AWS DOP-02_在线真题试卷与模拟练习_AWS DOP-02_考试宝

更新时间：试题数量：购买人数：提供作者：

有效期：个月

章节介绍：共有个章节

收藏

我的练习

我的错题
(0道)

我的收藏
(0道)

我的斩题
(0道)

我的笔记
(0道)

专项练习

顺序练习 0 / 0

随机练习 自定义设置练习量

题型乱序 按导入顺序练习

模拟考试 仿真模拟

题型练习 按题型分类练习

易错题 精选高频易错题

学习资料 考试学习相关信息

搜索

题库预览

A company has a mobile application that makes HTTP API calls to an Application Load Balancer (ALB). The ALB routes requests to an AWS Lambda function. Many different versions of the application are in use at any given time, including versions that are in testing by a subset of users. The version of the application is defined in the user-agent header that is sent with all requests to the API. After a series of recent changes to the API, the company has observed issues with the application. The company needs to gather a metric for each API operation by response code for each version of the application that is in use. A DevOps engineer has modified the Lambda function to extract the API operation name, version information from the user-agent header and response code. Which additional set of actions should the DevOps engineer take to gather the required metrics? 一家公司有一个移动应用程序，该应用程序通过 HTTP API 调用连接到一个 Application Load Balancer (ALB)。ALB 将请求路由到一个 AWS Lambda 函数。在任何时候，应用程序都有许多不同的版本在使用，包括由部分用户进行测试的版本。应用程序的版本通过发送到 API 的 user-agent header 中定义。在最近对 API 进行一系列更改后，公司发现应用程序出现问题。公司需要为每个正在使用的应用程序版本的每个 API 操作按响应代码收集指标。一个 DevOps 工程师已修改 Lambda 函数以提取 API 操作名称、user-agent header 中的版本信息和响应代码。 DevOps 工程师还需要采取哪些额外的操作来收集所需的指标？

A company provides an application to customers. The application has an Amazon API Gateway REST API that invokes an AWS Lambda function. On initialization, the Lambda function loads a large amount of data from an Amazon DynamoDB table. The data load process results in long cold-start times of 8-10 seconds. The DynamoDB table has DynamoDB Accelerator (DAX) configured. Customers report that the application intermittently takes a long time to respond to requests. The application receives thousands of requests throughout the day. In the middle of the day, the application experiences 10 times more requests than at any other time of the day. Near the end of the day, the application's request volume decreases to 10% of its normal total. A DevOps engineer needs to reduce the latency of the Lambda function at all times of the day. Which solution will meet these requirements? 一家公司向客户提供一个应用程序。该应用程序有一个 Amazon API Gateway REST API，该 API 调用一个 AWS Lambda 函数。在初始化时，Lambda 函数从一个 Amazon DynamoDB 表加载大量数据。数据加载过程导致了较长的冷启动时间，约为 8-10 秒。DynamoDB 表已配置了 DynamoDB Accelerator (DAX)。客户报告说，该应用程序偶尔会需要很长时间才能响应请求。该应用程序全天接收数千个请求。在一天的中间时段，该应用程序的请求量是一天中任何其他时段的 10 倍。接近一天结束时，该应用程序的请求量下降到正常总量的 10%。一名 DevOps 工程师需要在一天中的任何时间都减少 Lambda 函数的延迟。哪种解决方案可以满足这些需求？

A company is adopting AWS CodeDeploy to automate its application deployments for a Java-Apache Tomcat application with an Apache Webserver. The development team started with a proof of concept, created a deployment group for a developer environment, and performed functional tests within the application. After completion, the team will create additional deployment groups for staging and production. The current log level is configured within the Apache settings, but the team wants to change this configuration dynamically when the deployment occurs, so that they can set different log level configurations depending on the deployment group without having a different application revision for each group. How can these requirements be met with the LEAST management overhead and without requiring different script versions for each deployment group? 一家公司正在采用 AWS CodeDeploy 来自动化其 Java-Apache Tomcat 应用程序与 Apache Webserver 的应用部署。开发团队从概念验证开始，为开发人员环境创建了一个部署组，并在应用程序内执行了功能测试。完成后，团队将为预生产环境和生产环境创建额外的部署组。当前日志级别是在 Apache 设置中配置的，但团队希望在部署时动态更改此配置，以便根据部署组设置不同的日志级别配置，而无需为每个组创建不同的应用程序修订版本。如何以最少的管理开销满足这些要求，并且不需要为每个部署组使用不同的脚本版本？

A company requires its developers to tag all Amazon Elastic Block Store (Amazon EBS) volumes in an account to indicate a desired backup frequency. This requirement Includes EBS volumes that do not require backups. The company uses custom tags named Backup_Frequency that have values of none, dally, or weekly that correspond to the desired backup frequency. An audit finds that developers are occasionally not tagging the EBS volumes. A DevOps engineer needs to ensure that all EBS volumes always have the Backup_Frequency tag so that the company can perform backups at least weekly unless a different value is specified. Which solution will meet these requirements? 一家公司要求其开发人员为账户中的所有 Amazon Elastic Block Store (Amazon EBS) 卷添加标签，以指示所需的备份频率。此要求包括不需要备份的 EBS 卷。公司使用名为 Backup_Frequency 的自定义标签，其值为 none、daily 或 weekly，分别对应所需的备份频率。审计发现开发人员偶尔未为 EBS 卷添加标签。一名 DevOps 工程师需要确保所有 EBS 卷始终具有 Backup_Frequency 标签，以便公司至少每周执行备份，除非指定了其他值。哪种解决方案可以满足这些要求？

A company is using an Amazon Aurora cluster as the data store for its application. The Aurora cluster is configured with a single DB instance. The application performs read and write operations on the database by using the cluster's instance endpoint. The company has scheduled an update to be applied to the cluster during an upcoming maintenance window. The cluster must remain available with the least possible interruption during the maintenance window. What should a DevOps engineer do to meet these requirements? 一家公司正在使用 Amazon Aurora 集群作为其应用程序的数据存储。Aurora 集群配置为单个 DB 实例。应用程序通过使用集群的实例端点执行数据库的读写操作。该公司已安排在即将到来的维护窗口期间对集群进行更新。集群必须在维护窗口期间尽可能减少中断并保持可用。 DevOps 工程师应该怎么做来满足这些要求？

A company uses AWS Key Management Service (AWS KMS) keys and manual key rotation to meet regulatory compliance requirements. The security team wants to be notified when any keys have not been rotated after 90 days. Which solution will accomplish this? 一家公司使用 AWS Key Management Service (AWS KMS) 密钥和手动密钥轮换来满足监管合规要求。安全团队希望在任何密钥超过 90 天未轮换时收到通知。哪种解决方案可以实现这一目标？

A security review has identified that an AWS CodeBuild project is downloading a database population script from an Amazon S3 bucket using an unauthenticated request. The security team does not allow unauthenticated requests to S3 buckets for this project. How can this issue be corrected in the MOST secure manner? 一次安全审查发现，一个 AWS CodeBuild 项目正在通过未认证的请求从 Amazon S3 存储桶下载数据库填充脚本。安全团队不允许该项目对 S3 存储桶进行未认证的请求。如何以最安全的方式解决此问题？

A company has a single AWS account that runs hundreds of Amazon EC2 instances in a single AWS Region. New EC2 instances are launched and terminated each hour in the account. The account also includes existing EC2 instances that have been running for longer than a week. The company's security policy requires all running EC2 instances to use an EC2 instance profile. If an EC2 instance does not have an instance profile attached, the EC2 instance must use a default instance profile that has no IAM permissions assigned. A DevOps engineer reviews the account and discovers EC2 instances that are running without an instance profile. During the review, the DevOps engineer also observes that new EC2 instances are being launched without an instance profile. Which solution will ensure that an instance profile is attached to all existing and future EC2 instances in the Region? 一家公司拥有一个单一的AWS账户，在一个AWS区域中运行着数百个Amazon EC2实例。每小时都会在该账户中启动和终止新的EC2实例。该账户还包括已经运行超过一周的现有EC2实例。公司的安全策略要求所有正在运行的EC2实例必须使用EC2实例配置文件。如果某个EC2实例没有附加实例配置文件，则该EC2实例必须使用一个没有分配任何IAM权限的默认实例配置文件。一位DevOps工程师审查了该账户，并发现有一些正在运行的EC2实例没有实例配置文件。在审查过程中，DevOps工程师还观察到新的EC2实例正在启动时没有附加实例配置文件。哪种解决方案可以确保在该区域中的所有现有和未来的EC2实例都附加了实例配置文件？

A DevOps engineer is building a continuous deployment pipeline for a serverless application that uses AWS Lambda functions. The company wants to reduce the customer impact of an unsuccessful deployment. The company also wants to monitor for issues. Which deploy stage configuration will meet these requirements? 一名DevOps工程师正在为一个使用AWS Lambda函数的无服务器应用程序构建持续部署管道。公司希望减少不成功部署对客户的影响。公司还希望监控问题。哪个部署阶段配置可以满足这些要求？

To run an application, a DevOps engineer launches an Amazon EC2 instance with public IP addresses in a public subnet. A user data script obtains the application artifacts and installs them on the instances upon launch. A change to the security classification of the application now requires the instances to run with no access to the internet. While the instances launch successfully and show as healthy, the application does not seem to be installed. Which of the following should successfully install the application while complying with the new rule? 要运行一个应用程序，DevOps工程师在公共子网中启动了带有公共IP地址的Amazon EC2实例。一个用户数据脚本在实例启动时获取应用程序工件并将其安装到实例上。由于应用程序的安全分类发生了变化，现在要求实例运行时不能访问互联网。虽然实例成功启动并显示为健康状态，但应用程序似乎没有被安装。以下哪种方法可以成功安装应用程序，同时符合新的规则？

A development team is using AWS CodeCommit to version control application code and AWS CodePipeline to orchestrate software deployments. The team has decided to use a remote main branch as the trigger for the pipeline to integrate code changes. A developer has pushed code changes to the CodeCommit repository, but noticed that the pipeline had no reaction, even after 10 minutes. Which of the following actions should be taken to troubleshoot this issue? 一个开发团队正在使用 AWS CodeCommit 来进行应用代码的版本控制，并使用 AWS CodePipeline 来编排软件部署。该团队决定使用远程主分支作为管道的触发器来集成代码更改。一位开发人员已将代码更改推送到 CodeCommit 存储库，但注意到管道在 10 分钟后仍没有反应。应该采取以下哪项操作来排查此问题？

A company's developers use Amazon EC2 instances as remote workstations. The company is concerned that users can create or modify EC2 security groups to allow unrestricted inbound access. A DevOps engineer needs to develop a solution to detect when users create unrestricted security group rules. The solution must detect changes to security group rules in near real time, remove unrestricted rules, and send email notifications to the security team. The DevOps engineer has created an AWS Lambda function that checks for security group ID from input, removes rules that grant unrestricted access, and sends notifications through Amazon Simple Notification Service (Amazon SNS). What should the DevOps engineer do next to meet the requirements? 公司的开发人员使用 Amazon EC2 实例作为远程工作站。公司担心用户可能会创建或修改 EC2 安全组以允许不受限制的入站访问。一名 DevOps 工程师需要开发一个解决方案，以检测用户何时创建不受限制的安全组规则。该解决方案必须能够实时检测安全组规则的更改，删除不受限制的规则，并向安全团队发送电子邮件通知。该 DevOps 工程师已经创建了一个 AWS Lambda 函数，该函数从输入中检查安全组 ID，删除授予不受限制访问的规则，并通过 Amazon Simple Notification Service (Amazon SNS) 发送通知。为了满足要求，DevOps 工程师接下来应该怎么做？

A DevOps engineer is creating an AWS CloudFormation template to deploy a web service. The web service will run on Amazon EC2 instances in a private subnet behind an Application Load Balancer (ALB). The DevOps engineer must ensure that the service can accept requests from clients that have IPv6 addresses. What should the DevOps engineer do with the CloudFormation template so that IPv6 clients can access the web service? 一位DevOps工程师正在创建一个AWS CloudFormation模板以部署一个网络服务。该网络服务将在一个私有子网中的Amazon EC2实例上运行，并通过一个Application Load Balancer (ALB)进行负载均衡。DevOps工程师必须确保该服务能够接受来自具有IPv6地址的客户端的请求。 DevOps工程师应该如何修改CloudFormation模板以便IPv6客户端可以访问该网络服务？

A company uses AWS Organizations and AWS Control Tower to manage all the company's AWS accounts. The company uses the Enterprise Support plan. A DevOps engineer is using Account Factory for Terraform (AFT) to provision new accounts. When new accounts are provisioned, the DevOps engineer notices that the support plan for the new accounts is set to the Basic Support plan. The DevOps engineer needs to implement a solution to provision the new accounts with the Enterprise Support plan. Which solution will meet these requirements? 一家公司使用 AWS Organizations 和 AWS Control Tower 来管理公司所有的 AWS 账户。该公司使用 Enterprise Support 计划。一名 DevOps 工程师正在使用 Account Factory for Terraform (AFT) 来创建新账户。当新账户被创建时，DevOps 工程师注意到新账户的支持计划被设置为 Basic Support 计划。该 DevOps 工程师需要实施一个解决方案，以便在创建新账户时将支持计划设置为 Enterprise Support 计划。哪种解决方案可以满足这些需求？

A company's DevOps engineer uses AWS Systems Manager to perform maintenance tasks during maintenance windows. The company has a few Amazon EC2 instances that require a restart after notifications from AWS Health. The DevOps engineer needs to implement an automated solution to remediate these notifications. The DevOps engineer creates an Amazon EventBridge rule. How should the DevOps engineer configure the EventBridge rule to meet these requirements? 一家公司的 DevOps 工程师使用 AWS Systems Manager 在维护窗口期间执行维护任务。公司有一些 Amazon EC2 实例，在收到来自 AWS Health 的通知后需要重新启动。DevOps 工程师需要实施一个自动化解决方案来处理这些通知。DevOps 工程师创建了一个 Amazon EventBridge 规则。 DevOps 工程师应如何配置 EventBridge 规则以满足这些要求？

A company has containerized all of its in-house quality control applications. The company is running Jenkins on Amazon EC2 instances, which require patching and upgrading. The compliance officer has requested a DevOps engineer begin encrypting build artifacts since they contain company intellectual property. What should the DevOps engineer do to accomplish this in the MOST maintainable manner? 一家公司已将其所有内部质量控制应用程序容器化。该公司在Amazon EC2实例上运行Jenkins，这些实例需要进行修补和升级。合规官员要求DevOps工程师开始加密构建工件，因为它们包含公司的知识产权。 DevOps工程师应该如何以最可维护的方式实现这一目标？

An IT team has built an AWS CloudFormation template so others in the company can quickly and reliably deploy and terminate an application. The template creates an Amazon EC2 instance with a user data script to install the application and an Amazon S3 bucket that the application uses to serve static webpages while it is running. All resources should be removed when the CloudFormation stack is deleted. However, the team observes that CloudFormation reports an error during stack deletion, and the S3 bucket created by the stack is not deleted. How can the team resolve the error in the MOST efficient manner to ensure that all resources are deleted without errors? 一个IT团队已经创建了一个AWS CloudFormation模板，以便公司中的其他人可以快速且可靠地部署和终止一个应用程序。该模板会创建一个Amazon EC2实例，并使用一个用户数据脚本来安装应用程序，同时创建一个Amazon S3桶供应用程序在运行时用于提供静态网页。当CloudFormation堆栈被删除时，所有资源都应该被移除。然而，该团队发现，在堆栈删除期间，CloudFormation报告了一个错误，并且由堆栈创建的S3桶没有被删除。团队如何以最有效的方式解决错误，以确保所有资源都能无错误地被删除？

A company runs an application on one Amazon EC2 instance. Application metadata is stored in Amazon S3 and must be retrieved if the instance is restarted. The instance must restart or relaunch automatically if the instance becomes unresponsive. Which solution will meet these requirements? 一家公司在一台 Amazon EC2 实例上运行一个应用程序。应用程序的元数据存储在 Amazon S3 中，如果实例重新启动，则必须检索元数据。如果实例变得无响应，必须自动重新启动或重新部署实例。哪种解决方案可以满足这些需求？

A company has multiple AWS accounts. The company uses AWS IAM Identity Center (AWS Single Sign-On) that is integrated with AWS Toolkit for Microsoft Azure DevOps. The attributes for access control feature is enabled in IAM Identity Center.The attribute mapping list contains two entries. The department key is mapped to $${path:enterprise.department}. The costCenter key is mapped to $${path:enterprise.costCenter}.All existing Amazon EC2 instances have a department tag that corresponds to three company departments (d1, d2, d3). A DevOps engineer must create policies based on the matching attributes. The policies must minimize administrative effort and must grant each Azure AD user access to only the EC2 instances that are tagged with the user’s respective department name.Which condition key should the DevOps engineer include in the custom permissions policies to meet these requirements?一家公司拥有多个AWS账户。该公司使用与AWS Toolkit for Microsoft Azure DevOps集成的AWS IAM Identity Center（AWS Single Sign-On）。IAM Identity Center启用了访问控制功能的属性。属性映射列表包含两个条目。department键映射到${path:enterprise.department}。costCenter键映射到${path:enterprise.costCenter}。所有现有的Amazon EC2实例都有一个department标签，该标签对应于公司的三个部门（d1， d2， d3）。一名DevOps工程师必须基于匹配属性创建策略。这些策略必须尽量减少管理工作，并且必须仅授予每个Azure AD用户访问与用户所属部门名称相匹配标签的EC2实例的权限。DevOps工程师应该在自定义权限策略中包含哪个条件键以满足这些要求？

A company hosts a security auditing application in an AWS account. The auditing application uses an IAM role to access other AWS accounts. All the accounts are in the same organization in AWS Organizations. A recent security audit revealed that users in the audited AWS accounts could modify or delete the auditing application's IAM role. The company needs to prevent any modification to the auditing application's IAM role by any entity other than a trusted administrator IAM role. Which solution will meet these requirements? 一家公司在一个AWS账户中托管了一个安全审计应用程序。该审计应用程序使用一个IAM角色来访问其他AWS账户。所有账户都在同一个AWS Organizations组织中。最近的安全审计发现，被审计的AWS账户中的用户可以修改或删除审计应用程序的IAM角色。公司需要防止除受信任的管理员IAM角色以外的任何实体修改审计应用程序的IAM角色。哪种解决方案可以满足这些要求？

更多题库