Full Access Amazon Web Services DOP-C01 Tutorials

Page: 6 / 9

Question 24

A company is using AWS Organizations to create separate AWS accounts for each of its departments. It needs to automate the following tasks:

Updating the Linux AMIs with new patches periodically and generating a golden image

Installing a new version of Chef agents in the golden image, if available

Enforcing the use of the newly generated golden AMIs in the department's account

Which option requires the LEAST management overhead?

Options:

Write a script to launch an Amazon EC2 instance from the previous golden AMI, apply the patch updates, install the new version of the Chef agent, generate a new golden AMI, and then modify the AMI permissions to share only the new image with the departments’ accounts.

Use an AWS Systems Manager Run Command to update the Chef agent first, use Amazon EC2 Systems Manager Automation to generate an updated AMI, and then assume an IAM role to copy the new golden AMI into the departments’ accounts.

Use AWS Systems Manager Automation to update the Linux AMI using the previous image, provide the URL for the script that will update the Chef agent, and then use AWS Organizations to replace the previous golden AMI into the departments’ accounts.

Use AWS Systems Manager Automation to update the Linux AMI from the previous golden image, provide the URL for the script that will update the Chef agent, and then share only the newly generated AMI with the departments’ accounts.

Question 25

A DevOps engineer has automated a web service deployment using AWS CodePipelme with the following steps:

• An AWS CodeBuild project compiles the deployment artifact and runs unit tests.

• An AWS CodeDeploy deployment group deploys the web service to Amazon EC2 instances in the staging environment.

• A CodeDeploy deployment group deploys the web service to EC2 instances in the production environment

The quality assurance (QA) team has asked for permission to inspect the build artifact before the deployment to the production environment occurs. The OA team wants to run an internal automated penetration testing tool (invoked using a REST API call) to run some manual tests.

Which combination of actions will fulfill this request? (Select TWO.)

Options:

Insert a manual approval action between the test and deployment actions of Jtue pipeline.

Modify the buildspec.yml file for the compilation stage to require manual approval before completion.

Update the CodeDeploy deployment group so it requires manual approval to proceed

Update the pipeline to directly trigger the REST API for the automated penetration testing tool.

Update the pipeline to invoke a Lambda function that triggers the REST API for the automated penetration testing tool.

Question 26

A company uses federated access for its AWS environment The available roles are created and managed using AWS CloudFormation from a CI/CD pipeline. All changes should be made to the IAM roles through the pipeline. The security team found that changes are being made to the roles out-of-band and would like to detect when this occurs.

Which action will accomplish this?

Options:

Use Amazon Inspector rules to detect and notify when a CloudFormation stack has a configuration change.

Use an AWS Trusted Advisor CloudWatch Events rule to detect and notify when a CloudFormation stack has a configuration change.

Use AWS CloudTrail to detect and notify when a CloudFormation stack has detected a configuration change.

Use an AWS Config rule to detect and notify when a CloudFormation stack has detected a configuration change.

Question 27

A web application has been deployed using an AWS Elastic Beanstalk application The Application Developers are concerned that they are seeing high latency in two different areas of the application: HTTP client requests to a third-party API MySQL client library queries to an Amazon RDS database A DevOps Engineer must gather trace data to diagnose the issues. Which steps will gather the trace information with the LEAST amount of changes and performance impacts to the application?

Options:

Add additional logging to the application code. Use the Amazon CloudWatch agent to stream the application logs into Amazon Elasticsearch Service. Query the log data in Amazon ES.

Instrument the application to use the AWS X-Ray SDK. Post trace data to an Amazon Elasticsearch Service cluster. Query the trace data for calls to the HTTP client and the MySQL client.

On the AWS Elastic Beanstalk management page for the application, enable the AWS X-Ray daemon. View the trace data in the X-Ray console.

Instrument the application using the AWS X-Ray SDK. On the AWS Elastic Beanstalk management page for the application, enable the X-Ray daemon. View the trace data in the X-Ray console.

Page: 6 / 9