This blog will cover AWS Certified DevOps Professional Exam Questions that give you a first-hand idea of the type of DOP-C01 exam questions that may appear in the final certification exam.
Building off the earlier brief description, here is how Amazon defines DevOps: “DevOps is the combination of cultural philosophies, practices, and tools that increases an organization’s ability to deliver applications and services at high velocity: evolving and improving products at a faster pace than organizations using traditional software development and infrastructure management processes.”
AWS Certified DevOps Professional training implements the DevOps philosophy using a Cloud platform with dedicated tools and services. AWS provides services designed to enable companies to more rapidly and reliably build and deliver products using AWS and DevOps practices. These services simplify Provisioning and Managing Infrastructure, Deploying Application Code, Automating Software release Processes, and Monitoring your Application and Infrastructure Performance.”
Suppose you are preparing for AWS Certified DevOps Professional Certification [DOP-C01] Exam. Then check your readiness by attending to these DOP-C01 Exam Questions.
Let’s Discuss the domain of the question wise:
AWS Certified DevOps Professional DOP-C01 Exam Questions
Domain 1: SDLC Automation
Q1. Your application is currently running on Amazon EC2 instances behind a load balancer. Your management has decided to use a Blue/Green deployment strategy. How should you implement this for each deployment?
A. Set up Amazon Route 53 health checks to fail over from any Amazon EC2 instance currently being deployed.
B. Using AWS CloudFormation, create a test stack for validating the code and then deploy the code to each production Amazon EC2 instance.
C. Create a new load balancer with new Amazon EC2 instances, carry out the deployment, and then switch DNS over to the new load balancer using Amazon Route 53 after testing.
D. Launch more Amazon EC2 Instances to ensure high availability, do-register each Amazon EC2 instance from the load balancer, upgrade it, test it, and then register it again with the load balancer.
Answer: C
Explanation:
The below diagram shows how this can be done.
1) First, create a new ELB which will be used to point to the new production changes.
2) Use the Weighted Route policy for Route53 to distribute the traffic to the 2 ELB’s based on an 80-20% traffic scenario.
This is the normal case; the % can be changed based on the requirement.
3) Finally, when all changes have been tested, Route53 can be set to 100% for the new ELB.
• Option A is incorrect because this is a failover scenario and cannot be used for Blue-green deployments. In Blue-Green deployments, you need to have 2 environments running side by side.
• Option B is incorrect because you need to have a production stack with the changes which will run side by side.
• Option D is incorrect because this is not a blue-green deployment scenario. You cannot control which users will go to the new EC2 instances.
Q2. A software engineer has created a git repository from the AWS console in the AWS ap-south-1 region. The git repo name is called ‘MyDemoRopo. Ho is using an Ubuntu Linux machine to continue developing the software. He already has an IAM user configured in AWS. Which of the following options are required so that he can clone the repository properly using the HTTPS connection? (Select TWO.)
A. In the local Ubuntu machine, create a public/private RSA key pair with ssh-keygen and save the private key in the ~/ssh folder.
B. Attach the IAM policy AWSCodeCommitPowerUsor to the IAM user through the AWS IAM console.
C. Generate a username/password locally and upload the password in the AWS IAM console by selecting the IAM user and choosing “Upload HTTPS password”.
D. Attach the IAM policy AWSCodeCommitFullAccess to the IAM user through the AWS IAM console.
E. In the IAM console, generate HTTPS Git credentials for AWS CodoCommit and download credentials to a .CSV file.
Answer: B, E
Explanation:
Option A is incorrect because, for HTTPS connections, there is no need to generate RSA key pairs as they are used for SSH connections.
Option B is CORRECT because AWSCodeCommitPowerUser policy is required to provide the necessary permissions for an IAM user to clone the Git repository from CodeCommit.
Option C is incorrect because this is not how credentials are created for CodeCommit. You need to generate the credentials through Codecommit for the IAM user instead of creating them locally.
Option D is incorrect because compared with Option B, AWSCodeCommitFullAccess provides unnecessary permissions, which does not meet the least privilege principle.
Option E is CORRECT because you need to generate HTTPS Git credentials through CodeCommit and use them to establish the connections with CodeCommit repositories.
Domain 2: Configuration Management and Infrastructure As Code
Q1. You are responsible for your company’s large multi-tiered Windows-based web application running on Amazon EC2 instances situated behind a load balancer. While reviewing metrics, you’ve started noticing an upwards trend for slow customer page load time. Your manager has asked you to come up with a solution to ensure that customer load time is not affected by too many requests per second. Which technique would you use to solve this issue?
A. Re-deploy your infrastructure using an AWS CloudFormation template. Configure Elastic Load Balancing health checks to initiate a new AWS CloudFormation stack when health checks return failed.
B. Re-deploy your infrastructure using an AWS CloudFormation template, Spin up a second AWS CloudFormation stack. Configure Elastic Load Balancing SpillOver functionality to spill over any slow connections to the second AWS CloudFormation stack.
C. Re-deploy your infrastructure with CloudFormation. Setup Autoscaling group policies to scale based on the number of requests per second as well as customer current load time
D. Re-deploy your application using an Auto Scaling template. Configure the Auto Scaling template to spin up a new Elastic Beanstalk application when the customer load time surpasses your threshold.
Answer: C
Explanation:
Auto Scaling helps you ensure that you have the correct number of Amazon EC2 instances available to handle the load for your application. You create collections of EC2 instances, called Auto Scaling groups. You can specify the minimum number of instances in each Auto Scaling group, and Auto Scaling ensures that your group never goes below this size. You can specify the maximum number of instances in each Auto Scaling group, and Auto Scaling ensures that your group never goes above this size. If you specify the desired capacity, either when you create the group or at any time thereafter, Auto Scaling ensures that your group has this many instances. If you specify scaling policies, then Auto Scaling can launch or terminate instances as demand on your application increases or decreases.
• Option A and B are invalid because Autoscaling is required to solve the issue to ensure the application can handle high traffic loads.
• Option D is invalid because there is no Autoscaling template.
Q2. The project you are working on currently uses a single AWS CloudFormation template to deploy its AWS infrastructure, which supports a multi-tier web application. You have been tasked with organizing the AWS CloudFormation resources so that they can be maintained in the future, and so that different departments such as Networking and Security can review the architecture before it goes to Production. How should you do this in a way that accommodates each department, using their existing workflows?
A. Organize the AWS CloudFormation template so that related resources are next to each other in the template, such as VPC subnets and routing rules for Networking and security groups and IAM information for Security.
B. Separate the AWS CloudFormation template into a nested structure that has individual templates B. for the resources that are to be governed by different departments, and use the outputs from the networking and security stacks for the application template that you control.
C. Organize the AWS CloudFormation template so that related resources are next to each other in the template for each department’s use, leverage your existing continuous integration tool to constantly deploy changes from all parties to the Production environment, and then run tests for validation.
D. Use a custom application and the AWS SDK to replicate the resources defined in the current AWS CloudFormation template, and use the existing code review system to allow other departments to approve changes before altering the application for future deployments.
Answer: B
Explanation:
As your infrastructure grows, common patterns can emerge in which you declare the same components in each of your templates. You can separate out these common components and create dedicated templates for them. That way, you can mix and match different templates but use nested stacks to create a single, unified stack. Nested stacks are stacks that create other stacks. To create nested stacks, use the AWS::CloudFormation::Stackresource in your template to reference other templates.
Domain 3: Monitoring and Logging In AWS
Q1. You currently run your infrastructure on Amazon EC2 instances behind an Auto Scaling group. All logs for your application are currently written to ephemeral storage. Recently your company experienced a major bug in the code that made it through testing and was ultimately deployed to your fleet. This bug triggered your Auto Scaling group to scale up and back down before you could successfully retrieve the logs off your server to better assist you in troubleshooting the bug. Which technique should you use to make sure you are able to review your logs?
A. Configure the ephemeral policies on your Auto Scaling group to back upon termination.
B. Configure your Auto Scaling policies to create a snapshot of all ephemeral storage on terminate.
C. Install the CloudWatch Logs Agent on your AMI, and configure CloudWatch Logs Agent to stream your logs.
D. Install the CloudWatch monitoring agent on your AMI, and set up a new SNS alert for CloudWatch metrics that triggers the CloudWatch monitoring agent to backup all logs on the ephemeral drive.
Answer: C
Explanation:
You can use CloudWatch Logs to monitor applications and systems using log data. For example, CloudWatch Logs can track the number of errors that occur in your application logs and send you a notification whenever the rate of errors exceeds a threshold you specify. CloudWatch Logs uses your log data for monitoring; so, no code changes are required.
• Option A and B are invalid because Autoscaling policies are not designed for these purposes.
• Option D is invalid because you use Cloudwatch Logs Agent and not the monitoring agent.
Q2. After reviewing the last quarter’s monthly bills, management has noticed an increase in the overall bill from AWS. After researching this increase in cost, you discovered that some new services and users are doing a lot of GET Bucket API calls to Amazon S3. Your boss has asked you to come up with a new cost-effective way to help reduce the amount of these new GET Bucket API calls. What process should you use to help mitigate the cost?
A. Enable versioning on S3 and delete previous versions of objects that you do not need.
B. Create a lifecycle policy to migrate the S3 objects to Glacier.
C. Prevent unauthorized access or limit public access to your bucket using bucket policies.
D. Upload all files to an ElastiCache file cache server, update your new services to now read all the files from the ElastiCache file cache server, and configure the ElastiCache policies to push all files to Amazon S3 for long-term storage.
Answer – C
Explanation:
Option A is INCORRECT because this does not reduce the number of GET Bucket API calls to Amazon S3.
Option B is INCORRECT because this method may impact the service if the S3 objects are moved to Glacier.
Option C is CORRECT because bucket policies can limit unauthorized access to reduce the number of API calls to S3.
Option D is INCORRECT because uploading all files to Elastic Cache is not an ideal solution.
Domain 4: Policies And Automation In AWS
Q1. Your mobile application includes a photo-sharing service that is expecting tens of thousands of users at launch, You will leverage Amazon Simple Storage Service ($3) for storage of the user Images, and you must decide how to authenticate and authorize your users for access to these images. You need to follow security best practices as well as minimize the maintenance overhead when managing the storage of these images. Which two of the following approaches should you use? Choose two answers from the options below
A. Create an Amazon S3 bucket per user, and use your application to generate the S3 URI for the appropriate content.
B. Use AWS Identity and Access Management (IAM) user accounts as your application-level user database, and offload the burden of authentication from your application code.
C. Authenticate your users at the application level, and use AWS Security Token Service (STS) to grant token-based authorization to S3 objects.
D. Authenticate your users at the application level, send an SMS token message to the user, Greate an Amazon S3 bucket with the same name as the SMS message token, and move the user’s objects to that bucket.
E. Use a key-based naming scheme comprised of the user IDs for all user objects in a single Amazon S3 bucket. Use IAM policies and bucket policies to control permissions. Each user should only have access to their own folder.
Answer – C & E
Explanation:
The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users). The token can then be used to grant access to the objects in S3.
You can then provide access to the objects based on the key values generated via the user id.
• Option A is possible but then becomes a maintenance overhead because of the number of buckets.
• Option B is invalid because IAM users is not a good security practice.
• Option D is invalid because SMS tokens are not efficient for this requirement.
Q2. You have a set of EC2 instances hosted in AWS. You have created a policy and attached it to a role named “DemoRole created through the CLI, but you are unable to use that role with an instance. Why is this the case?
A. You need to create an instance profile and associate it with that specific role.
B. You are not able to associate an IAM role with an instance.
C. You won’t be able to use that role with an instance unless you also create a user and associate it with that specific role.
D. You won’t be able to use that role with an instance unless you also create a user group and associate it with that specific role.
Answer – A
Explanation:
An instance profile is a container for an IAM role that you can use to pass role information to an EC2 instance when the instance starts.
- Option B is invalid because you can associate a role with an instance.
- Options C and D are invalid because using users or user groups is not a pre-requisite.
Domain 5: Incident And Event Response
Q1. You have an Auto Scaling with an Elastic Load Balancer. You decide to suspend the Auto Scaling AddToLoadBalancer for a short period of time. What will happen to the instances launched during the suspension period?
A. The instances will be registered with ELB once the process has resumed.
B. AutoScaling will not launch the instances during this period because of the suspension.
C. The instances will not be registered with ELB. You must manually register when the process is resumed.
D. It is not possible to suspend the AddToLoadBalancer process.
Answer – C
Explanation:
If you suspend AddToLoadBalancer, Auto Scaling launches the instances but does not add them to the load balancer or target group. If you resume the AddToLoadBalancer process, Auto Scaling resumes adding instances to the load balancer or target group when they are launched. However, Auto Scaling does not add the instances that were launched while this process was suspended. You must register those instances manually.
Q2. You have enabled Elastic Load Balancing HTTP health checking. After looking at the AWS Management Console, you see that all instances are passing health checks, but your customers are reporting that your site is not responding. What is the cause?
A. The HTTP health checking system is misreporting due to latency in inter-instance metadata synchronization.
B. The health check in place is not sufficiently evaluating the application function.
C. The application is returning a positive health check too quickly for the AWS Management Console to respond.
D. Latency in DNS resolution is interfering with Amazon EC2 metadata retrieval.
Answer – B
Explanation:
You need to have a custom health check which will evaluate the application functionality. It’s not enough to use the normal health chocks. If the application functionality does not work and doesn’t have custom health checks, the Instances will still be healthy.
If you have custom health checks, you can send the information from your health checks to Auto Scaling so that Auto Scaling can use this information. For example, if you determine that an instance is not functioning as expected, you can set the health status of the instance to Unhealthy. The next time when Auto Scaling performs a health check on the instance, it will determine that the instance is unhealthy and then launch a replacement instance.
Domain 6: High Availability, Fault Tolerance And Disaster Recovery
Q1. You currently have the following setup in AWS
1) An Elastic Load Balancer
2) Auto Scaling Group
3) AMIS with the application code
You want to deploy the application with a Blue-Green method so that you can roll back quickly. Besides, you should be able to control the portion of traffic for both Blue and Groan. Which of the below solutions is the most suitable one?
A. Create a second ELB, and a new Auto Scaling Group assigned a new launch Configuration with tho A now AMI. Use the Routo53 Weighted Routing policy to adjust the proportion of traffic hitting the two ELB.
B. Create new AMIS with the new app. Then use the new EC2 instances in half proportion to the older instances.
C. Radoploy with AWS Elastic Beanstalk and Elastic Beanstalk versions Usa Route 53 Weighted Round Robin Records to adjust the proportion of traffic hitting the two ELBS.
D. Create a full second stack of instances, cut the DNS over to the new stack of instances, and change the DNS back if a rollback is needed.
Answer – A
Explanation:
The Weighted Routing policy of Route53 can be used to direct a proportion of traffic to your application. The best option to create a second ELB, attach the now Autoscaling Group and then use Route53 to divert the traffic.
Option B is wrong because it does not mention how to divide the instances. If it is the same Auto Scaling group, it will be difficult to revert the configurations back.
Option C is wrong because Elastic beanstalk is good for development environments. Also, there is no mention of having 2 environments whore environment URLs can be swapped.
Option D is wrong because you cannot control the weight for either the Blue or Green stack with this method.
Q2. During metric analysis, your team has determined that the company’s website during peak hours is experiencing response times higher than anticipated. You currently rely on Auto Scaling to make sure that you are scaling your environment during peak windows. How can you improve your Auto Scaling policy to reduce this high response time?
Choose 2 answers.
A. Push metrics to CloudWatch to monitor your CPU and network bandwidth from your servers, which will allow your Auto Scaling policy to have better fine-grain insight.
B. Increase your Auto Scaling group’s number of max servers.
C. Create a script that runs and monitors your servers; when it detects an anomaly in load, it posts to an Amazon SNS topic that triggers Elastic Load Balancing to add more servers to the load balancer.
D. Push custom metrics to CloudWatch for your application that include more detailed information about your D. web application, such as how many requests it is handling and how many requests are waiting to be processed. Set up scaling policies using the metrics.
Answer – B & D
Explanation:
Option A is not necessary as it is handled by CloudWatch by default.
Option B makes sense because maybe the maximum number of servers is low. Hence the application cannot handle the peak load.
Option C is incorrect because you cannot add servers to an ELB.
Option D helps in ensuring Autoscaling can scale the group on the right metrics.
Download the Complete DOP-C01 Exam Questions
When you have tested your knowledge by answering these AWS Certified DevOps Professional exam questions, I hope you have a clear stand in terms of your AWS Certified DevOps Professional Certification (DOP-C01) exam preparation.
Note: K21Academy also offers a complete DOP-C01 Exam Questions Prep Guide where learners get to practice questions to test their AWS Certified DevOps Professional Certification (DOP-C01) exam preparation before the actual exam.
To download the complete AWS Certified DevOps Professional Exam Questions guide click here.
If you feel you are lagging somewhere and you need to buckle up your preparation process, then you can enrol for the K21 Academy AWS Certified DevOps Professional Certification certification training course to clear the final exam successfully.
Related References
- AWS Certificate Manager: Overview, Features and How it Works?
- AWS Database Services – Amazon RDS, Aurora, DynamoDB, ElastiCache
- Multi-Account Management Using AWS Organizations
- Amazon Kinesis Overview, Features And Benefits
- AWS Route 53 Introduction
- Amazon Elastic LoadBalancer
- Amazon RDS
- Create And Connect To Amazon AWS Windows EC2 Instance
Next Task For You
In our AWS Certified DevOps Engineer Professional training program, we will cover each and every topic of AWS DevOps in detail, where we provide 30 Hands-On Labs. If you want to begin your journey towards becoming an AWS Certified Solution Architect Associate by checking our FREE CLASS
The post AWS Certified DevOps Professional [DOP-C01] Exam Questions appeared first on Cloud Training Program.