Amazon DOP-C02 Dumps Questions Answers

Amazon DOP-C02 Dumps

Dumps4download providing 100% reliable Exam dumps that are verified by experts panel. Our Dumps4download DOP-C02 study material are totally unique and exam questions are valid all over the world. By using our DOP-C02 dumps we assure you that you will pass your exam on first attempt. You can easily score more than 97%.

100% exam passing Guarantee on your purchased exams.

100% money back guarantee if you will not clear your exam.

Amazon DOP-C02 Practice Test Helps You Turn Dreams To Reality!

IT Professionals from every sector are looking up certifications to boost their careers. Amazon being the leader certification provider earns the most demand in the industry.

The Amazon Certification is your short-cut to an ever-growing success. In the process, Dumps4download is your strongest coordinator, providing you with the best DOP-C02 Dumps PDF as well as Online Test Engine. Let’s steer your career to a more stable future with interactive and effective DOP-C02 Practice Exam Dumps.

Many of our customers are already excelling in their careers after achieving their goals with our help. You can too be a part of that specialized bunch with a little push in the right direction. Let us help you tread the heights of success.

Apply for the DOP-C02 Exam right away so you can get certified by using our Amazon Dumps.

Bulk Exams Package

Dumps4download Leads You To A 100% Success in First Attempt!

Our DOP-C02 Dumps PDF is intended to meet the requirements of the most suitable method for exam preparation. We especially hired a team of experts to make sure you get the latest and compliant DOP-C02 Practice Test Questions Answers. These questions are been selected according to the most relevance as well as the highest possibility of appearing in the exam. So, you can be sure of your success in the first attempt.

Interactive & Effective DOP-C02 Dumps PDF + Online Test Engine

Aside from our Amazon DOP-C02 Dumps PDF, we invest in your best practice through Online Test Engine. They are designed to reflect the actual exam format covering each topic of your exam. Also, with our interactive interface focusing on the exam preparation is easier than ever. With an easy-to-understand, interactive and effective study material assisting you there is nothing that could go wrong. We are 100% sure that our DOP-C02 Questions Answers Practice Exam is the best choice you can make to pass the exam with top score.

How Dumps4download Creates Better Opportunities for You!

Dumps4download knows how hard it is for you to beat this tough Amazon Exam terms and concepts. That is why to ease your preparation we offer the best possible training tactics we know best. Online Test Engine provides you an exam-like environment and PDF helps you take your study guide wherever you are. Best of all, you can download DOP-C02 Dumps PDF easily or better print it. For the purpose of getting concepts across as easily as possible, we have used simple language. Adding explanations at the end of the DOP-C02 Questions and Answers Practice Test we ensure nothing slips your grasp.

The exam stimulation is 100 times better than any other test material you would encounter. Besides, if you are troubled with anything concerning AWS Certified DevOps Engineer - Professional Exam or the DOP-C02 Dumps PDF, our 24/7 active team is quick to respond. So, leave us a message and your problem will be solved in a few minutes.

Get an Absolutely Free Demo Today!

Dumps4download offers an absolutely free demo version to test the product with sample features before actually buying it. This shows our concern for your best experience. Once you are thoroughly satisfied with the demo you can get the AWS Certified DevOps Engineer - Professional Practice Test Questions instantly.

24/7 Online Support – Anytime, Anywhere

Have a question? You can contact us anytime, anywhere. Our 24/7 Online Support makes sure you have absolutely no problem accessing or using AWS Certified DevOps Engineer - Professional Practice Exam Dumps. What’s more, Dumps4download is mobile compatible so you can access the site without having to log in to your Laptop or PC.

Features to use Dumps4download DOP-C02 Dumps:

• Thousands of satisfied customers.
• Good grades are 100% guaranteed.
• 100% verified by Experts panel.
• Up to date exam data.
• Dumps4download data is 100% trustworthy.
• Passing ratio more than 99%
• 100% money back guarantee.

Amazon DOP-C02 Frequently Asked Questions

Amazon DOP-C02 Sample Questions

Question # 1

A company has microservices running in AWS Lambda that read data from AmazonDynamoDB. The Lambda code is manually deployed by developers after successful testingThe company now needs the tests and deployments be automated and run in the cloudAdditionally, traffic to the new versions of each microservice should be incrementallyshifted over time after deployment.What solution meets all the requirements, ensuring the MOST developer velocity?

A. Create an AWS CodePipelme configuration and set up a post-commit hook to trigger thepipeline after tests have passed Use AWS CodeDeploy and create a Canary deploymentconfiguration that specifies the percentage of traffic and interval
B. Create an AWS CodeBuild configuration that triggers when the test code is pushed UseAWS CloudFormation to trigger an AWS CodePipelme configuration that deploys the newLambda versions and specifies the traffic shift percentage and interval
C. Create an AWS CodePipelme configuration and set up the source code step to triggerwhen code is pushed. Set up the build step to use AWS CodeBuild to run the tests Set upan AWS CodeDeploy configuration to deploy, then select theCodeDeployDefault.LambdaLinearlDPercentEvery3Minut.es Option.
D. Use the AWS CLI to set up a post-commit hook that uploads the code to an Amazon S3bucket after tests have passed. Set up an S3 event trigger that runs a Lambda function thatdeploys the new version. Use an interval in the Lambda function to deploy the code overtime at the required percentage

Show Answer

---

Question # 2

A company has a fleet of Amazon EC2 instances that run Linux in a single AWS account.The company is using an AWS Systems Manager Automation task across the EC2 instances.During the most recent patch cycle, several EC2 instances went into an error statebecause of insufficient available disk space. A DevOps engineer needs to ensure that the EC2 instances have sufficient available disk space during the patching process in the future.Which combination of steps will meet these requirements? {Select TWO.)

A. Ensure that the Amazon CloudWatch agent is installed on all EC2 instances
B. Create a cron job that is installed on each EC2 instance to periodically delete temporary files.
C. Create an Amazon CloudWatch log group for the EC2 instances. Configure a cron jobthat is installed on each EC2 instance to write the available disk space to a CloudWatch logstream for the relevant EC2 instance.
D. Create an Amazon CloudWatch alarm to monitor available disk space on all EC2instances Add the alarm as a safety control to the Systems Manager Automation task.
E. Create an AWS Lambda function to periodically check for sufficient available disk spaceon all EC2 instances by evaluating each EC2 instance's respective Amazon CloudWatchlog stream.

Show Answer

---

Question # 3

A company uses Amazon EC2 as its primary compute platform. A DevOps team wants toaudit the company's EC2 instances to check whether any prohibited applications havebeen installed on the EC2 instances.Which solution will meet these requirements with the MOST operational efficiency?

A. Configure AWS Systems Manager on each instance Use AWS Systems ManagerInventory Use Systems Manager resource data sync to synchronize and store findings inan Amazon S3 bucket Create an AWS Lambda function that runs when new objects areadded to the S3 bucket. Configure the Lambda function to identify prohibited applications.
B. Configure AWS Systems Manager on each instance Use Systems Manager InventoryCreate AWS Config rules that monitor changes from Systems Manager Inventory to identifyprohibited applications.
C. Configure AWS Systems Manager on each instance. Use Systems Manager Inventory.Filter a trail in AWS CloudTrail for Systems Manager Inventory events to identify prohibitedapplications.
D. Designate Amazon CloudWatch Logs as the log destination for all application instancesRun an automated script across all instances to create an inventory of installed applicationsConfigure the script to forward the results to CloudWatch Logs Create a CloudWatch alarmthat uses filter patterns to search log data to identify prohibited applications.

Show Answer

---

Question # 4

A company uses an Amazon API Gateway regional REST API to host its application API.The REST API has a custom domain. The REST API's default endpoint is deactivated.The company's internal teams consume the API. The company wants to use mutual TLSbetween the API and the internal teams as an additional layer of authentication.Which combination of steps will meet these requirements? (Select TWO.)

A. Use AWS Certificate Manager (ACM) to create a private certificate authority (CA).Provision a client certificate that is signed by the private CA.
B. Provision a client certificate that is signed by a public certificate authority (CA). Importthe certificate into AWS Certificate Manager (ACM).
C. Upload the provisioned client certificate to an Amazon S3 bucket. Configure the APIGateway mutual TLS to use the client certificate that is stored in the S3 bucket as the truststore.
D. Upload the provisioned client certificate private key to an Amazon S3 bucket. Configurethe API Gateway mutual TLS to use the private key that is stored in the S3 bucket as thetrust store.
E. Upload the root private certificate authority (CA) certificate to an Amazon S3 bucket.Configure the API Gateway mutual TLS to use the private CA certificate that is stored in theS3 bucket as the trust store.

Show Answer

---

Question # 5

A company has an application that runs on Amazon EC2 instances behind an ApplicationLoad Balancer (ALB) The EC2 Instances are in multiple Availability Zones The applicationwas misconfigured in a single Availability Zone, which caused a partial outage of theapplication.A DevOps engineer made changes to ensure that the unhealthy EC2 instances in oneAvailability Zone do not affect the healthy EC2 instances in the other Availability Zones.The DevOps engineer needs to test the application's failover and shift where the ALBsends traffic During failover. the ALB must avoid sending traffic to the Availability Zonewhere the failure has occurred. Which solution will meet these requirements?

A. Turn off cross-zone load balancing on the ALB Use Amazon Route 53 ApplicationRecovery Controller to start a zonal shift away from the Availability Zone
B. Turn off cross-zone load balancing on the ALB's target group Use Amazon Route 53Application Recovery Controller to start a zonal shift away from the Availability Zone
C. Create an Amazon Route 53 Application Recovery Controller resource set that uses theDNS hostname of the ALB Start a zonal shift for the resource set away from the AvailabilityZone
D. Create an Amazon Route 53 Application Recovery Controller resource set that uses theARN of the ALB's target group Create a readiness check that uses theElbV2TargetGroupsCanServeTraffic rule

Show Answer

---

Question # 6

A DevOps engineer needs to implement integration tests into an existing AWSCodePipelme CI/CD workflow for an Amazon Elastic Container Service (Amazon ECS)service. The CI/CD workflow retrieves new application code from an AWS CodeCommitrepository and builds a container image. The CI/CD workflow then uploads the containerimage to Amazon Elastic Container Registry (Amazon ECR) with a new image tag version.The integration tests must ensure that new versions of the service endpoint are reachableand that vanous API methods return successful response data The DevOps engineer hasalready created an ECS cluster to test the serviceWhich combination of steps will meet these requirements with the LEAST managementoverhead? (Select THREE.

A. Add a deploy stage to the pipeline Configure Amazon ECS as the action provider
B. Add a deploy stage to the pipeline Configure AWS CodeDeploy as the action provider
C. Add an appspec.yml file to the CodeCommit repository
D. Update the image build pipeline stage to output an imagedefinitions json file thatreferences the new image tag.
E. Create an AWS Lambda function that runs connectivity checks and API calls against theservice. Integrate the Lambda function with CodePipeline by using aLambda action stage
F. Write a script that runs integration tests against the service. Upload the script to anAmazon S3 bucket. Integrate the script in the S3 bucket with CodePipeline by using an S3action stage.

Show Answer

---

Question # 7

A company uses Amazon RDS for all databases in Its AWS accounts The company usesAWS Control Tower to build a landing zone that has an audit and logging account Alldatabases must be encrypted at rest for compliance reasons. The company's securityengineer needs to receive notification about any noncompliant databases that are in thecompany's accountsWhich solution will meet these requirements with the MOST operational efficiency?

A. Use AWS Control Tower to activate the optional detective control (guardrail) todetermine whether the RDS storage is encrypted Create an Amazon Simple NotificationService (Amazon SNS) topic in the company's audit account. Create an AmazonEventBridge rule to filter noncompliant events from the AWS Control Tower control(guardrail) to notify the SNS topic. Subscribe the security engineer's email address to theSNS topic
B. Use AWS Cloud Formation StackSets to deploy AWS Lambda functions to everyaccount. Write the Lambda function code to determine whether the RDS storage isencrypted in the account the function is deployed to Send the findings as an AmazonCloudWatch metric to the management account Create an Amazon Simple NotificationService (Amazon SNS) topic. Create a CloudWatch alarm that notifies the SNS topic whenmetric thresholds are met. Subscribe the security engineer's email address to the SNStopic.
C. Create a custom AWS Config rule in every account to determine whether the RDSstorage is encrypted Create an Amazon Simple Notification Service (Amazon SNS) topic inthe audit account Create an Amazon EventBridge rule to filter noncompliant events fromthe AWS Control Tower control (guardrail) to notify the SNS topic. Subscribe the securityengineer's email address to the SNS topic
D. Launch an Amazon EC2 instance. Run an hourly cron job by using the AWS CLI todetermine whether the RDS storage is encrypted in each AWS account Store the results inan RDS database. Notify the security engineer by sending email messages from the EC2instance when noncompliance is detected

Show Answer

---

Question # 8

A company is migrating from its on-premises data center to AWS. The company currentlyuses a custom on-premises CI/CD pipeline solution to build and package software.The company wants its software packages and dependent public repositories to beavailable in AWS CodeArtifact to facilitate the creation of application-specific pipelines.Which combination of steps should the company take to update the CI/CD pipeline solutionand to configure CodeArtifact with the LEAST operational overhead? (Select TWO.)

A. Update the CI/CD pipeline to create a VM image that contains newly packaged softwareUse AWS Import/Export to make the VM image available as anAmazon EC2 AMI. Launch the AMI with an attached 1AM instance profile that allowsCodeArtifact actions. Use AWS CLI commands to publish the packages to a CodeArtifactrepository.
B. Create an AWS Identity and Access Management Roles Anywhere trust anchor Createan 1AM role that allows CodeArtifact actions and that has a trust relationship on the trustanchor. Update the on-premises CI/CD pipeline to assume the new 1AM role and topublish the packages to CodeArtifact.
C. Create a new Amazon S3 bucket. Generate a presigned URL that allows the PutObjectrequest. Update the on-premises CI/CD pipeline to use thepresigned URL to publish the packages from the on-premises location to the S3 bucket.Create an AWS Lambda function that runs when packages are created in the bucketthrough a put command Configure the Lambda function to publish the packages toCodeArtifact
D. For each public repository, create a CodeArtifact repository that is configured with anexternal connection Configure the dependent repositories as upstream public repositories.
E. Create a CodeArtifact repository that is configured with a set of external connections tothe public repositories. Configure the external connections to be downstream of therepository

Show Answer

---

Question # 9

A company is running a custom-built application that processes records. All thecomponents run on Amazon EC2 instances that run in an Auto Scaling group. Eachrecord's processing is a multistep sequential action that is compute-intensive. Each step isalways completed in 5 minutes or less.A limitation of the current system is that if any steps fail, the application has to reprocessthe record from the beginning The company wants to update the architecture so that theapplication must reprocess only the failed steps.What is the MOST operationally efficient solution that meets these requirements?

A. Create a web application to write records to Amazon S3 Use S3 Event Notifications topublish to an Amazon Simple Notification Service (Amazon SNS) topic Use an EC2instance to poll Amazon SNS and start processing Save intermediate results to Amazon S3to pass on to the next step
B. Perform the processing steps by using logic in the application. Convert the applicationcode to run in a container. Use AWS Fargate to manage the container Instances. Configurethe container to invoke itself to pass the state from one step to the next.
C. Create a web application to pass records to an Amazon Kinesis data stream. Decouplethe processing by using the Kinesis data stream and AWS Lambda functions.
D. Create a web application to pass records to AWS Step Functions. Decouple theprocessing into Step Functions tasks and AWS Lambda functions.

Show Answer

---

Question # 10

A company is developing an application that will generate log events. The log eventsconsist of five distinct metrics every one tenth of a second and produce a large amount of data The company needs to configure the application to write the logs to Amazon Timestream The company will configure a daily query against the Timestream table.Which combination of steps will meet these requirements with the FASTEST queryperformance? (Select THREE.)

A. Use batch writes to write multiple log events in a Single write operation
B. Write each log event as a single write operation
C. Treat each log as a single-measure record
D. Treat each log as a multi-measure record
E. Configure the memory store retention period to be longer than the magnetic storeretention period
F. Configure the memory store retention period to be shorter than the magnetic storeretention period

Show Answer

---

Question # 11

A company has an application that stores data that includes personally IdentifiableInformation (Pll) In an Amazon S3 bucket All data Is encrypted with AWS Key ManagementService (AWS KMS) customer managed keys. All AWS resources are deployed from anAWS Cloud Formation template.A DevOps engineer needs to set up a development environment for the application in adifferent AWS account The data in the development environment's S3 bucket needs to beupdated once a week from the production environment's S3 bucket.The company must not move Pll from the production environment without anonymizmg thePll first The data in each environment must be encrypted with different KMS customermanaged keys.Which combination of steps should the DevOps engineer take to meet these requirements?(Select TWO )

A. Activate Amazon Macie on the S3 bucket In the production account Create an AWSStep Functions state machine to initiate a discovery job and redact all Pll before copyingfiles to the S3 bucket in the development account. Give the state machine tasks decryptpermissions on the KMS key in the production account. Give the state machine tasks encrypt permissions on the KMS key in the development account
B. Set up S3 replication between the production S3 bucket and the development S3 bucketActivate Amazon Macie on the development S3 bucket Create an AWS Step Functionsstate machine to initiate a discovery job and redact all Pll as the files are copied to thedevelopment S3 bucket. Give the state machine tasks encrypt and decrypt permissions onthe KMS key in the development account.
C. Set up an S3 Batch Operations job to copy files from the production S3 bucket to thedevelopment S3 bucket. In the development account, configure anAWS Lambda function to redact all Pll. Configure S3 Object Lambda to use the Lambdafunction for S3 GET requests Give the Lambda function's 1AM role encrypt and decryptpermissions on the KMS key in the development account.
D. Create a development environment from the CloudFormatlon template in thedevelopment account. Schedule an Amazon EventBridge rule to start the AWS StepFunctions state machine once a week
E. Create a development environment from the CloudFormation template in thedevelopment account. Schedule a cron job on an Amazon EC2 instance to run once aweek to start the S3 Batch Operations job.

Show Answer

---

Question # 12

A company uses AWS Organizations to manage its AWS accounts. The organization roothas a child OU that is named Department. The Department OU has a child OU that isnamed Engineering. The default FullAWSAccess policy is attached to the root, theDepartment OU. and the Engineering OU.The company has many AWS accounts in the Engineering OU. Each account has anadministrative 1AM role with the AdmmistratorAccess 1AM policy attached. The defaultFullAWSAccessPolicy is also attached to each account.A DevOps engineer plans to remove the FullAWSAccess policy from the Department OUThe DevOps engineer will replace the policy with a policy that contains an Allow statementfor all Amazon EC2 API operations.What will happen to the permissions of the administrative 1AM roles as a result of thischange'?

A. All API actions on all resources will be allowed
B. All API actions on EC2 resources will be allowed. All other API actions will be denied.
C. All API actions on all resources will be denied
D. All API actions on EC2 resources will be denied. All other API actions will be allowed.

Show Answer

---

Question # 13

A company uses containers for its applications The company learns that some containerImages are missing required security configurationsA DevOps engineer needs to implement a solution to create a standard base image The solution must publish the base image weekly to the us-west-2 Region, us-east-2 Region,and eu-central-1 Region.Which solution will meet these requirements?

A. Create an EC2 Image Builder pipeline that uses a container recipe to build the image.Configure the pipeline to distribute the image to an Amazon Elastic Container Registry(Amazon ECR) repository in us-west-2. Configure ECR replication from us-west-2 to useast-2 and from us-east-2 to eu-central-1 Configure the pipeline to run weekly
B. Create an AWS CodePipeline pipeline that uses an AWS CodeBuild project to build theimage Use AWS CodeOeploy to publish the image to an Amazon Elastic ContainerRegistry (Amazon ECR) repository in us-west-2 Configure ECR replication from us-west-2to us-east-2 and from us-east-2 to eu-central-1 Configure the pipeline to run weekly
C. Create an EC2 Image Builder pipeline that uses a container recipe to build the ImageConfigure the pipeline to distribute the image to Amazon Elastic Container Registry(Amazon ECR) repositories in all three Regions. Configure the pipeline to run weekly.
D. Create an AWS CodePipeline pipeline that uses an AWS CodeBuild project to build theimage Use AWS CodeDeploy to publish the image to Amazon Elastic Container Registry(Amazon ECR) repositories in all three Regions. Configure the pipeline to run weekly.

Show Answer

---

Question # 14

A company's DevOps team manages a set of AWS accounts that are in an organization inAWS OrganizationsThe company needs a solution that ensures that all Amazon EC2 instances use approvedAMIs that the DevOps team manages. The solution also must remediate the usage of AMIsthat are not approved The individual account administrators must not be able to remove therestriction to use approved AMIs.Which solution will meet these requirements?

A. Use AWS CloudFormation StackSets to deploy an Amazon EventBridge rule to eachaccount. Configure the rule to react to AWS CloudTrail events for Amazon EC2 and tosend a notification to an Amazon Simple Notification Service (Amazon SNS) topic.Subscribe the DevOps team to the SNS topic
B. Use AWS CloudFormation StackSets to deploy the approved-amis-by-id AWS Configmanaged rule to each account. Configure the rule with the list of approved AMIs. Configurethe rule to run the the AWS-StopEC2lnstance AWS Systems Manager Automation runbookfor the noncompliant EC2 instances.
C. Create an AWS Lambda function that processes AWS CloudTrail events for AmazonEC2 Configure the Lambda function to send a notification to an Amazon Simple NotificationService (Amazon SNS) topic. Subscribe the DevOps team to the SNS topic. Deploy theLambda function in each account in the organization Create an Amazon EventBridge rulein each account Configure the EventBridge rules to react to AWS CloudTrail events forAmazon EC2 and to invoke the Lambda function.
D. Enable AWS Config across the organization Create a conformance pack that uses theapproved -amis-by-id AWS Config managed rule with the list of approved AMIs. Deploy theconformance pack across the organization. Configure the rule to run the AWSStopEC2lnstanceAWS Systems Manager Automation runbook for the noncompliant EC2instances.

Show Answer

---

Question # 15

A company has set up AWS CodeArtifact repositories with public upstream repositoriesThe company's development team consumes open source dependencies from therepositories in the company's internal network.The company's security team recently discovered a critical vulnerability in the most recentversion of a package that the development team consumes. The security team hasproduced a patched version to fix the vulnerability. The company needs to prevent thevulnerable version from being downloaded. The company also needs to allow the securityteam to publish the patched version.Which combination of steps will meet these requirements? {Select TWO.)

A. Update the status of the affected CodeArtifact package version to unlisted
B. Update the status of the affected CodeArtifact package version to deleted
C. Update the status of the affected CodeArtifact package version to archived.
D. Update the CodeArtifact package origin control settings to allow direct publishing and toblock upstream operations
E. Update the CodeArtifact package origin control settings to block direct publishing and toallow upstream operations.

Show Answer

---

Question # 16

AnyCompany is using AWS Organizations to create and manage multiple AWS accountsAnyCompany recently acquired a smaller company, Example Corp. During the acquisitionprocess, Example Corp's single AWS account joined AnyCompany's management accountthrough an Organizations invitation. AnyCompany moved the new member account underan OU that is dedicated to Example Corp.AnyCompany's DevOps eng•neer has an IAM user that assumes a role that is namedOrganizationAccountAccessRole to access member accounts. This role is configured witha full access policy When the DevOps engineer tries to use the AWS Management Consoleto assume the role in Example Corp's new member account, the DevOps engineerreceives the following error message "Invalid information in one or more fields. Check yourinformation or contact your administrator." Which solution will give the DevOps engineer access to the new member account?

A. In the management account, grant the DevOps engineer's IAM user permission toassume the OrganzatlonAccountAccessR01e IAM role in the new member account.
B. In the management account, create a new SCR In the SCP, grant the DevOpsengineer's IAM user full access to all resources in the new member account. Attach theSCP to the OU that contains the new member account,
C. In the new member account, create a new IAM role that is namedOrganizationAccountAccessRole. Attach the AdmInistratorAccess AVVS managed policy tothe role. In the role's trust policy, grant the management account permission to assume therole.
D. In the new member account edit the trust policy for the Organ zationAccountAccessRoleIAM role. Grant the management account permission to assume the role.

Show Answer

---

Question # 17

A DevOps engineer is implementing governance controls for a company that requires its infrastructure to be housed within the United States. The engineer must restrict which AWSRegions can be used, and ensure an alert is sent as soon as possible if any activity outsidethe governance policy takes place. The controls should be automatically enabled on anynew Region outside the United States (US).Which combination of actions will meet these requirements? (Select TWO.)

A. Create an AWS Organizations SCP that denies access to all non-global services in non-US Regions. Attach the policy to the root of the organization.
B. Configure AWS CloudTrail to send logs to Amazon CloudWatch Logs and enable it forall Regions. Use a CloudWatch Logs metric filter to send an alert on any service activity innon-US Regions.
C. Use an AWS Lambda function that checks for AWS service activity and deploy it to allRegions. Write an Amazon EventBridge rule that runs the Lambda function every hour,sending an alert if activity is found in a non-US Region.
D. Use an AWS Lambda function to query Amazon Inspector to look for service activity innon-US Regions and send alerts if any activity is found.
E. Write an SCP using the aws: RequestedRegion condition key limiting access to USRegions. Apply the policy to all users, groups, and roles

Show Answer

---

Question # 18

A DevOps engineer is implementing governance controls for a company that requires its infrastructure to be housed within the United States. The engineer must restrict which AWSRegions can be used, and ensure an alert is sent as soon as possible if any activity outsidethe governance policy takes place. The controls should be automatically enabled on anynew Region outside the United States (US).Which combination of actions will meet these requirements? (Select TWO.)

A. Create an AWS Organizations SCP that denies access to all non-global services in non-US Regions. Attach the policy to the root of the organization.
B. Configure AWS CloudTrail to send logs to Amazon CloudWatch Logs and enable it forall Regions. Use a CloudWatch Logs metric filter to send an alert on any service activity innon-US Regions.
C. Use an AWS Lambda function that checks for AWS service activity and deploy it to allRegions. Write an Amazon EventBridge rule that runs the Lambda function every hour,sending an alert if activity is found in a non-US Region.
D. Use an AWS Lambda function to query Amazon Inspector to look for service activity innon-US Regions and send alerts if any activity is found.
E. Write an SCP using the aws: RequestedRegion condition key limiting access to USRegions. Apply the policy to all users, groups, and roles

Show Answer

---

Question # 19

A software team is using AWS CodePipeline to automate its Java application releasepipeline The pipeline consists of a source stage, then a build stage, and then a deploystage. Each stage contains a single action that has a runOrder value of 1.The team wants to integrate unit tests into the existing release pipeline. The team needs asolution that deploys only the code changes that pass all unit tests.Which solution will meet these requirements?

A. Modify the build stage. Add a test action that has a runOrder value of 1. Use AWSCodeDeploy as the action provider to run unit tests.
B. Modify the build stage Add a test action that has a runOrder value of 2 Use AWSCodeBuild as the action provider to run unit tests
C. Modify the deploy stage Add a test action that has a runOrder value of 1 Use AWSCodeDeploy as the action provider to run unit tests
D. Modify the deploy stage Add a test action that has a runOrder value of 2 Use AWSCodeBuild as the action provider to run unit tests

Show Answer

---

Question # 20

A company has a new AWS account that teams will use to deploy various applications. Theteams will create many Amazon S3 buckets for application- specific purposes and to storeAWS CloudTrail logs. The company has enabled Amazon Macie for the account.A DevOps engineer needs to optimize the Macie costs for the account withoutcompromising the account's functionality.Which solutions will meet these requirements? (Select TWO.)

A. Exclude S3 buckets that contain CloudTrail logs from automated discovery.
B. Exclude S3 buckets that have public read access from automated discovery.
C. Configure scheduled daily discovery jobs for all S3 buckets in the account.
D. Configure discovery jobs to include S3 objects based on the last modified criterion.
E. Configure discovery jobs to include S3 objects that are tagged as production only.

Show Answer

---

Question # 21

A company has a new AWS account that teams will use to deploy various applications. Theteams will create many Amazon S3 buckets for application- specific purposes and to storeAWS CloudTrail logs. The company has enabled Amazon Macie for the account.A DevOps engineer needs to optimize the Macie costs for the account withoutcompromising the account's functionality.Which solutions will meet these requirements? (Select TWO.)

A. Exclude S3 buckets that contain CloudTrail logs from automated discovery.
B. Exclude S3 buckets that have public read access from automated discovery.
C. Configure scheduled daily discovery jobs for all S3 buckets in the account.
D. Configure discovery jobs to include S3 objects based on the last modified criterion.
E. Configure discovery jobs to include S3 objects that are tagged as production only.

Show Answer

---

Question # 22

A company hired a penetration tester to simulate an internal security breach The testerperformed port scans on the company's Amazon EC2 instances. The company's securitymeasures did not detect the port scans.The company needs a solution that automatically provides notification when port scans areperformed on EC2 instances. The company creates and subscribes to an Amazon SimpleNotification Service (Amazon SNS) topic.What should the company do next to meet the requirement?

A. Ensure that Amazon GuardDuty is enabled Create an Amazon CloudWatch alarm fordetected EC2 and port scan findings. Connect the alarm to the SNS topic.
B. Ensure that Amazon Inspector is enabled Create an Amazon EventBridge event fordetected network reachability findings that indicate port scans Connect the event to theSNS topic.
C. Ensure that Amazon Inspector is enabled. Create an Amazon EventBridge event fordetected CVEs that cause open port vulnerabilities. Connect the event to the SNS topic
D. Ensure that AWS CloudTrail is enabled Create an AWS Lambda function to analyze theCloudTrail logs for unusual amounts of traffic from an IP address range Connect theLambda function to the SNS topic.

Show Answer

---

Question # 23

A company is developing a web application's infrastructure using AWS CloudFormationThe database engineering team maintains the database resources in a Cloud Formationtemplate, and the software development team maintains the web application resources in aseparate CloudFormation template. As the scope of the application grows, the softwaredevelopment team needs to use resources maintained by the database engineering teamHowever, both teams have their own review and lifecycle management processes that theywant to keep. Both teams also require resource-level change-set reviews. The softwaredevelopment team would like to deploy changes to this template using their Cl/CD pipeline.Which solution will meet these requirements?

A. Create a stack export from the database CloudFormation template and import thosereferences into the web application CloudFormation template
B. Create a CloudFormation nested stack to make cross-stack resource references andparameters available in both stacks.
C. Create a CloudFormation stack set to make cross-stack resource references andparameters available in both stacks.
D. Create input parameters in the web application CloudFormation template and passresource names and IDs from the database stack.

Show Answer

---

Question # 24

A company wants to use AWS Systems Manager documents to bootstrap physical laptopsfor developers The bootstrap code Is stored in GitHub A DevOps engineer has alreadycreated a Systems Manager activation, installed the Systems Manager agent with theregistration code, and installed an activation ID on all the laptops.Which set of steps should be taken next?

A. Configure the Systems Manager document to use the AWS-RunShellScnpt command tocopy the files from GitHub to Amazon S3, then use the aws-downloadContent plugin with asourceType of S3
B. Configure the Systems Manager document to use the aws-configurePackage plugin withan install action and point to the Git repository
C. Configure the Systems Manager document to use the aws-downloadContent plugin witha sourceType of GitHub and sourcelnfo with the repository details.
D. Configure the Systems Manager document to use the aws:softwarelnventory plugin andrun the script from the Git repository

Show Answer

---

Question # 25

A company has a mission-critical application on AWS that uses automatic scaling Thecompany wants the deployment lilecycle to meet the following parameters.• The application must be deployed one instance at a time to ensure the remaining fleetcontinues to serve traffic• The application is CPU intensive and must be closely monitored• The deployment must automatically roll back if the CPU utilization of the deploymentinstance exceeds 85%. Which solution will meet these requirements?

A. Use AWS CloudFormalion to create an AWS Step Functions state machine and AutoScaling hfecycle hooks to move to one instance at a time into a wait state Use AWSSystems Manager automation to deploy the update to each instance and move it back intothe Auto Scaling group using the heartbeat timeout
B. Use AWS CodeDeploy with Amazon EC2 Auto Scaling. Configure an alarm tied to theCPU utilization metric. Use the CodeDeployDefault OneAtAtime configuration as adeployment strategy Configure automatic rollbacks within the deployment group to roll backthe deployment if the alarm thresholds are breached
C. Use AWS Elastic Beanstalk for load balancing and AWS Auto Scaling Configure analarm tied to the CPU utilization metric Configure rolling deployments with a fixed batchsize of one instance Enable enhanced health to monitor the status of the deployment androll back based on the alarm previously created.
D. Use AWS Systems Manager to perform a blue/green deployment with Amazon EC2Auto Scaling Configure an alarm tied to the CPU utilization metric Deploy updates one at atime Configure automatic rollbacks within the Auto Scaling group to roll back thedeployment if the alarm thresholds are breached

Show Answer

---

Question # 26

A company has 20 service learns Each service team is responsible for its ownmicroservice. Each service team uses a separate AWS account for its microservice and aVPC with the 192 168 0 0/22 CIDR block. The company manages the AWS accounts withAWS Organizations.Each service team hosts its microservice on multiple Amazon EC2 instances behind anApplication Load Balancer. The microservices communicate with each other across thepublic internet. The company's security team has issued a new guideline that allcommunication between microservices must use HTTPS over private network connectionsand cannot traverse the public internet.A DevOps engineer must implement a solution that fulfills these obligations and minimizesthe number of changes for each service team.Which solution will meet these requirements?

A. Create a new AWS account in AWS Organizations Create a VPC in this account anduse AWS Resource Access Manager to share the private subnets of this VPC with theorganization Instruct the service teams to launch a new. Network Load Balancer (NLB) and EC2 instances that use the shared private subnets Use the NLB DNS names forcommunication between microservices.
B. Create a Network Load Balancer (NLB) in each of the microservice VPCs Use AWSPrivateLink to create VPC endpoints in each AWS account for the NLBs Createsubscriptions to each VPC endpoint in each of the other AWS accounts Use the VPCendpoint DNS names for communication between microservices.
C. Create a Network Load Balancer (NLB) in each of the microservice VPCs Create VPCpeering connections between each of the microservice VPCs Update the route tables foreach VPC to use the peering links Use the NLB DNS names for communication betweenmicroservices.
D. Create a new AWS account in AWS Organizations Create a transit gateway in thisaccount and use AWS Resource Access Manager to share the transit gateway with theorganization. In each of the microservice VPCs. create a transit gateway attachment to theshared transit gateway Update the route tables of each VPC to use the transit gatewayCreate a Network Load Balancer (NLB) in each of the microservice VPCs Use the NLBDNS names for communication between microservices.

Show Answer

---

Question # 27

A security team is concerned that a developer can unintentionally attach an Elastic IPaddress to an Amazon EC2 instance in production. No developer should be allowed toattach an Elastic IP address to an instance. The security team must be notified if anyproduction server has an Elastic IP address at any timeHow can this task be automated'?

A. Use Amazon Athena to query AWS CloudTrail logs to check for any associate-addressattempts Create an AWS Lambda function to disassociate the Elastic IP address from theinstance, and alert the security team.
B. Attach an 1AM policy to the developers' 1AM group to deny associate-addresspermissions Create a custom AWS Config rule to check whether an Elastic IP address isassociated with any instance tagged as production, and alert the security team
C. Ensure that all 1AM groups associated with developers do not have associate-address permissions. Create a scheduled AWS Lambda function to check whether an Elastic IPaddress is associated with any instance tagged as production, and alert the secunty team ifan instance has an Elastic IP address associated with it
D. Create an AWS Config rule to check that all production instances have EC2 1AM rolesthat include deny associate-address permissions Verify whether there is an Elastic IPaddress associated with any instance, and alert the security team if an instance has anElastic IP address associated with it.

Show Answer

---

Question # 28

A company is using AWS CodePipeline to deploy an application. According to a newguideline, a member of the company's security team must sign off on any applicationchanges before the changes are deployed into production. The approval must be recordedand retained.Which combination of actions will meet these requirements? (Select TWO.)

A. Configure CodePipeline to write actions to Amazon CloudWatch Logs.
B. Configure CodePipeline to write actions to an Amazon S3 bucket at the end of eachpipeline stage.
C. Create an AWS CloudTrail trail to deliver logs to Amazon S3.
D. Create a CodePipeline custom action to invoke an AWS Lambda function for approval.Create a policy that gives the security team access to manage CodePipeline customactions.
E. Create a CodePipeline manual approval action before the deployment step. Create apolicy that grants the security team access to approve manual approval stages.

Show Answer

---

Testimonials

Write a review

Name *

Email *

Review *

Submit