DOP-C01 Online Practice Questions and Answers

You have been tasked with deploying a solution for your company that will store images, which the marketing department will use for its campaigns. Employees are able to upload images via a web interface, and once uploaded, each image must be resized and watermarked with the company logo. Image resize and watermark is not time-sensitive and can be completed days after upload if required. How should you design this solution in the most highly available and cost-effective way?

A. Configure your web application to upload images to the Amazon Elastic Transcoder service. Use the Amazon Elastic Transcoder watermark feature to add the company logo as a watermark on your images and then to upload the final images into an Amazon S3 bucket.

B. Configure your web application to upload images to Amazon S3, and send the Amazon S3 bucket URI to an Amazon SQS queue. Create an Auto Scaling group and configure it to use Spot instances, specifying a price you are willing to pay. Configure the instances in this Auto Scaling group to poll the SQS queue for new images and then resize and watermark the image before uploading the final images into Amazon S3.

C. Configure your web application to upload images to Amazon S3, and send the S3 object URI to an Amazon SQS queue. Create an Auto Scaling launch configuration that uses Spot instances, specifying a price you are willing to pay. Configure the instances in this Auto Scaling group to poll the Amazon SQS queue for new images and then resize and watermark the image before uploading the new images into Amazon S3 and deleting the message from the Amazon SQS queue.

D. Configure your web application to upload images to the local storage of the web server. Create a cronjob to execute a script daily that scans this directory for new files and then uses the Amazon EC2 Service API to launch 10 new Amazon EC2 instances, which will resize and watermark the images daily.

You are designing a system which needs, at minumum, 8 m4.large instances operating to service traffic. When designing a system for high availability in the us-east-1 region, which has 6 Availability Zones, you company needs to be able to handle death of a full availability zone. How should you distribute the servers, to save as much cost as possible, assuming all of the EC2 nodes are properly linked to an ELB?

Your VPC account can utilize us-east-1's AZ's a through f, inclusive.

A. 3 servers in each of AZ's a through d, inclusive.

B. 8 servers in each of AZ's a and b.

C. 2 servers in each of AZ's a through e, inclusive.

D. 4 servers in each of AZ's a through c, inclusive.

What is the scope of an EBS volume?

A. VPC

B. Region

C. Placement Group

D. Availability Zone

A company is migrating its public-facing software to AWS. The company plans to use Amazon EC2 to run application code and Amazon RDS to store all application data. The company wants to primarily use one Region with failover capabilities to a secondary Region and Amazon Route 53 to route traffic. The RPO is 2 hours and the RTO is 4 hours.

Which combination of steps should be used to meet these requirements while MINIMIZING cost? (Choose three.)

A. Create an AWS CloudFormation template to provision the application server and database instance in a single Region.

B. Create an AWS CloudFormation template to provision the application tier of the application and a multi- Region database instance.

C. Configure Amazon CloudWatch Events rules to run every hour. Trigger AWS Lambda functions to create an RDS snapshot and copy it to the secondary Region.

D. Configure Amazon CloudWatch Events rules to run every 3 hours. Trigger AWS Lambda functions to create an RDS snapshot and copy it to the secondary Region.

E. In the event of a failure, deploy a new AWS CloudFormation stack in a secondary region to provision the application resources and a new RDS instance using the copied snapshot and a Route 53 failover routing policy.

F. In the event of a failure, deploy a new AWS CloudFormation stack in a secondary region to provision the application resources and a replica of the RDS database using the copied snapshot and a Route 53 latency-based routing policy.

A company is deploying a new application using Amazon EC2 instances. The company wants to maintain a centralized application and Amazon API logs that can be queried using one tool or service.

Which solution will meet these requirements?

A. Use the Amazon CloudWatch agent to send logs from the Amazon EC2 instances to CloudWatch. Configure AWS CloudTrail to deliver the API logs to CloudWatch and use Amazon Athena to query both log sets in CloudWatch.

B. Use the Amazon CloudWatch agent to send logs from the Amazon EC2 instances to CloudWatch. Configure an Amazon Kinesis Data Firehouse log group subscription to send those logs to Amazon S3. Use AWS CloudTrail to deliver the API logs to Amazon S3. Use Amazon Athena to query both log sets in Amazon S3.

C. Use the Amazon CloudWatch agent to send logs from the Amazon EC2 instances to Amazon Kinesis. Configure AWS CloudTrail to deliver the API logs to Kinesis. Use Amazon to load the data into Amazon Redshift and use Amazon Redshift to query both log sets.

D. Use the Amazon CloudWatch agent to send logs from the Amazon EC2 instances to Amazon S3. Use Amazon CloudTrail to deliver the API logs to Amazon S3 and use Amazon Redshift to query both log sets in Amazon S3.

From a compliance and security perspective, which of these statements is true?

A. You do not ever need to rotate access keys for AWS IAM Users.

B. You do not ever need to rotate access keys for AWS IAM Roles, nor AWS IAM Users.

C. None of the other statements are true.

D. You do not ever need to rotate access keys for AWS IAM Roles.

What is the expected behavior if Ansible is called with `ansible-playbook -i localhost playbook.yml'?

A. Ansible will attempt to read the inventory file named `localhost'

B. Ansible will run the plays locally.

C. Ansible will run the playbook on the host named `localhost'

D. Ansible won't run, this is invalid command line syntax

What is the correct syntax for the AWS command to create a single region trail?

A. aws create-trail --name trailname --s3-object objectname

B. aws cloudtrail --s3-regionname IPaddress create-trail --name trailname

C. aws cloudtrail create-trail --name trailname --s3-bucket-name bucketname

D. aws cloudtrail create-trail --name trailname --s3-portnumber IPaddress

Within an IAM policy, can you add an IfExists condition at the end of a Null condition?

A. Yes, you can add an IfExists condition at the end of a Null condition but not in all Regions.

B. Yes, you can add an IfExists condition at the end of a Null condition depending on the condition.

C. No, you cannot add an IfExists condition at the end of a Null condition.

D. Yes, you can add an IfExists condition at the end of a Null condition.

A DevOps engineer needs to grant several external contractors access to a legacy application that runs on an Amazon Linux Amazon EC2 instance. The application server is available only in a private subnet. The contractors are not authorized for VPN access.

What should the DevOps engineer do to grant the contactors access to the application server?

A. Create an IAM user and SSH keys for each contractor. Add the public SSH key to the application server's SSH authorized_keys file. Instruct the contractors to install the AWS CLI and AWS Systems Manager Session Manager plugin, update their AWS credentials files with their private keys, and use the aws ssm start-session command to gain access to the target application server instance ID.

B. Ask each contractor to securely send their SSH public key. Add this public key to the application server's SSH authorized-keys file. Instruct the contractors to use their private key to connect to the application server through SSH.

C. Ask each contractor to securely send their SSH public key. Use EC2 pairs to import their key. Update the application server's SSH authorized_keys file. Instruct the contractors to use their private key to connect to the application server through SSH.

D. Create an IAM user for each contractor with programmatic access. Add each user to an IAM group that has a policy that allows the ssm:StartSession action. Instruct the contractors to install the AWS CLI and AWS Systems Manager Session Manager plugin, update their AWS credentials files with their access keys, and use the aws ssm start-session to gain access to the target application server instance ID.