[2022年03月]更新のAmazon DOP-C01問題集合格率を上げるならDOP-C01試験問題集 [Q118-Q138]

[2022年03月]更新のAmazon DOP-C01問題集合格率を上げるならDOP-C01試験問題集

あなたのゴールを成し遂げるための問題集！あなたのAWS Certified DevOps Engineer - Professionalの試験準備を合格するために実際のAmazon DOP-C01問題集をおすすめします

質問 118
Which of the following services allows you to easily run and manage Docker-enabled applications across a
cluster of Amazon EC2 instances

• A. ElasticContainer service
• B. Elastic bean stalk
• C. Opswork
• D. Cloudwatch

正解: A

解説:
Explanation
The AWS documentation provides the following information
Amazon EC2 Container Service (CCS) allows you to easily run and manage Docker-enabled applications
across a cluster of Amazon EC2 instances. Applications packaged as containers locally will deploy and run in
the same way as containers managed by Amazon ECS. Amazon CCS eliminates the need to install, operate,
and scale your own cluster management infrastructure, and allows you to schedule Docker-enabled
applications across your cluster based on your resource needs and availability requirements.
For more information on ECS, please visit the link:
* https://aws.amazon.com/ecs/details/

 

質問 119
A DevOps engineer is assisting with a multi-Region disaster recovery solution for a new application. The application consists of Amazon EC2 instances running in an Auto Scaling group and an Amazon Aurora MySQL DB cluster. The application must be available with an RTO of 120 minutes and an RPO of 60 minutes.
What is the MOST cost-effective way to meet these requirements?

• A. Use AWS Lambda to create and copy a snapshot of the Aurora DB cluster to the destination Region hourly. Create an AWS CloudFormation template that includes an Auto Scaling group, and create a stack in two Regions. Restore the Aurora DB cluster from a snapshot and update the Auto Scaling group to start launching instances.
• B. Launch an Aurora DB cluster as an Aurora Replica in a different Region and configure automatic cross-Region failover. Create an AWS CloudFormation template that includes an Auto Scaling group, and create a stack in two Regions. Write a script that updates the CloudFormation stack in the disaster recovery Region to increase the number of instances.
• C. Launch an Aurora DB cluster as an Aurora Replica in a different Region. Create an AWS CloudFormation template for all compute resources and create a stack in two Regions. Write a script thai promotes the Aurora Replica to the primary instance in the event of a failure.
• D. Configure Amazon DynamoDB cross-Region replication. Create an AWS CloudFormation template that includes an Auto Scaling group, and create a stack in two Regions. Write a script that will update the CloudFormation stack in the disaster recovery Region and promote the DynamoDB replica to the primary instance in the event of a failure.

正解: C

 

質問 120
When writing plays, tasks and playbooks, Ansible fully supports which high level language to describe these?

• A. YAML
• B. JSON
• C. Python
• D. XML

正解: A

解説:
This can be bit of a trick question. While Ansible Playbooks in this course are written in YAML, Ansible will accept plays, tasks and playbooks in JSON, as JSON a subset of YAML. However, the prefered and fully supported method is YAML.
Reference: http://docs.ansible.com/ansible/YAMLSyntax.html

 

質問 121
When specifying more than one conditional requirements for a task, what is the proper method?

• A. - when: foo == "hello" && bar == "world"
• B. - when: foo == "hello" and bar == "world"
• C. - when: foo is "hello" and bar is "world"
• D. - when: foo == "hello" - when: bar == "world"

正解: B

解説:
Ansible will allow you to stack conditionals using 'and' and 'or'. It requires it to be in the same 'when' statement, comparisons must be '==' for equals or '!=' for not equals and the 'and/or' must be written as such, not '&&/||'.
Reference:
http://docs.ansible.com/ansible/playbooks_conditionals.html#the-when-statement

 

質問 122
A mobile application running on eight Amazon EC2 instances is relying on a third-party API endpoint. The thirdparty service has a high failure rate because of limited capacity, which is expected to be resolved in a few weeks. In the meantime, the mobile application developers have added a retry mechanism and are logging failed API requests. A DevOps Engineer must automate the monitoring of application logs and count the specific error messages; if there are more than 10 errors within a 1-minute window, the system must issue an alert. How can the requirements be met with MINIMAL management overhead?

• A. Install the Amazon CloudWatch Logs agent on all instances to push the application logs to CloudWatch Logs. Use metric filters to count the error messages every minute, and trigger a CloudWatch alarm if the count exceeds 10 errors.
• B. Install the Amazon CloudWatch Logs agent on all instances to push the application logs to CloudWatchLogs. Use a metric filter to generate a custom CloudWatch metric that records the number of failures and triggers a CloudWatch alarm if the custom metric reaches 10 errors in a 1-minute period.
• C. Deploy a custom script on all instances to check application logs regularly in a cron job. Count the number of error messages every minute, and push a data point to a custom. CloudWatch metric. Trigger a CloudWatch alarm if the custom metric reaches 10 errors in a 1-minute period.
• D. Install the Amazon CloudWatch Logs agent on all instances to push the access logs to CloudWatch Logs. Create CloudWatch Events rule to count the error messages every minute, and trigger a CloudWatch alarm if the count exceeds 10 errors.

正解: B

 

質問 123
When you add lifecycle hooks to an Autoscaling Group, what are the wait states that occur during the scale in and scale out process. Choose 2 answers from the options given below

• A. Exiting:Wait
• B. Pending:Wait
• C. Terminating:Wait
• D. Launching:Wait

正解: B,C

解説:
Explanation
The AWS Documentation mentions the following
After you add lifecycle hooks to your Auto Scaling group, they work as follows:
1. Auto Scaling responds to scale out events by launching instances and scale in events by terminating instances.
2. Auto Scaling puts the instance into a wait state (Pending:Wait orTerminating: Wait). The instance is paused until either you tell Auto Scaling to continue or the timeout period ends.
For more information on Autoscaling Lifecycle hooks, please visit the below URL: * http://docs.aws.a mazon.com/autoscaling/latest/userguide/lifecycle-hooks.html

 

質問 124
You are designing a cloudformation template to install a set of web servers on EC2 Instances. The following User data needs to be passed to the EC2 Instances
#!/bin/bash
sudo apt-get update
sudo apt-get install -y nginx
Where in the cloudformation template would you ideally pass this User Data

• A. Inthe Metadata section of the EC2 Instance in the resources section
• B. Inthe properties section oftheEC2 Instance in the resources section
• C. Inthe Metadata section of the EC2 Instance in the Output section
• D. Inthe properties section of the EC2 Instance in the Output section

正解: B

解説:
Explanation

For more information on User data in cloudformation templates, please refer to the below link:
* http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/deploying.applications.htmI

 

質問 125
What is web identity federation?

• A. Use of an identity provider like Google or Facebook to exchange for temporary AWS security credentials.
• B. Use of an identity provider like Google or Facebook to become an AWS IAM User.
• C. Use of AWS STS Tokens to log in as a Google or Facebook user.
• D. Use of AWS IAM User tokens to log in as a Google or Facebook user.

正解: A

解説:
... users of your app can sign in using a well-known identity provider (IdP) --such as Login with Amazon, Facebook, Google, or any other OpenID Connect (OIDC)-compatible IdP, receive an authentication token, and then exchange that token for temporary security credentials in AWS that map to an IAM role with permissions to use the resources in your AWS account.
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html

 

質問 126
A social networking service runs a web API that allows its partners to search public posts. Post data is stored in Amazon DynamoDB and indexed by AWS Lambda functions, with an Amazon ES domain storing the indexes and providing search functionality to the application.
The service needs to maintain full capacity during deployments and ensure that failed deployments do not cause downtime or reduced capacity, or prevent subsequent deployments.
How can these requirements be met? (Select TWO )

• A. Run the web application in AWS Elastic Beanstalk with the deployment policy set to All at Once.
  Deploy the Lambda functions, DynamoDB tables, and Amazon ES domain with an AWS CloudFormation template.
• B. Run the web application in AWS Elastic Beanstalk with the deployment policy set to Immutable.
  Deploy the Lambda functions, DynamoDB tables, and Amazon ES domain with an AWS CloudFormation template.
• C. Deploy the web application, Lambda functions, DynamoDB tables, and Amazon ES domain in an AWS CloudFormation template. Deploy changes with an AWS CodeDeploy in-place deployment.
• D. Deploy the web application, Lambda functions, DynamoDB tables, and Amazon ES domain in an AWS CloudFormation template. Deploy changes with an AWS CodeDeploy blue/green deployment.
• E. Run the web application in AWS Elastic Beanstalk with the deployment policy set to Rolling. Deploy the Lambda functions, DynamoDB tables, and Amazon ES domain with an AWS CloudFormation template.

正解: B,C

 

質問 127
What is the maximum supported single-volume throughput on EBS?

• A. 320MiB/s
• B. 40MiB/s
• C. 160MiB/s
• D. 640MiB/s

正解: A

解説:
The ceiling throughput for PIOPS on EBS is 320MiB/s.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html

 

質問 128
You have an ELB setup in AWS with EC2 instances running behind it. You have been requested to monitor the incoming connections to the ELB. Which of the below options can suffice this requirement?

• A. Enable access logs on the load balancer
• B. UseAWSCIoudTrail with your load balancer
• C. Use a CloudWatch Logs Agent
• D. Create a custom metric CloudWatch filter on your load balancer

正解: A

解説:
Explanation
Clastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer. Cach log contains information such as the time the request was received, the client's IP address, latencies, request paths, and server responses. You can use these access logs to analyze traffic patterns and to troubleshoot issues.
Option A is invalid because this service will monitor all AWS services
Option C and D are invalid since CLB already provides a logging feature.
For more information on ELB access logs, please refer to the below document link: from AWS
* http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/access-log-collection.
html

 

質問 129
Your application consists of 10% writes and 90% reads. You currently service all requests through a
Route53 Alias Record directed towards an AWS ELB, which sits in front of an EC2 Auto Scaling Group.
Your system is getting very expensive when there are large traffic spikes during certain news events,
during which many more people request to read similar data all at the same time. What is the simplest
and cheapest way to reduce costs and scale with spikes like this?

• A. Create another ELB and Auto Scaling Group layer mounted on top of the other system, adding a tier to
  the system. Serve most read requests out of the top layer.
• B. Create a Memcached cluster in AWS ElastiCache. Create cache logic to serve requests which can be
  served late from the in-memory cache for increased performance.
• C. Create an S3 bucket and asynchronously replicate common requests responses into S3 objects. When
  a request comes in for a precomputed response, redirect to AWS S3.
• D. Create a CloudFront Distribution and direct Route53 to the Distribution. Use the ELB as an Origin and
  specify Cache Behaviours to proxy cache requests which can be served late.

正解: D

解説:
CloudFront is ideal for scenarios in which entire requests can be served out of a cache and usage
patterns involve heavy reads and spikiness in demand.
A cache behavior is the set of rules you configure for a given URL pattern based on file extensions, file
names, or any portion of a URL path on your website (e.g., *.jpg). You can configure multiple cache
behaviors for your web distribution. Amazon CloudFront will match incoming viewer requests with your list
of URL patterns, and if there is a match, the service will honor the cache behavior you configure for that
URL pattern. Each cache behavior can include the following Amazon CloudFront configuration values:
origin server name, viewer connection protocol, minimum expiration period, query string parameters,
cookies, and trusted signers for private content.
Reference: https://aws.amazon.com/cloudfront/dynamic-content/

 

質問 130
You have a set of applications hosted in AWS. There is a requirement to store the logs from this application onto durable storage. After a period of 3 months, the logs can be placed in archival storage. Which of the following steps would you carry out to achieve this requirement. Choose 2 answers from the options given below

• A. Storethe logfiles as they emitted from the application on to Amazon Glacier
• B. Storethe log files as they emitted from the application on to Amazon Simple Storageservice
• C. UseLifecycle policies to move the data onto Amazon Glacier after a period of 3months
• D. UseLifecycle policies to move the data onto Amazon Simple Storage service after aperiod of 3 months

正解: B,C

解説:
Explanation
The AWS Documentation mentions the following
Amazon Simple Storage Service (Amazon S3) makes it simple and practical to collect, store, and analyze data
- regardless of format - all at massive scale. S3 is object
storage built to store and retrieve any amount of data from anywhere - web sites and mobile apps, corporate applications, and data from loT sensors or devices.
For more information on S3, please visit the below URL:
* https://aws.amazon.com/s3/
Lifecycle configuration enables you to specify the lifecycle management of objects in a bucket. The configuration is a set of one or more rules, where each rule defines an action for Amazon S3 to apply to a group of objects. These actions can be classified as follows: Transition actions - In which you define when objects transition to another storage class. For example, you may choose to transition objects to the STANDARDJ A (IA, for infrequent access) storage class 30 days after creation, or archive objects to the GLACIER storage class one year after creation. Cxpiration actions - In which you specify when the objects expire. Then Amazon S3 deletes the expired objects on your behalf. For more information on S3 Lifecycle policies please visit the below URL:
* http://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.htmI

 

質問 131
You have the requirement to get a snapshot of the current configuration of the resources in your AWS
Account. Which of the following services can be used for this purpose

• A. AWS Trusted Advisor
• B. AWSConfig
• C. AWSIAM
• D. AWS CodeDeploy

正解: B

解説:
Explanation
The AWS Documentation mentions the following
With AWS Config, you can do the following:
* Evaluate your AWS resource configurations for desired settings.
* Get a snapshot of the current configurations of the supported resources that are associated with your AWS
account.
* Retrieve configurations of one or more resources that exist in your account.
* Retrieve historical configurations of one or more resources.
* Receive a notification whenever a resource is created, modified, or deleted.
* View relationships between resources. For example, you might want to find all resources that use a particular
security group. For more information on AWS Config, please visit the below URL:
* http://docs.aws.amazon.com/config/latest/developerguide/WhatlsConfig.
html

 

質問 132
A user has attached an EBS volume to a running Linux instance as a "/dev/sdf" device. The user is unable to see the attached device when he runs the command "df -h".
What is the possible reason for this?

• A. The volume is not formatted
• B. The volume is not mounted
• C. The volume is not attached as a root device
• D. The volume is not in the same AZ of the instance

正解: B

解説:
When a user creates an EBS volume and attaches it as a device, it is required to mount the device. If the device/volume is not mounted it will not be available in the listing.

 

質問 133
Which major database needs a BYO license?

• A. MySQL
• B. Oracle
• C. MariaDB
• D. PostgreSQL

正解: B

解説:
Oracle is not open source, and requires a bring your own license model.
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Oracle.html

 

質問 134
A government agency is storing highly confidential files in an encrypted Amazon S3 bucket. The agency has configured federated access and has allowed only a particular on-premises Active Directory user group to access this bucket. The agency wants to maintain audit records and automatically detect and revert any accidental changes administrators make to the IAM policies used for providing this restricted federated access. Which of the following options provide the FASTEST way to meet these requirements?

• A. Configure an Amazon CloudWatch Events Event Bus on an AWS CloudTrail API for triggering the AWS Lambda function that detects and reverts the change.
• B. Restrict administrators in the on-premises Active Directory from changing the IAM policies
• C. Schedule an AWS Lambda function that will scan the IAM policy attached to the federated access role for detecting and reverting any changes.
• D. Configure an AWS Config rule to detect the configuration change and execute an AWS Lambda function to revert the change.

正解: D

解説:
https://www.puresec.io/blog/aws-security-best-practices-config-rules-lambda-security
"Cloudwatch Event Bus" are used for -> "Sending and Receiving Events Between AWS Accounts" https://aws.amazon.com/about-aws/whats-new/2017/06/cloudwatch-events-adds-cross-account-event-delivery-support/
https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config-rules.html

 

質問 135
For auditing, analytics, and troubleshooting purposes, a DevOps Engineer for a data analytics application needs to collect all of the application and Linux system logs from the Amazon EC2 instances before termination. The company, on average, runs 10,000 instances in an Auto Scaling group. The company requires the ability to quickly find logs based on instance IDs and date ranges.
Which is the MOST cost-effective solution?

• A. Create an EC2 Instance-terminate Lifecycle Action on the group, create an Amazon CloudWatch Events rule based on it to trigger an AWS Lambda function for storing the logs in Amazon S3, and create a catalog of log files in an Amazon DynamoDB table with the primary key being Instance ID and sort key being Instance Termination Date.
• B. Create an EC2 Instance-terminate Lifecycle Action on the group, write a termination script for pushing logs into Amazon S3, and trigger an AWS Lambda function based on S3 PUT to create a catalog of log files in an Amazon DynamoDB table with the primary key being Instance ID and sort key being Instance Termination Date.
• C. Create an EC2 Instance-terminate Lifecycle Action on the group, push the logs into Amazon Kinesis Data Firehouse, and select Amazon ES as the destination for providing storage and search capability.
• D. Create an EC2 Instance-terminate Lifecycle Action on the group, write a termination script for pushing logs into Amazon CloudWatch Logs, create a CloudWatch Events rule to trigger an AWS Lambda function to create a catalog of log files in an Amazon DynamoDB table with the primary key being Instance ID and sort key being Instance Termination Date.

正解: A

解説:
Because using Amazon CloudWatch Events rule is better than writing a script.

 

質問 136
You have been tasked with deploying a solution for your company that will store images, which the marketing department will use for its campaigns.
Employees are able to upload images via a web interface, and once uploaded, each image must be resized and watermarked with the company logo.
Image resize and watermark is not time-sensitive and can be completed days after upload if required.
How should you design this solution in the most highly available and cost-effective way?

• A. Configure your web application to upload images to Amazon S3, and send the S3 object URI to an Amazon SQS queue.
  Create an Auto Scaling launch configuration that uses Spot instances, specifying a price you are willing to pay.
  Configure the instances in this Auto Scaling group to poll the Amazon SQS queue for new images and then resize and watermark the image before uploading the new images into Amazon S3 and deleting the message from the Amazon SQS queue.
• B. Configure your web application to upload images to the local storage of the web server.
  Create a cronjob to execute a script daily that scans this directory for new files and then uses the Amazon EC2 Service API to launch 10 new Amazon EC2 instances, which will resize and watermark the images daily.
• C. Configure your web application to upload images to the Amazon Elastic Transcoder service.
  Use the Amazon Elastic Transcoder watermark feature to add the company logo as a watermark on your images and then to upload the final images into an Amazon S3 bucket.
• D. Configure your web application to upload images to Amazon S3, and send the Amazon S3 bucket URI to an Amazon SQS queue.
  Create an Auto Scaling group and configure it to use Spot instances, specifying a price you are willing to pay.
  Configure the instances in this Auto Scaling group to poll the SQS queue for new images and then resize and watermark the image before uploading the final images into Amazon S3.

正解: A

 

質問 137
A company uses AWS Storage Gateway in file gateway mode in front of an Amazon S3 bucket that is used by multiple resources. In the morning when business begins, users do not see the objects processed by a third party the previous evening. When a DevOps engineer looks directly at the S3 bucket, the data is there, but it is missing in Storage Gateway.
Which solution ensures that all the updated third-party files are available in the morning?

• A. Use S3 same-Region replication to replicate any changes made directly in the S3 bucket to Storage Gateway.
• B. Modify Storage Gateway to run in volume gateway mode.
• C. Instruct the third party to put data into the S3 bucket using AWS Transfer for SFTP.
• D. Configure a nightly Amazon EventBridge (Amazon CloudWatch Events) event to trigger an AWS Lambda function to run the RefreshCache command for Storage Gateway.

正解: D

 

質問 138
......

100% 無料DOP-C01デモ-試し読み [PDF]、今すぐゲットせよ：https://drive.google.com/open?id=1_aA39vfrntNlyyAH6u0OFw5UFlNpj8UB

正確でかつ完璧 アンサーはまるでリアル試験問題：https://www.goshiken.com/Amazon/DOP-C01-mondaishu.html