Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. DOP-C01

Free Amazon DOP-C01 Exam Braindumps (page: 9)

Page 9 of 53
PDF with 208 Questions

A company's DevOps engineer is working in a multi-account environment. The company uses AWS Transit Gateway to route all outbound tra c through a network operations account. In the network operations account, all account tra c passes through a rewall appliance for inspection before the tra c goes to an internet gateway.
The rewall appliance sends logs to Amazon CloudWatch Logs and includes event severities of CRITICAL, HIGH, MEDIUM, LOW, and INFO. The security team wants to receive an alert if any CRITICAL events occur.
What should the DevOps engineer do to meet these requirements?

  1. Create an Amazon CloudWatch Synthetics canary to monitor the rewall state. If the rewall reaches a CRITICAL state or logs a CRITICAL event, use a CloudWatch alarm to publish a noti cation to an Amazon Simple Noti cation Service (Amazon SNS) topic. Subscribe the security team's email address to the topic.
  2. Create an Amazon CloudWatch mettic lter by using a search for CRITICAL events. Publish a custom metric for the nding. Use a CloudWatch alarm based on the custom metric to publish a noti cation to an Amazon Simple Noti cation Service (Amazon SNS) topic.
    Subscribe the security team's email address to the topic.
  3. Enable Amazon GuardDuty in the network operations account. Con gure GuardDuty to monitor ow logs. Create an Amazon EventBridge (Amazon CloudWatch Events) event rule that is invoked by GuardDuty events that are CRITICAL. De ne an Amazon Simple Noti cation Service (Amazon SNS) topic as a target. Subscribe the security team's email address to the topic.
  4. Use AWS Firewall Manager to apply consistent policies across all accounts. Create an Amazon EventBridge (Amazon CloudWatch Events) event rule that is invoked by Firewall Manager events that are CRITICAL. De ne an Amazon Simple Noti cation Service (Amazon SNS) topic as a target. Subscribe the security team's email address to the topic.

Answer(s): B


Reference:

https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_ ndings_cloudwatch.html



A company recently migrated its legacy application from on-premises to AWS. The application is hosted on Amazon EC2 instances behind an Application Load
Balancer, which is behind Amazon API Gateway. The company wants to ensure users experience minimal disruptions during any deployment of a new version of the application. The company also wants to ensure it can quickly roll back updates if there is an issue. Which solution will meet these requirements with MINIMAL changes to the application?

  1. Introduce changes as a separate environment parallel to the existing one. Con gure API Gateway to use a canary release deployment to send a small subset of user tra c to the new environment.
  2. Introduce changes as a separate environment parallel to the existing one. Update the application's DNS alias records to point to the new environment.
  3. Introduce changes as a separate target group behind the existing Application Load Balancer. Con gure API Gateway to route user tra c to the new target group in steps.
  4. Introduce changes as a separate target group behind the existing Application Load Balancer. Con gure API Gateway to route all tra c to the Application Load Balancer, which then sends the tra c to the new target group.

Answer(s): A



A company recently launched an application that is more popular than expected. The company wants to ensure the application can scale to meet increasing demands and provide reliability using multiple Availability Zones (AZs). The application runs on a eet of Amazon EC2 instances behind an Application Load
Balancer (ALB). A DevOps engineer has created an Auto Scaling group across multiple AZs for the application. Instances launched in the newly added AZs are not receiving any tra c for the application.
What is likely causing this issue?

  1. Auto Scaling groups can create new instances in a single AZ only.
  2. The EC2 instances have not been manually associated to the AL
  3. The ALB should be replaced with a Network Load Balancer (NLB).
  4. The new AZ has not been added to the ALB.

Answer(s): D



A DevOps Engineer manages a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an EC2
Auto Scaling group across multiple Availability Zones. The engineer needs to implement a deployment strategy that:
Launches a second eet of instances with the same capacity as the original eet.
Maintains the original eet unchanged while the second eet is launched.
Transitions tra c to the second eet when the second eet is fully deployed.
Terminates the original eet automatically 1 hour after transition.
Which solution will satisfy these requirements?

  1. Use an AWS CloudFormation template with a retention policy for the ALB set to 1 hour. Update the Amazon Route 53 record to re ect the new ALB.
  2. Use two AWS Elastic Beanstalk environments to perform a blue/green deployment from the original environment to the new one. Create an application version lifecycle policy to terminate the original environment in 1 hour.
  3. Use AWS CodeDeploy with a deployment group con gured with a blue/green deployment con guration. Select the option Terminate the original instances in the deployment group with a waiting period of 1 hour.
  4. Use AWS Elastic Beanstalk with the con guration set to Immutable. Create an .ebextension using the Resources key that sets the deletion policy of the ALB to 1 hour, and deploy the application.

Answer(s): D



Viewing page 9 of 53
Viewing questions 33 - 36 out of 208 questions



Post your Comments and Discuss Amazon DOP-C01 exam prep with other Community members:

DOP-C01 Exam Discussions & Posts