DOP-C02 Free Practice Test

A DevOps engineer is planning to deploy a Ruby-based application to production. The application needs to interact with an Amazon RDS for MySQL database and should have automatic scaling and high availability. The stored data in the database is critical and should persist regardless of the state of the application stack.
The DevOps engineer needs to set up an automated deployment strategy for the application with automatic rollbacks. The solution also must alert the application team when a deployment fails.
Which combination of steps will meet these requirements? (Select THREE.)

1. A. Deploy the application on AWS Elastic Beanstal
2. B. Deploy an Amazon RDS for MySQL DB instance as part of the Elastic Beanstalk configuration.
3. C. Deploy the application on AWS Elastic Beanstal
4. D. Deploy a separate Amazon RDS for MySQL DB instance outside of Elastic Beanstalk.
5. E. Configure a notification email address that alerts the application team in the AWS Elastic Beanstalk configuration.
6. F. Configure an Amazon EventBridge rule to monitor AWS Health event
7. G. Use an Amazon Simple Notification Service (Amazon SNS) topic as a target to alert the application team.
8. H. Use the immutable deployment method to deploy new application versions.
9. I. Use the rolling deployment method to deploy new application versions.

Correct Answer: BDE
For deploying a Ruby-based application with requirements for interaction with an Amazon RDS for MySQL database, automatic scaling, high availability, and data persistence, the following steps will meet the requirements:
✑ B. Deploy the application on AWS Elastic Beanstalk. Deploy a separate Amazon
RDS for MySQL DB instance outside of Elastic Beanstalk. This approach ensures that the database persists independently of the Elastic Beanstalk environment, which can be torn down and recreated without affecting the database123.
✑ E. Use the immutable deployment method to deploy new application
versions. Immutable deployments provide a zero-downtime deployment method that ensures that if any part of the deployment process fails, the environment is rolled back to the original state automatically4.
✑ D. Configure an Amazon EventBridge rule to monitor AWS Health events. Use an
Amazon Simple Notification Service (Amazon SNS) topic as a target to alert the application team. This setup allows for automated monitoring and alerting of the application team in case of deployment failures or other health events56.
References:
✑ AWS Elastic Beanstalk documentation on deploying Ruby applications1.
✑ AWS documentation on application auto-scaling7.
✑ AWS documentation on automated deployment strategies with automatic rollbacks and alerts456.

A company has many AWS accounts. During AWS account creation the company uses automation to create an Amazon CloudWatch Logs log group in every AWS Region that the company operates in. The automaton configures new resources in the accounts to publish logs to the provisioned log groups in their Region.
The company has created a logging account to centralize the logging from all the other accounts. A DevOps engineer needs to aggregate the log groups from all the accounts to an existing Amazon S3 bucket in the logging account.
Which solution will meet these requirements in the MOST operationally efficient manner?

1. A. In the logging account create a CloudWatch Logs destination with a destination polic
2. B. For each new account subscribe the CloudWatch Logs log groups to th
3. C. Destination Configure a single Amazon Kinesis data stream and a single Amazon Kinesis Data Firehose delivery stream to deliver the logs from the CloudWatch Logs destination to the S3 bucket.
4. D. In the logging account create a CloudWatch Logs destination with a destination policy for each Regio
5. E. For each new account subscribe the CloudWatch Logs log groups to the destinatio
6. F. Configure a single Amazon Kinesis data stream and a single Amazon Kinesis Data Firehose delivery stream to deliver the logs from all the CloudWatch Logs destinations to the S3 bucket.
7. G. In the logging account create a CloudWatch Logs destination with a destination policy for each Regio
8. H. For each new account subscribe the CloudWatch Logs log groups to the destination Configure an Amazon Kinesis data stream and an Amazon Kinesis Data Firehose delivery stream for each Region to deliver the logs from the CloudWatch Logs destinations to the S3 bucket.
9. I. In the logging account create a CloudWatch Logs destination with a destination polic
10. J. For each new account subscribe the CloudWatch Logs log groups to the destinatio
11. K. Configure a single Amazon Kinesis data stream to deliver the logs from the CloudWatch Logs destination to the S3 bucket.

Correct Answer: C
This solution will meet the requirements in the most operationally efficient manner because it will use CloudWatch Logs destination to aggregate the log groups from all the accounts to a single S3 bucket in the logging account. However, unlike option A, this solution will create a CloudWatch Logs destination for each region, instead of a single destination for all regions. This will improve the performance and reliability of the log delivery, as it will avoid cross-region data transfer and latency issues. Moreover, this solution will use an Amazon Kinesis data stream and an Amazon Kinesis Data Firehose delivery stream for each region, instead of a single stream for all regions. This will also improve the scalability and throughput of the log delivery, as it will avoid bottlenecks and throttling issues that may occur with a single stream.

A company has developed a serverless web application that is hosted on AWS. The application consists of Amazon S3. Amazon API Gateway, several AWS Lambda functions, and an Amazon RDS for MySQL database. The company is using AWS CodeCommit to store the source code. The source code is a combination of AWS Serverless Application Model (AWS SAM) templates and Python code.
A security audit and penetration test reveal that user names and passwords for authentication to the database are hardcoded within CodeCommit repositories. A DevOps engineer must implement a solution to automatically detect and prevent hardcoded secrets.
What is the MOST secure solution that meets these requirements?

1. A. Enable Amazon CodeGuru Profile
2. B. Decorate the handler function with@with_lambda_profiler(). Manually review the recommendation repor
3. C. Write the secret to AWS Systems Manager Parameter Store as a secure strin
4. D. Update the SAM templates and the Python code to pull the secret from Parameter Store.
5. E. Associate the CodeCommit repository with Amazon CodeGuru Reviewe
6. F. Manually check the code review for any recommendation
7. G. Choose the option to protect the secre
8. H. Update the SAM templates and the Python code to pull the secret from AWS Secrets Manager.
9. I. Enable Amazon CodeGuru Profile
10. J. Decorate the handler function with@with_lambda_profiler(). Manually review the recommendation repor
11. K. Choose the option to protect the secre
12. L. Update the SAM templates and the Python code to pull the secret from AWS Secrets Manager.
13. M. Associate the CodeCommit repository with Amazon CodeGuru Reviewe
14. N. Manually check the code review for any recommendation
15. O. Write the secret to AWS Systems Manager Parameter Store as a strin
16. P. Update the SAM templates and the Python code to pull the secret from Parameter Store.

Correct Answer: B
https://docs.aws.amazon.com/codecommit/latest/userguide/how-to-amazon-codeguru-reviewer.html

A company is hosting a static website from an Amazon S3 bucket. The website is available to customers at example.com. The company uses an Amazon Route 53 weighted routing policy with a TTL of 1 day. The company has decided to replace the existing static website with a dynamic web application. The dynamic web application uses an Application Load Balancer (ALB) in front of a fleet of Amazon EC2 instances.
On the day of production launch to customers, the company creates an additional Route 53 weighted DNS record entry that points to the ALB with a weight of 255 and a TTL of 1 hour. Two days later, a DevOps engineer notices that the previous static website is displayed sometimes when customers navigate to example.com.
How can the DevOps engineer ensure that the company serves only dynamic content for example.com?

1. A. Delete all objects, including previous versions, from the S3 bucket that contains the static website content.
2. B. Update the weighted DNS record entry that points to the S3 bucke
3. C. Apply a weight of 0. Specify the domain reset option to propagate changes immediately.
4. D. Configure webpage redirect requests on the S3 bucket with a hostname that redirects to the ALB.
5. E. Remove the weighted DNS record entry that points to the S3 bucket from the example.com hosted zon
6. F. Wait for DNS propagation to become complete.

Correct Answer: D

A company wants to use AWS development tools to replace its current bash deployment scripts. The company currently deploys a LAMP application to a group of Amazon EC2 instances behind an Application Load Balancer (ALB). During the deployments, the company unit tests the committed application, stops and starts services, unregisters and re-registers instances with the load balancer, and updates file permissions. The company wants to maintain the same deployment functionality through the shift to using AWS
services.
Which solution will meet these requirements?

1. A. Use AWS CodeBuild to test the applicatio
2. B. Use bash scripts invoked by AWS CodeDeploy's appspec.yml file to restart services, and deregister and register instances with the AL
3. C. Use the appspec.yml file to update file permissions without a custom script.
4. D. Use AWS CodePipeline to move the application from the AWS CodeCommit repository to AWS CodeDeplo
5. E. Use CodeDeploy's deployment group to test the application, unregister and re-register instances with the AL
6. F. and restart service
7. G. Use the appspec.yml file to update file permissions without a custom script.
8. H. Use AWS CodePipeline to move the application source code from the AWS CodeCommit repository to AWS CodeDeplo
9. I. Use CodeDeploy to test the applicatio
10. J. Use CodeDeploy's appspec.yml file to restart services and update permissions without a custom scrip
11. K. Use AWS CodeBuild to unregister and re-register instances with the ALB.
12. L. Use AWS CodePipeline to trigger AWS CodeBuild to test the applicatio
13. M. Use bash scripts invoked by AWS CodeDeploy's appspec.yml file to restart service
14. N. Unregister and re-register the instances in the AWS CodeDeploy deployment group with the AL
15. O. Update the appspec.yml file to update file permissions without a custom script.

Correct Answer: D
https://aws.amazon.com/blogs/devops/how-to-test-and-debug-aws-codedeploy-locally-before-you-ship-your- code/#:~:text=You can test application code,local server or EC2
instance.