← Back to exam page

AWS-DevOps-Engineer-Professional-DOP-C01 AWS DevOps Engineer Professional (DOP-C01)

Loading demo links...

Showing 1–3 of 20 questions

Question 1

An application is running on Amazon EC2. It has an attached IAM role that is receiving an AccessDenied error while trying to access a SecureString parameter resource in the AWS Systems Manager Parameter Store. The SecureString parameter is encrypted with a customer-managed Customer Master Key (CMK), What steps should the DevOps Engineer take to grant access to the role while granting least privilege? (Choose three.)

Select all that apply, then click Submit answer.

  • Set ssm:GetParamter for the parameter resource in the instance role’s IAM policy.

  • Set kms:Decrypt for the instance role in the customer-managed CMK policy.

  • Set kms:Decrypt for the customer-managed CMK resource in the role’s IAM policy.

  • Set ssm:DecryptParameter for the parameter resource in the instance role IAM policy.

  • Set kms:GenerateDataKey for the user on the AWS managed SSM KMS key.

  • Set kms:Decrypt for the parameter resource in the customer-managed CMK policy.
Question 2

A DevOps team wants to be able to work on the same source code repository. The team has the following requirements for their development workflow and repository access controls:

Only team members can clone the repository and create new branches.

A production-ready code state should be isolated from any untested code changes.

Code changes should be approved by another team member before merging to the production-ready master branch. All code change approvals must have an audit record. New team members can quickly modify code.

Which combination of actions will these requirements? (Choose three.)

Select all that apply, then click Submit answer.

  • Check out the master branch and develop new features locally on a feature branch to keep the production-ready code isolated. Ask team members to review the changes before committing the changes locally.

  • Create an AWS CodeCommit repository and an IAM group with permissions to read/write changes to the repository. Add new team members to this group.

  • Create an AWS CodeCommit repository and an IAM role with permissions to read/write changes to the repository. Attach this IAM role to a single IAM user. Ensure each member of the team uses this IAM user. Provide new team members the credentials to this IAM user.

  • Create a local feature branch from the master branch for new features. Commit the new code and push the changes to the feature branch in the repository.

  • Create a pull request so other team members can review the code changes. Implement any suggestions, pull any additional changes from the master branch, and push to the feature branch again. Merge the master branch with the feature branch.

  • Create a pull request so other team members can review the code changes. Implement any suggestions, pull any additional changes from the master branch, resolve any conflicts, and push to the feature branch again. Merge the feature branch with the master branch.
Question 3

Currently, your deployment process consists of setting your load balancer to point to a maintenance page, turning off ea web application servers, deploying your code, turning the web application servers back on, and removing the maintenance page. Working with your development team, you've agreed that performing rolling deployments of your software would provide a better user experience and a more agile deployment process.

Which techniques could you use to provide a cost-effective rolling deployment process? (Choose two.)

Select all that apply, then click Submit answer.

  • Use the Amazon Elastic Cloud Compute (EC2) API to write a service to return a list of servers based on the tags for the application that needs deployment, and use Amazon Simple Queue Service to queue up all servers for a rolling deployment.

  • Re-deploy your application on AWS Elastic Beanstalk, and use Elastic Beanstalk rolling deployments.

  • Re-deploy your application on an AWS OpsWorks stack, and take advantage of OpsWorks rolling deployments.

  • Re-deploy your application using an AWS CloudFormation template, launch a new CloudFormation stack during each deployment, and then tear down the old stack.

  • Re-deploy your application using an AWS CloudFormation template with Auto Scaling group, and use update policies to provide rolling updates.

  • Using Amazon Simple Workflow Service, create a workflow application that talks to the Amazon EC2 API to deploy your new code in a rolling fashion.