARN of the newly created queue. Instruct the scientists to use the dead-letter queue to review the data that is not valid. Reprocess this data at a later time.

D : Configure API Gateway to send messages to different SQS virtual queues that are named for each of the satellites. Update the application to use a new virtual queue for any data that it cannot transform, and send the message to the new virtual queue. Instruct the scientists to use the virtual queue to review the data that is not valid. Reprocess this data at a later time.

Answer: C

Question 4

An insurance firm has recently undergone digital transformation and AWS cloud adoption. Its app development team has four environments, namely DEV, TEST, PRE-PROD, and PROD, for its flagship application that is configured with AWS CodePipeline. After several weeks, they noticed that there were several outages caused by misconfigured files or faulty code blocks that were deployed into the PROD environment. A DevOps Engineer has been assigned to add the required steps to identify issues in the application before it is released.

Which of the following is the MOST appropriate combination of steps that the Engineer should implement to identify functional issues during the deployment process? (Select TWO.)

Options :

A : In the pipeline, add an AWS CodeDeploy action to deploy the latest version of the application to the PRE-PROD environment. Set up a manual approval action in the pipeline so that the QA team can perform the required tests. Add another CodeDeploy action that deploys the verified code to the PROD environment after the manual approval action.

B : Migrate the pipeline from CodePipeline to AWS Data Pipeline to enable more CI/CD features. Add a test action that uses Amazon Macie to the pipeline. Run an assessment using the Runtime Behavior Analysis rules package to verify that the deployed code complies with the strict security standards of the company before deploying it to the PROD environment.

C : Add a test action that uses Amazon GuardDuty to the pipeline. Run an assessment using the Runtime Behavior Analysis rules package to verify that the deployed code complies with the strict security standards of the company before deploying it to the PROD environment.

D : Add a test action to the pipeline to run both the unit and functional tests using AWS CodeBuild. Verify that the test results passed before deploying the new application revision to the PROD environment.

E : Add a test action that uses Amazon Inspector to the pipeline. Run an assessment using the Runtime Behavior Analysis rules package to verify that the deployed code complies with the strict security standards of the company before deploying it to the PROD environment.

Answer: A,D

Question 5

A company is building a new pipeline by using AWS CodePipeline and AWS CodeBuild in a build account. The pipeline consists of two stages. The first stage is a CodeBuild job to build and package an AWS Lambda function. The second stage consists of deployment actions that operate on two different AWS accounts: a development environment account and a production environment account. The deployment stages use the AWS CloudFormation action that CodePipeline invokes to deploy the infrastructure that the Lambda function requires.

A DevOps engineer creates the CodePipeline pipeline and configures the pipeline to encrypt build artifacts by using the AWS Key Management Service (AWS KMS) AWS managed key for Amazon S3 (the aws/s3 key). The artifacts are stored in an S3 bucket. When the pipeline runs, the CloudFormation actions fail with an access denied error.

Which combination of actions must the DevOps engineer perform to resolve this error? (Choose two.)

Options :

A : Create an S3 bucket in each AWS account for the artifacts. Allow the pipeline to write to the S3 buckets. Create a CodePipeline S3 action to copy the artifacts to the S3 bucket in each AWS account. Update the CloudFormation actions to reference the artifacts S3 bucket in the production account.

B : Create a customer managed KMS key Configure the KMS key policy to allow the IAM roles used by the CloudFormation action to perform decrypt operations Modify the pipeline to use the customer managed KMS key to encrypt artifacts.

C : Create an AWS managed KMS key. Configure the KMS key policy to allow the development account and the production account to perform decrypt operations. Modify the pipeline to use the KMS key to encrypt artifacts.

D : In the development account and in the production account, create an IAM role for CodePipeline. Configure the roles with permissions to perform CloudFormation operations and with permissions to retrieve and decrypt objects from the artifacts S3 bucket. In the CodePipeline account, configure the CodePipeline CloudFormation action to use the roles.

E : In the development account and in the production account create an IAM role for CodePipeline Configure the roles with permissions to perform CloudFormation operations and with permissions to retrieve and decrypt objects from the artifacts S3 bucket. I the CodePipelme account modify the artifacts S3 bucket policy to allow the roles access Configure the CodePipeline CloudFormation action to use the roles.

Answer: B,E

Free DOP-C02 Mock Exam – Practice Online Confidently

Buying Options: