DOP-C01 Sample Questions Answers

Create an AWS Lambda function that is triggered by Amazon S3 data events for object changes and that also checks the IAM user's membership in an administrator's IAM role.

Create a periodic AWS Config rule to query Amazon S3 Logs for changes and to check the IAM user's membership in an administrator's IAM role.

Create a metrics filter for Amazon CloudWatch logs to check for Amazon S3 bucket-level permission changes and to check the IAM user's membership in an administrator's IAM role.

Create a periodic AWS Config rule to query AWS CloudTrail logs for changes to the Amazon S3 bucket-level permissions and to check the IAM user's membership in an administrator's IAM role.

Create an Amazon Aurora cluster in one Availability Zone across multiple Regions as the data store Use Aurora's automatic recovery capabilities in the event of a discluster.

Create an Amazon Aurora global database m two Regions as the data store In the event of a failure, promote the secondary Region as the master for the application

Create an Amazon Aurora multi-master cluster across multiple Regions as the data store Use an Network Load Balancer to balance the database traffic in different Regions.

Set up the application in two Regions and use Amazon Route 53 failover-based routing that points to the Application Load Balancers in both Regions Use health checks to determine the availability in a given Region. Use Auto Scaling groups in each Region to adjust capacity based on demand

Set up the application m two Regions and use a multi-Region Auto Scaling group behind Application Load Balancers to manage the capacity based on demand in the event of a disaster, adjust the Auto Scaling group's desired instance count to increase baseline capacity in the failover Region.

Update the EngineVersion property of the AWS::RDS::DBInstance resource type in the CloudFormation template to the latest desired version. Launch a second stack and make the new RDS instance a read replica.

Update the DBEngineVersion property of the AWS:: RDS::DBInstance resource type in the CloudFormation template to the latest desired version. Perform an Update Stack operation. Create a new RDS Read Replicas resource with the same properties as the instance to be upgraded. Perform a second Update Stack operation.

Update the DBEngineVersion property of the AWS::RDS::DBInstance resource type in the CloudFormation template to the latest desired version. Create a new RDS Read Replicas resource with the same properties as the instance to be upgraded. Perform an Update Stack operation.

Update the EngineVersion property of the AWS::RDS::DBInstance resource type in the CloudFormation template to the latest version, and perform an operation. Update Stack

Add the physical machines into AWS Systems Manager using Systems Manager Hybrid Activations.

Attach an IAM role to the EC2 instances, allowing them to be managed by AWS Systems Manager.

Create IAM access keys for the on-premises machines to interact with AWS Systems Manager.

Execute an AWS Systems Manager Automation document to patch the systems every hour.

Use Amazon CloudWatch Events scheduled events to schedule a patch window.

Use AWS Systems Manager Maintenance Windows to schedule a patch window.

Create a stack export from the database CloudFormation template and import those references into the web application CloudFormation template

Create a CloudFormation nested stack to make cross-stack resource references and parameters available in both stacks.

Create a CloudFormation stack set to make cross-stack resource references and parameters available in both stacks

Create input parameters in the web application CloudFormation template and pass resource names and IDs from the database stack.

Create a scheduled Amazon CloudWatch Events rule to execute an AWS Systems Manager automation document that checks if any EC2 instances are scheduled for retirement once a week. If the instance is scheduled for retirement, the automation document will hibernate the instance.

Enable EC2 Auto Recovery on all of the instances. Create an AWS Config rule to limit the recovery to occur during a maintenance window only.

Reboot all EC2 instances during an approved maintenance window that is oil^ide of standard business hours. Set up Amazon CloudWatch alarms to send a notification in case any instance is failing EC2 instance status checks.

Set up an AWS Health Amazon CloudWatch Events rule to execute AWS Systems Manager automation documents that stop and start the EC2 instance when a retirement scheduled event occurs.

Update the CloudFormation template to include the UpdatePolicy attribute with the AutoScalingRollingUpdate policy.

Update the CloudFormation template to include the UpdatePolicy attribute with the AutoScalingReplacingUpdate policy.

Use an Auto Scaling lifecycle hook to verify that the previous instance is operational before allowing the DevOps engineer's selected instance to terminate.

Use an Auto Scaling lifecycle hook to confirm there are at least four running instances before allowing the DevOps engineer's selected instance to terminate.

Run the web application in AWS Elastic Beanstalk with the deployment policy set to All at Once. Deploy the Lambda functions, DynamoDB tables, and Amazon ES domain with an AWS CloudFormation template.

Deploy the web application, Lambda functions, DynamoDB tables, and Amazon ES domain in an AWS CloudFormation template. Deploy changes with an AWS CodeDeploy in-place deployment.

Run the web application in AWS Elastic Beanstalk with the deployment policy set to Immutable. Deploy the Lambda functions, DynamoDB tables, and Amazon ES domain with an AWS CloudFormation template.

Deploy the web application, Lambda functions, DynamoDB tables, and Amazon ES domain in an AWS CloudFormation template. Deploy changes with an AWS CodeDeploy blue/green deployment.

Run the web application in AWS Elastic Beanstalk with the deployment policy set to Rolling. Deploy the Lambda functions, DynamoDB tables, and Amazon ES domain with an AWS CloudFormation template.

Convert the RDS database to an Amazon Aurora Serverless database Use an AWS Lambda function to start and stop the EC2 instances before and after tests

Put the EC2 instances into an Auto Scaling group. Schedule scaling to run at the start of the deployment tests.

Replace the EC2 instances with EC2 Spot Instances and the RDS database with an RDS Reserved Instance.

Subscribe Amazon CloudWatch Events to CodePipeline to trigger AWS Systems Manager Automation documents that start and stop all EC2 and RDS instances before and after deployment tests.

Filter the data through AWS X-Ray to visualize the data.

Filter the data through Amazon QuickSight to visualize the data.

Query the data with Amazon Athena.

Query the data with Amazon Redshift.

Use AWS Glue as the persistent metadata store.

Use Amazon S3 as the persistent metadata store.

Introduce changes as a separate environment parallel to the existing one. Configure API Gateway to use a canary release deployment to send a small subset of user traffic to the new environment.

Introduce changes as a separate environment parallel to the existing one. Update the application's DNS alias records to point to the new environment.

Introduce changes as a separate target group behind the existing Application Load Balancer. Configure API Gateway to route user traffic to the new target group in steps.

Introduce changes as a separate target group behind the existing Application Load Balancer. Configure API Gateway to route all traffic to the Application Load Balancer, which then sends the traffic to the new target group.

Allow inbound access to TCP port 22 in all associated EC2 security groups from the VPC CIDR range.

Attach an IAM policy with the necessary Systems Manager permissions to the existing IAM instance profile.

Create a VPC endpoint for Systems Manager in the desired Region.

Deploy a new EC2 instance that will act as a bastion host to the rest of the EC2 instance fleet.

Remove any default routes in the associated route tables.

Create two Amazon Lightsail virtual private servers for Node.js; one for test and one for production. Build the Node.js application using existing process and upload it to the new Lightsail test server using the AWS CLI. Test the application, and if it passes all tests, upload it to the production server. During the trial, monitor the production server usage, and if needed, increase performance by upgrading the instance type.

Develop an AWS CloudFormation template to create an Application Load Balancer and two Amazon EC2 instances with Amazon EBS (SSD) volumes in an Auto Scaling group with rolling updates enabled. Use AWS CodeBuild to build and test the Node.js application and store it in an Amazon S3 bucket. Use user- data scripts to install the application and the MySQL database on each EC2 instance. Update the stack to deploy new application versions.

Configure AWS Elastic Beanstalk to automatically build the application using AWS CodeBuild and to deploy it to a test environment that is configured to support auto scaling. Create a second Elastic Beanstalk environment for production. Use Amazon RDS to store data. When new versions of the applications have passed all tests, use Elastic Beanstalk "˜swap cname' to promote the test environment to production.

Modify the application to use Amazon DynamoDB instead of a local MySQL database. Use AWS OpsWorks to create a stack for the application with a DynamoDB layer, an Application Load Balancer layer, and an Amazon EC2 instance layer. Use a Chef recipe to build the application and a Chef recipe to deploy the application to the EC2 instance layer. Use custom health checks to run unit tests on each instance with rollback on failure.

Reference the EC2 instances in the AWS::ECS::Cluster resource and reference the ECS cluster in the AWS::ECS::Service resource.

Reference the ECS cluster in the AWS::AutoScaling::LaunchConfiguration resource of the UserData property.

Reference the ECS cluster in the AWS::EC2::lnstance resource of the UserData property.

Reference the ECS cluster in the AWS::CloudFormation::CustomResource resource to trigger an AWS Lambda function that registers the EC2 instances with the appropriate ECS cluster.

Ensure the Lambda function code has exiled successfully.

Ensure the Lambda function code returns a response to the pre-signed URL.

Ensure the Lambda function IAM role has cloudformation:UpdateStack permissions for the stack ARN.

Ensure the Lambda function IAM role has ds:ConnectDirectory permissions for the AWS account.

Configure the Systems Manager document to use the AWS-RunShellScript command to copy the files from GitHub to Amazon S3, then use the aws-downloadContent plugin with a source Type of S3.

Configure the Systems Manager document to use the aws-configurePackage plugin with an install action and point to the Git repository.

Configure the Systems Manager document to use the aws-downloadContent plugin with a sourceType of GitHub and sourcelnfo with the repository details.

Configure the Systems Manager document to use the aws:softwarelnventory plugin and run the script from the Git repository.

Increase the instance grace period from 60 seconds to 180 seconds, and the consecutive health check requirement from 2 to 3.

Increase the instance grace period from 60 seconds to 120 seconds, and change the response code requirement from 200 to 204.

Modify the deployment script to create a /health-check.php file when the deployment begins, then modify the health check path to point to that file.

Modify the deployment script to create a /health-check.php file when all tasks are complete, then modify the health check path to point to that file.

Create a Network Load Balancer and. for each service, create a listener that points to the correct set of containers either in AWS or on-premises.

Create an Application Load Balancer and, for each service, create a listener that points to the correct set of containers either in AWS or on-premises.

Host the AWS containers in Amazon ECS with an EC2 launch type.

Host the AWS containers in Amazon ECS with a Fargate launch type

Use Amazon API Gateway to front the workload, and create a VPC link so API Gateway can forward API calls to the on-premises network through a VPN connection.

Use Amazon API Gateway to front the workload, and set up public endpoints for the on-premises APIs so API Gateway can access them.

Use Amazon Aurora as a drop-in replacement for RDS MySQL. Use snapshots to populate the table with the correct data.

Modify the launch configuration of the Auto Scaling group to pause user data execution for 600 seconds, allowing the table to be populated.

Use AWS Step Functions to monitor and maintain the state of data population. Mark the database in service before continuing with the deployment.

Use an EC2 Auto Scaling lifecycle hook to pause the configuration of the web tier until the table is populated.

Create primary and secondary Amazon S3 buckets in two separate Availability Zones that are at least 500 miles apart. Use a bucket policy to enforce access to the buckets only through HTTPS. Use a bucket policy to enforce Amazon S3 SSE-C on all objects uploaded to the bucket. Configure cross-region replication between the two buckets.

Create primary and secondary Amazon S3 buckets in two separate AWS Regions that are at least 500 miles apart. Use a bucket policy to enforce access to the buckets only through HTTPS. Use a bucket policy to enforce S3-Managed Keys (SSE-S3) on all objects uploaded to the bucket. Configure cross-region replication between the two buckets.

Create primary and secondary Amazon S3 buckets in two separate AWS Regions that are at least 500 miles apart. Use an IAM role to enforce access to the buckets only through HTTPS. Use a bucket policy to enforce Amazon S3-Managed Keys (SSE-S3) on all objects uploaded to the bucket. Configure cross- region replication between the two buckets.

Create primary and secondary Amazon S3 buckets in two separate Availability Zones that are at least 500 miles apart. Use a bucket policy to enforce access to the buckets only through HTTPS. Use a bucket policy to enforce AWS KMS encryption on all objects uploaded to the bucket. Configure cross-region replication between the two buckets. Create a KMS Customer Master Key (CMK) in the primary region for encrypting objects.

•A subdomain us example com with weighted routing the US ALB with weight 2 and the EU ALB with weight 1

•Another subdomain eu.example.com with weighted routing the EU ALB with weight 2 and the US ALU with weight 1

•Geolocation routing records for example.com North America aliased to us example.com and Europe aliased to eu.example.com

•A subdomain us example com with latency-based routing the US ALB as the first target and the EU ALB as the second target.

•Another subdomain eu.example.com with latency-based routing. The EU ALB as the first target and the US ALB as the second target.

•Failover routing records for example.com aliased to us.example.com as the first target and eu.example.com as the second target.

•A subdomain us.example.com with failover routing the US ALB as primary and the EU ALB as secondary

•Another subdomain eu.example.com with failover routing the EU ALB as primary and the US ALB as secondary

•Latency-based routing records for example com that are aliased to us example com and eu.example.com

•A subdomain us.example.com with multivalue answer routing. the US ALB as first and the EU ALB as second

•Another subdomain eu.example.com with failover routing the EU ALB as first and the US ALB as second

•Failover routing records for example.com that are aliased to us.example.com and eu.example.com

Add the NAT instance to an EC2 Auto Scaling group that spans multiple Availability Zones Update the route tables

Create additional EC2 instances spanning multiple Availability Zones Add an Application Load Balancer to split the load between them

Configure an Application Load Balancer in front of the EC2 instance Configure Amazon CloudWatch alarms to recover the EC2 instance upon host failure

Replace the NAT instance with a NAT gateway in each Availability Zone Update the route tables

Replace the NAT instance with a NAT gateway that spans multiple Availability Zones Update the route tables

Create an 1AM policy that allows the developers to provision the required resources Attach the policy to the developer 1AM role.

Create an 1AM policy that allows full access to AWS CIoudFormation Attach the policy to the developer 1AM role

Create an AWS CIoudFormation service role that has the required permissions Grant the developer 1AM role a cloudformation.'' action Use the new service role during stack deployments

Create an AWS CIoudFormation service role that has the required permissions Grant the developer IAM role the Iam PassRole permission Use the new service role during stack deployments

Set up an Amazon ECS environment. Use AWS CodePipeline to create a pipeline that is triggered on a commit to the GitHub repository. Use AWS CodeBuild to create the container images and AWS CodeDeploy to publish the container image to the ECS environment.

Use AWS CodePipeline that triggers on a commit from the GitHub repository, build the container images with AWS CodeBuild, and publish the container images to Amazon ECR. In the final stage, use AWS CloudFormation to create an Amazon ECS environment that gets the container images from the ECR repository.

Create a Kubernetes Cluster on Amazon EC2. Use AWS CodePipeline to create a pipeline that is triggered when the code is committed to the repository. Create the container images with a Jenkins server on EC2 and store them in the Docker Hub. Use AWS Lambda from the pipeline to trigger the deployment to the Kubernetes Cluster.

Set up an Amazon ECS environment. Use AWS CodePipeline to create a pipeline that is triggered on a commit to the GitHub repository. Use AWS CodeBuild to create the container and store it in the Docker Hub. Use an AWS Lambda function to trigger a deployment and pull the new container image from the Docker Hub.

Modify the CodeBuild projects within the pipeline to use a compute type with more available network throughput.

Create a custom CodeBuild execution environment that includes a symmetric multiprocessing configuration to run the builds in parallel.

Modify the CodePipeline configuration to execute actions for each Lambda function in parallel by specifying the same runOrder.

Modify each CodeBuild project to run within a VPC and use dedicated instances to increase throughput.

Activate the user-defined cost allocation tags in each AWS account.

Create and attach an SCP that requires a specific tag.

Define each line of business (LOB) in AWS Budgets. Assign the required tag to each resource.

Scan all accounts with Tag Editor. Assign the required tag to each resource.

Use the budget report to find untagged resources. Assign the required tag to each resource.

Enable smart sessions on the load balancer and modify the application to check for an existing session.

Enable session sharing on the load balancer and modify the application to read from the session store.

Store user session information in an Amazon S3 bucket and modify the application to read session information from the bucket.

Modify the application to store user session information in an Amazon ElastiCache cluser.

Use the Amazon CloudWatch agent to send logs from the EC2 instances to Amazon CloudWatch Logs. Configure AWS CloudTrail to deliver the API logs to Amazon S3. Use CloudWatch to query both sets of logs.

Use the Amazon CloudWatch agent to send logs from the EC2 instances to Amazon CloudWatch Logs. Configure AWS CloudTrail to deliver the API logs to CloudWatch Logs. Use CloudWatch Logs Insights to query both sets of logs.

Use the Amazon CloudWatch agent to send logs from the EC2 instances to Amazon Kinesis. Configure AWS CloudTrail to deliver the API logs to Kinesis. Use Kinesis to load the data into Amazon Redshift. Use Amazon Redshift to query both sets of logs.

Use the Amazon CloudWatch agent to send logs from the EC2 instances to Amazon S3. Use AWS CloudTrail to deliver the API logs to Amazon S3. Use Amazon Athena to query both sets of logs in Amazon S3.

Configure a failover routing policy for the application DNS entry.

Configure a geolocation routing policy for the application DNS entry.

Create a cross-Region RDS read replica in the new standby Region.

Migrate the database layer to Amazon DynamoDB and enable global replication to the new standby Region.

Provision the ALB and Auto Scaling group in the new standby Region and set the desired capacity to match the active Region.

Provision the ALB and Auto Scaling group in the new standby Region and set the desired capacity to 1.

Use AWS Glue integration to ingest the DynamoDB stream, then migrate the Lambda code to an AWS Fargate task.

Use Amazon Kinesis streams instead of DynamoDB streams, then use Kinesis analytics to trigger the Lambda functions.

Create a fourth Lambda function and configure it to be the only Lambda reading from the stream. Then use this Lambda function to pass the payload to the other three Lambda functions.

Have the Lambda functions query the table directly and disable DynamoDB streams. Then have the Lambda functions query from a global secondary index.

Use AWS CodePipeline to trigger a build process when software is pushed to a self-hosted GitHub repository. CodePipeline will use a Jenkins build server to build new Docker images. CodePipeline will deploy into a second target group in Amazon ECS behind an Application Load Balancer. Cutover will be managed by swapping the listener rules on the Application Load Balancer.

Use AWS CodePipeline to trigger a build process when software is pushed to a private GitHub repository. CodePipeline will use AWS CodeBuild to build new Docker images. CodePipeline will deploy into a second target group in Amazon ECS behind an Application Load Balancer. Cutover will be managed by swapping the listener rules on the Application Load Balancer.

Use a Jenkins pipeline to trigger a build process when software is pushed to a private GitHub repository. AWS CodePipeline will use AWS CodeBuild new Docker images. CodePipeline will deploy into a second target group in Amazon ECS behind an Application Load Balancer. Cutover will be managed by swapping the listener rules on the Application Load Balancer.

Use AWS CodePipeline to trigger a build process when software is pushed to an AWS CodeCommit repository CodePipeline will use an AWS CodeBuild build server to build new Docker images. CodePipeline will deploy into a second target group in a Kubernetes Cluster hosted on Amazon EC2 behind an Application Load Balancer. Cutover will be managed by swapping the listener rules on the Application Load Balancer.

Allow users to deploy Cloud Formation stacks using a CloudFormation service role only. Use CloudFormation drift detection to detect when resources have drifted from their expected state.

Allow users to deploy CloudFormation stacks using a CloudFormation service role only. Use AWS Config rules to detect when resources have drifted from their expected state.

Allow users to deploy CloudFormation stacks using AWS Service Catalog only Enforce the use of a launch constraint Use AWS Config rules to detect when resources have drifted from their expected state.

Allow users to deploy CloudFormation stacks using AWS Service Catalog only Enforce the use of a template constraint Use Amazon EventBridge (Amazon CloudWatch Events) notifications to detect when resources have drifted from their expected state.

Create Amazon Route 53 health checks for each endpoint that cannot be entered as alias records. Ensure firewall and routing rules allow Amazon Route 53 to send requests to the endpoints that are specified in the health checks.

Create alias records that route traffic to AWS resources and set the value of the Evaluate Target Health option to Yes, then create all the non-alias records.

Create a governing Amazon Route 53 record set, set it to failover, and associate it with the primary and secondary Amazon Route 53 record sets to distribute traffic to healthy DNS entries.

Create an Amazon CloudWatch alarm to monitor the primary Amazon Route 53 DNS entry. Then create an associated AWS Lambda function to execute the failover API call to Route 53 to the secondary DNS entry.

Create an AWS CloudWatch Logs subscription that filters on "detail-type": "CodePipeline Pipeline Execution State Change." Forward that to an Amazon SNS topic. Add the chat webhook URL to the SNS topic as a subscriber and complete the subscription validation.

Create an AWS Lambda function that is triggered by the updating of AWS CloudTrail events. When a "CodePipeline Pipeline Execution State Change" event is detected in the updated events, send the event details to the chat webhook URL.

Create an AWS CloudWatch Events rule that filters on "CodePipeline Pipeline Execution State Change." Forward that to an Amazon SNS topic. Subscribe an AWS Lambda function to the Amazon SNS topic and have it forward the event to the chat webhook URL.

Modify the pipeline code to send event details to the chat webhook URL at the end of each stage. Parametrize the URL so each pipeline can send to a different URL based on the pipeline environment.

Create two Amazon CloudWatch Events rules with schedules before and after business hours begin and end. Create two AWS Lambda functions, one invoked by each rule. The first function should stop nine instances after business hours end, the second function should restart the nine instances before the business day begins.

Create an Amazon EC2 Auto Scaling group using the AMI image, with a scaling action based on the Auto Scaling group's CPU Utilization average with a target of 75%. Create a scheduled action for the group to adjust the minimum number of instances to three after business hours end and reset to six before business hours begin.

Create two Amazon CloudWatch Events rules with schedules before and after business hours begin and end. Create an AWS CloudFormation stack, which creates an EC2 Auto Scaling group, with a parameter for the number of instances. Invoke the stack from each rule, passing a parameter value of three in the morning, and six in the evening.

Create an EC2 Auto Scaling group using the AMI image, with a scaling action based on the Auto Scaling group's CPU Utilization average with a target of 75%. Create a scheduled action to terminate nine instances each evening after the close of business.

Associate an IPv6 CIDR block with the Amazon VPC and subnets where the EC2 instances will live. Create route table entries for the IPv6 network, use EC2 instance types that support IPv6, and assign IPv6 addresses to each EC2 instance.

Replace the Application Load Balancer with a Network Load Balancer. Associate an IPv6 CIDR block with the Virtual Private Cloud (VPC) and subnets where the Network Load Balancer lives, and assign the Network Load Balancer an IPv6 Elastic IP address.

Assign each EC2 instance an IPv6 Elastic IP address. Create a target group and add the EC2 instances as targets. Create a listener on port 443 of the Application Load Balancer, and associate the newly created target group as the default target group.

Create a target group and add the EC2 instances as targets. Create a listener on port 443 of the Application Load Balancer. Associate the newly created target group as the default target group. Select a dual stack IP address, and create a rule in the security group that allows inbound traffic from anywhere.