AWS DOP-C02 Practice Exam — Simulado AWS Certified DevOps Engineer Professional
Prepare-se para a certificação AWS Certified DevOps Engineer Professional DOP-C02 com simulados práticos, questões estilo prova e explicações detalhadas para acelerar sua aprovação.
Pagamento seguro Acesso imediato PC, tablet e celular Foco em certificações de TI
Questões 11–15 de 15 (com resposta)
Clique em "Ver resposta" para revelar o gabarito e a explicação, e participe da discussão da comunidade em cada questão.
Quer praticar como na prova? Use o teste gratuito (15 questões após cadastro rápido).
Questão 11 AWS DOP-C02 Practice Exam — Simulado AWS Certified DevOps Engineer Professional
Gratuita
A company is adopting AWS CodeDeploy to automate its application deployments for a Java-Apache Tomcat application with an Apache Webserver. The development team started with a proof of concept, created a deployment group for a developer environment, and performed functional tests within the application. After completion, the team will create additional deployment groups for staging and production. The current log level is configured within the Apache settings, but the team wants to change this configuration dynamically when the deployment occurs, so that they can set different log level configurations depending on the deployment group without having a different application revision for each group. How can these requirements be met with the LEAST management overhead and without requiring different script versions for each deployment group?
ATag the Amazon EC2 instances depending on the deployment group. Then place a script into the application revision that calls the metadata service and the EC2 API to identify which deployment group the instance is part of. Use this information to configure the log level settings. Reference the script as part of the AfterInstall lifecycle hook in the appspec.yml file.
BCreate a script that uses the CodeDeploy environment variable DEPLOYMENT_GROUP_ NAME to identify which deployment group the instance is part of. Use this information to configure the log level settings. Reference this script as part of the BeforeInstall lifecycle hook in the appspec.yml file.Correta
CCreate a CodeDeploy custom environment variable for each environment. Then place a script into the application revision that checks this environment variable to identify which deployment group the instance is part of. Use this information to configure the log level settings. Reference this script as part of the ValidateService lifecycle hook in the appspec.yml file.
DCreate a script that uses the CodeDeploy environment variable DEPLOYMENT_GROUP_ID to identify which deployment group the instance is part of to configure the log level settings. Reference this script as part of the Install lifecycle hook in the appspec.yml file.
Resposta correta:B
Explicação
Explanation: The following are the steps that the company can take to change the log level dynamically when the deployment occurs: Create a script that uses the CodeDeploy environment variable DEPLOYMENT_GROUP_NAME to identify which deployment group the instance is part of. Use this information to configure the log level settings. Reference this script as part of the BeforeInstall lifecycle hook in the appspec.yml file. The DEPLOYMENT_GROUP_NAME environment variable is automatically set by CodeDeploy when the deployment is triggered. This means that the script does not need to call the metadata service or the EC2 API to identify the deployment group. This solution is the least complex and requires the least management overhead. It also does not require different script versions for each deployment group. The following are the reasons why the other options are not correct: Option A is incorrect because it would require tagging the Amazon EC2 instances, which would be a manual and time-consuming process. Option C is incorrect because it would require creating a custom environment variable for each environment. This would be a complex and error-prone process. Option D is incorrect because it would use the DEPLOYMENT_GROUP_ID environment variable. However, this variable is not automatically set by CodeDeploy, so the script would need to call the metadata service or the EC2 API to get the deployment group ID. This would add complexity and overhead to the solution.
Questão 12 AWS DOP-C02 Practice Exam — Simulado AWS Certified DevOps Engineer Professional
Gratuita
A company manages an application that stores logs in Amazon CloudWatch Logs. The company wants to archive the logs to an Amazon S3 bucket Logs are rarely accessed after 90 days and must be retained tor 10 years. Which combination of steps should a DevOps engineer take to meet these requirements? (Select TWO.)
AConfigure a CloudWatch Logs subscription filter to use AWS Glue to transfer all logs to an S3 bucket.
BConfigure a CloudWatch Logs subscription filter to use Amazon Kinesis Data Firehose to stream all logs to an S3 bucket.Correta
CConfigure a CloudWatch Logs subscription fitter to stream all logs to an S3 bucket.
DConfigure the S3 bucket lifecycle policy to transition logs to S3 Glacier after 90 days and to expire logs after 3.650 days.Correta
EConfigure the S3 bucket lifecycle policy to transition logs to Reduced Redundancy after 90 days and to expire logs after 3.650 days.
Questão 13 AWS DOP-C02 Practice Exam — Simulado AWS Certified DevOps Engineer Professional
Gratuita
A company has microservices running in AWS Lambda that read data from Amazon DynamoDB. The Lambda code is manually deployed by developers after successful testing The company now needs the tests and deployments be automated and run in the cloud Additionally, traffic to the new versions of each microservice should be incrementally shifted over time after deployment. What solution meets all the requirements, ensuring the MOST developer velocity?
ACreate an AWS CodePipelme configuration and set up a post-commit hook to trigger the pipeline after tests have passed Use AWS CodeDeploy and create a Canary deployment configuration that specifies the percentage of traffic and interval
BCreate an AWS CodeBuild configuration that triggers when the test code is pushed Use AWS CloudFormation to trigger an AWS CodePipelme configuration that deploys the new Lambda versions and specifies the traffic shift percentage and interval
CCreate an AWS CodePipelme configuration and set up the source code step to trigger when code is pushed. Set up the build step to use AWS CodeBuild to run the tests Set up an AWS CodeDeploy configuration to dep the CodeDeployDefault.LambdaLinearlDPercentEvery3Minut.es Option.Correta
DUse the AWS CLI to set up a post-commit hook that uploads the code to an Amazon S3 bucket after tests have passed. Set up an S3 event trigger that runs a Lambda function that deploys the new version. Use an interval in the Lambda function to deploy the code over time at the required percentage
Questão 14 AWS DOP-C02 Practice Exam — Simulado AWS Certified DevOps Engineer Professional
Gratuita
A company has proprietary data available by using an Amazon CloudFront distribution. The company needs to ensure that the distribution is accessible by only users from the corporate office that have a known set of IP address ranges. An AWS WAF web ACL is associated with the distribution and has a default action set to Count. Which solution will meet these requirements with the LEAST operational overhead?
ACreate a new regex pattern set. Add the regex pattern set to a new rule group. Create a new web ACL that has a default action set to Block. Associate the web ACL with the CloudFront distribution. Add a rule that allows traffic based on the new rule group.
BCreate an AWS WAF IP address set that matches the corporate office IP address range. Create a new web ACL that has a default action set to Allow. Associate the web ACL with the CloudFront distribution. Add a rule that allows traffic from the IP address set.
CCreate a new regex pattern set. Add the regex pattern set to a new rule group. Set the default action on the existing web ACL to Allow. Add a rule that has priority 0 that allows traffic based on the regex pattern set.
DCreate a WAF IP address set that matches the corporate office IP address range. Set the default action on the existing web ACL to Block. Add a rule that has priority 0 that allows traffic from the IP address set.Correta
Resposta correta:D
Explicação
Explanation: To restrict access to CloudFront to a specific IP address range: Create an AWS WAF IP address set with the corporate office IPs. Modify the existing WebACL's default action to Block (deny all except explicitly allowed). Add a high-priority rule that allows traffic from the IP address set (the corporate IPs). This way, only requests from the corporate IPs are allowed; all others are blocked. Regex pattern sets are not necessary for IP-based restrictions and add complexity. Setting default action to Allow with exceptions is less secure and more complex to manage. References: AWS WAF IP Set Examples Restricting Access by IP Address
Questão 15 AWS DOP-C02 Practice Exam — Simulado AWS Certified DevOps Engineer Professional
Gratuita
A DevOps engineer must implement a solution that immediately terminates Amazon EC2 instances in Auto Scaling groups when cryptocurrency mining activity is detected. Which solution will meet these requirements with the LEAST development effort?
AConfigure Amazon Route 53 to send query logs directly to Amazon CloudWatch Logs. Create an AWS Lambda functio 5 minutes and checks the query logs for domains related to cryptocurrency activity. If the domains are found, terminat EC2 instances.
BConfigure VPC Flow Logs to send flow logs to an Amazon S3 bucket. Create an AWS Lambda function that runs every 5 minutes and invokes an Amazon Athena query to find IP addresses associated with cryptocurrency activity. If the IP addresses are found, terminate the identified EC2 instances.
CEnable Amazon GuardDuty. Monitor EC2 findings. Create an Amazon EventBridge rule with GuardDuty as the event source. Create an AWS Lambda function that is triggered by the EventBridge rule. Configure the Lambda function to parse the event and terminate the identified EC2 instances.Correta
DEnable AWS Security Hub. Monitor EC2 findings. Create an Amazon EventBridge rule with Security Hub as the event source. Create an AWS Lambda function that is triggered by the EventBridge rule. Configure the Lambda function to parse the event and terminate the identified EC2 instances.
Resposta correta:C
Explicação
Explanation: The requirement is to immediately detect and terminate EC2 instances involved in cryptocurrency mining with the least development effort. Amazon GuardDuty is the AWS-native service specifically designed to detect malicious activities such as crypto-mining by continuously analyzing CloudTrail events, VPC Flow Logs, and DNS logs. GuardDuty includes managed threat intelligence and predefined findings like CryptoCurrency:EC2/BitcoinTool.B!DNS and CryptoCurrency:EC2/BitcoinTool.B!IP, which directly identify mining behavior without custom detection logic. Option C leverages this built-in capability. Once GuardDuty is enabled, findings are automatically generated when mining activity is detected. These findings are sent to Amazon EventBridge in near real time. An EventBridge rule can filter for cryptocurrency-related findings and trigger an AWS Lambda function. The Lambda function can then identify the affected EC2 instance and terminate it or adjust the Auto Scaling group to replace it. This approach requires minimal custom code and no log parsing, scheduled jobs, or analytics pipelines. Options A and B rely on custom log analysis, periodic execution, and maintaining lists of mining domains or IPs, which significantly increases complexity and response time. Option D uses AWS Security Hub, which aggregates findings from GuardDuty and other services but is not intended for immediate, low-latency remediation. Therefore, Option C provides the fastest detection, immediate response, and lowest development overhead using AWS-managed threat detection services.
Pronto para a prática real?
Teste 15 questões no player com interface de prova — cronômetro, navegação e revisão. Depois garanta acesso a todas as 449 questões.