DOP-C02 Free Practice Test

A company is running an application on Amazon EC2 instances in an Auto Scaling group. Recently an issue occurred that prevented EC2 instances from launching successfully and it took several hours for the support team to discover the issue. The support team wants to be notified by email whenever an EC2 instance does not start successfully.
Which action will accomplish this?

1. A. Add a health check to the Auto Scaling group to invoke an AWS Lambda function whenever an instance status is impaired.
2. B. Configure the Auto Scaling group to send a notification to an Amazon SNS topic whenever a failed instance launch occurs.
3. C. Create an Amazon CloudWatch alarm that invokes an AWS Lambda function when a failed Attachinstances Auto Scaling API call is made.
4. D. Create a status check alarm on Amazon EC2 to send a notification to an Amazon SNS topic whenever a status check fail occurs.

Correct Answer: B
https://docs.aws.amazon.com/autoscaling/ec2/userguide/ASGettingNotifications.html#auto-scaling-sns-notifications

A company has many applications. Different teams in the company developed the applications by using multiple languages and frameworks. The applications run on premises and on different servers with different operating systems. Each team has its own release protocol and process. The company wants to reduce the complexity of the release and maintenance of these applications.
The company is migrating its technology stacks, including these applications, to AWS. The
company wants centralized control of source code, a consistent and automatic delivery pipeline, and as few maintenance tasks as possible on the underlying infrastructure.
What should a DevOps engineer do to meet these requirements?

1. A. Create one AWS CodeCommit repository for all application
2. B. Put each application's code in a different branc
3. C. Merge the branches, and use AWS CodeBuild to build the application
4. D. Use AWS CodeDeploy to deploy the applications to one centralized application server.
5. E. Create one AWS CodeCommit repository for each of the application
6. F. Use AWS CodeBuild to build the applications one at a tim
7. G. Use AWS CodeDeploy to deploy the applications to one centralized application server.
8. H. Create one AWS CodeCommit repository for each of the application
9. I. Use AWS CodeBuild to build the applications one at a time and to create one AMI for each serve
10. J. Use AWS CloudFormation StackSets to automatically provision and decommission Amazon EC2 fleets by using these AMIs.
11. K. Create one AWS CodeCommit repository for each of the application
12. L. Use AWS CodeBuild to build one Docker image for each application in Amazon Elastic Container Registry (Amazon ECR). Use AWS CodeDeploy to deploy the applications to Amazon Elastic Container Service (Amazon ECS) on infrastructure that AWS Fargate manages.

Correct Answer: D
because of "as few maintenance tasks as possible on the underlying infrastructure". Fargate does that better than "one centralized application server"

A company has containerized all of its in-house quality control applications. The company is running Jenkins on Amazon EC2 instances, which require patching and upgrading. The compliance officer has requested a DevOps engineer begin encrypting build artifacts since they contain company intellectual property.
What should the DevOps engineer do to accomplish this in the MOST maintainable manner?

1. A. Automate patching and upgrading using AWS Systems Manager on EC2 instances and encrypt Amazon EBS volumes by default.
2. B. Deploy Jenkins to an Amazon ECS cluster and copy build artifacts to an Amazon S3 bucket with default encryption enabled.
3. C. Leverage AWS CodePipeline with a build action and encrypt the artifacts using AWS Secrets Manager.
4. D. Use AWS CodeBuild with artifact encryption to replace the Jenkins instance running on EC2 instances.

Correct Answer: D
The following are the steps involved in accomplishing this in the most maintainable manner:
✑ Use AWS CodeBuild with artifact encryption to replace the Jenkins instance
running on EC2 instances.
✑ Configure CodeBuild to encrypt the build artifacts using AWS Secrets Manager.
✑ Deploy the containerized quality control applications to CodeBuild.
This approach is the most maintainable because it eliminates the need to manage Jenkins on EC2 instances. CodeBuild is a managed service, so the DevOps engineer does not need to worry about patching or upgrading the service. https://docs.aws.amazon.com/codebuild/latest/userguide/security-encryption.html Build artifact encryption - CodeBuild requires access to an AWS KMS CMK in order to encrypt its build output artifacts. By default, CodeBuild uses an AWS Key Management Service CMK for Amazon S3 in your AWS account. If you do not want to use this CMK, you must create and configure a customer-managed CMK. For more information Creating keys.

A company hosts its staging website using an Amazon EC2 instance backed with Amazon EBS storage. The company wants to recover quickly with minimal data losses in the event of network connectivity issues or power failures on the EC2 instance.
Which solution will meet these requirements?

1. A. Add the instance to an EC2 Auto Scaling group with the minimum, maximum, and desired capacity set to 1.
2. B. Add the instance to an EC2 Auto Scaling group with a lifecycle hook to detach the EBS volume when the EC2 instance shuts down or terminates.
3. C. Create an Amazon CloudWatch alarm for the StatusCheckFailed System metric and select the EC2 action to recover the instance.
4. D. Create an Amazon CloudWatch alarm for the StatusCheckFailed Instance metric and select the EC2 action to reboot the instance.

Correct Answer: C
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance- recover.html

A company uses AWS Organizations and AWS Control Tower to manage all the company's AWS accounts. The company uses the Enterprise Support plan.
A DevOps engineer is using Account Factory for Terraform (AFT) to provision new accounts. When new accounts are provisioned, the DevOps engineer notices that the support plan for the new accounts is set to the Basic Support plan. The DevOps engineer needs to implement a solution to provision the new accounts with the Enterprise Support plan.
Which solution will meet these requirements?

1. A. Use an AWS Config conformance pack to deploy the account-part-of-organizations AWS Config rule and to automatically remediate any noncompliant accounts.
2. B. Create an AWS Lambda function to create a ticket for AWS Support to add the account to the Enterprise Support pla
3. C. Grant the Lambda function the support:ResolveCase permission.
4. D. Add an additional value to the control_tower_parameters input to set the AWSEnterpriseSupport parameter as the organization's management account number.
5. E. Set the aft_feature_enterprise_support feature flag to True in the AFT deployment input configuratio
6. F. Redeploy AFT and apply the changes.

Correct Answer: D
AWS Organizations is a service that helps to manage multiple AWS accounts. AWS Control Tower is a service that makes it easy to set up and govern secure, compliant multi-account AWS environments. Account Factory for Terraform (AFT) is an AWS Control Tower feature that provisions new accounts using Terraform templates. To provision new accounts with the Enterprise Support plan, the DevOps engineer can set the aft_feature_enterprise_support feature flag to True in the AFT deployment input configuration. This flag enables the Enterprise Support plan for newly provisioned
accounts.
https://docs.aws.amazon.com/controltower/latest/userguide/aft-feature-options.html