AWS DOP-02_在线真题试卷与模拟练习_AWS DOP-02_考试宝

更新时间：试题数量：购买人数：提供作者：

有效期：个月

章节介绍：共有个章节

收藏

我的练习

我的错题
(0道)

我的收藏
(0道)

我的斩题
(0道)

我的笔记
(0道)

专项练习

顺序练习 0 / 0

随机练习 自定义设置练习量

题型乱序 按导入顺序练习

模拟考试 仿真模拟

题型练习 按题型分类练习

易错题 精选高频易错题

学习资料 考试学习相关信息

搜索

题库预览

A company has deployed an application in a production VPC in a single AWS account. The application is popular and is experiencing heavy usage. The company’s security team wants to add additional security, such as AWS WAF, to the application deployment. However, the application's product manager is concerned about cost and does not want to approve the change unless the security team can prove that additional security is necessary. The security team believes that some of the application's demand might come from users that have IP addresses that are on a deny list. The security team provides the deny list to a DevOps engineer. If any of the IP addresses on the deny list access the application, the security team wants to receive automated notification in near real time so that the security team can document that the application needs additional security. The DevOps engineer creates a VPC flow log for the production VPC. Which set of additional steps should the DevOps engineer take to meet these requirements MOST cost-effectively? 一家公司在单个AWS账户的生产VPC中部署了一个应用程序。该应用程序非常受欢迎，正在经历大量使用。公司的安全团队希望为应用程序部署添加额外的安全性，例如AWS WAF。然而，应用程序的产品经理担心成本问题，并表示除非安全团队能够证明额外的安全性是必要的，否则不会批准该更改。安全团队认为，应用程序的一部分需求可能来自于拥有被拒绝列表中IP地址的用户。安全团队将拒绝列表提供给了一名DevOps工程师。如果拒绝列表中的任何IP地址访问了应用程序，安全团队希望能够在接近实时的情况下收到自动通知，以便记录应用程序需要额外的安全性。DevOps工程师为生产VPC创建了一个VPC流日志。 DevOps工程师应该采取哪些额外步骤以最具成本效益的方式满足这些要求？

A company is hosting a web application in an AWS Region. For disaster recovery purposes, a second region is being used as a standby. Disaster recovery requirements state that session data must be replicated between regions in near-real time and 1% of requests should route to the secondary region to continuously verify system functionality. Additionally, if there is a disruption in service in the main region, traffic should be automatically routed to the secondary region, and the secondary region must be able to scale up to handle all traffic. How should a DevOps engineer meet these requirements? 一家公司在一个AWS区域托管一个Web应用程序。为了灾难恢复目的，使用第二个区域作为备用区域。灾难恢复要求指出会话数据必须在区域之间进行近实时复制，并且1%的请求应该路由到备用区域以持续验证系统功能。此外，如果主区域的服务中断，流量应自动路由到备用区域，并且备用区域必须能够扩展以处理所有流量。 DevOps工程师应该如何满足这些要求？

A DevOps engineer manages a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an EC2 Auto Scaling group across multiple Availability Zones. The engineer needs to implement a deployment strategy that: Launches a second fleet of instances with the same capacity as the original fleet. Maintains the original fleet unchanged while the second fleet is launched. Transitions traffic to the second fleet when the second fleet is fully deployed. Terminates the original fleet automatically 1 hour after transition. Which solution will satisfy these requirements? 一位 DevOps 工程师管理一个运行在 Amazon EC2 实例上的 Web 应用程序，这些实例位于一个 Application Load Balancer (ALB) 后面。实例运行在跨多个可用区的 EC2 Auto Scaling 组中。工程师需要实施一个部署策略，该策略：启动一个与原始实例组容量相同的第二个实例组。在启动第二个实例组时保持原始实例组不变。当第二个实例组完全部署后，将流量切换到第二个实例组。在切换后自动终止原始实例组，时间为 1 小时。哪种解决方案可以满足这些要求？

A video-sharing company stores its videos in Amazon S3. The company has observed a sudden increase in video access requests, but the company does not know which videos are most popular. The company needs to identify the general access pattern for the video files. This pattern includes the number of users who access a certain file on a given day, as well as the number of pull requests for certain files. How can the company meet these requirements with the LEAST amount of effort? 一家视频分享公司将其视频存储在 Amazon S3 中。该公司注意到视频访问请求突然增加，但公司不知道哪些视频最受欢迎。公司需要识别视频文件的一般访问模式。此模式包括某一天访问某个文件的用户数量，以及某些文件的拉取请求数量。公司如何以最少的努力满足这些要求？

A development team wants to use AWS CloudFormation stacks to deploy an application. However, the developer IAM role does not have the required permissions to provision the resources that are specified in the AWS CloudFormation template. A DevOps engineer needs to implement a solution that allows the developers to deploy the stacks. The solution must follow the principle of least privilege. Which solution will meet these requirements? 一个开发团队希望使用AWS CloudFormation堆栈来部署一个应用程序。然而，开发人员IAM角色没有所需的权限来配置AWS CloudFormation模板中指定的资源。一个DevOps工程师需要实施一个解决方案，使开发人员能够部署堆栈。解决方案必须遵循最小权限原则。哪个解决方案可以满足这些要求？

A production account has a requirement that any Amazon EC2 instance that has been logged in to manually must be terminated within 24 hours. All applications in the production account are using Auto Scaling groups with the Amazon CloudWatch Logs agent configured. How can this process be automated? 一个生产账户有一个要求，即任何被手动登录过的 Amazon EC2 实例必须在 24 小时内终止。生产账户中的所有应用程序都使用配置了 Amazon CloudWatch Logs agent 的 Auto Scaling 组。如何实现这个过程的自动化？

A company has enabled all features for its organization in AWS Organizations. The organization contains 10 AWS accounts. The company has turned on AWS CloudTrail in all the accounts. The company expects the number of AWS accounts in the organization to increase to 500 during the next year. The company plans to use multiple OUs for these accounts. The company has enabled AWS Config in each existing AWS account in the organization. A DevOps engineer must implement a solution that enables AWS Config automatically for all future AWS accounts that are created in the organization. Which solution will meet this requirement? 一家公司在 AWS Organizations 中为其组织启用了所有功能。该组织包含 10 个 AWS 账户。公司已在所有账户中启用了 AWS CloudTrail。公司预计在未来一年内，组织中的 AWS 账户数量将增加到 500 个。公司计划为这些账户使用多个 OU。公司已在组织中的每个现有 AWS 账户中启用了 AWS Config。一名 DevOps 工程师必须实施一个解决方案，以便在组织中创建的所有未来 AWS 账户中自动启用 AWS Config。哪种解决方案可以满足此需求？

A company has many applications. Different teams in the company developed the applications by using multiple languages and frameworks. The applications run on premises and on different servers with different operating systems. Each team has its own release protocol and process. The company wants to reduce the complexity of the release and maintenance of these applications. The company is migrating its technology stacks, including these applications, to AWS. The company wants centralized control of source code, a consistent and automatic delivery pipeline, and as few maintenance tasks as possible on the underlying infrastructure. What should a DevOps engineer do to meet these requirements? 一家公司有许多应用程序。公司中的不同团队使用多种语言和框架开发了这些应用程序。这些应用程序运行在本地以及不同服务器上，使用不同的操作系统。每个团队都有自己的发布协议和流程。公司希望减少这些应用程序发布和维护的复杂性。公司正在将其技术栈，包括这些应用程序，迁移到AWS。公司希望对源代码进行集中控制，拥有一致且自动化的交付管道，并尽可能减少对底层基础设施的维护任务。 DevOps工程师应该怎么做以满足这些要求？

A DevOps engineer needs to apply a core set of security controls to an existing set of AWS accounts. The accounts are in an organization in AWS Organizations. Individual teams will administer individual accounts by using the AdministratorAccess AWS managed policy. For all accounts. AWS CloudTrail and AWS Config must be turned on in all available AWS Regions. Individual account administrators must not be able to edit or delete any of the baseline resources. However, individual account administrators must be able to edit or delete their own CloudTrail trails and AWS Config rules. Which solution will meet these requirements in the MOST operationally efficient way? 一位 DevOps 工程师需要对现有的一组 AWS 账户应用一套核心安全控制。这些账户属于 AWS Organizations 中的一个组织。各个团队将通过使用 AdministratorAccess AWS 托管策略来管理各自的账户。对于所有账户，必须在所有可用的 AWS 区域启用 AWS CloudTrail 和 AWS Config。各账户管理员不得编辑或删除任何基线资源。然而，各账户管理员必须能够编辑或删除他们自己的 CloudTrail 跟踪和 AWS Config 规则。哪种解决方案能够以最高的操作效率满足这些要求？

A company wants to migrate its content sharing web application hosted on Amazon EC2 to a serverless architecture. The company currently deploys changes to its application by creating a new Auto Scaling group of EC2 instances and a new Elastic Load Balancer, and then shifting the traffic away using an Amazon Route 53 weighted routing policy. For its new serverless application, the company is planning to use Amazon API Gateway and AWS Lambda. The company will need to update its deployment processes to work with the new application. It will also need to retain the ability to test new features on a small number of users before rolling the features out to the entire user base. Which deployment strategy will meet these requirements? 一家公司希望将其托管在 Amazon EC2 上的内容共享 Web 应用程序迁移到无服务器架构。该公司目前通过创建一个新的 EC2 实例的 Auto Scaling 组和一个新的 Elastic Load Balancer 来部署其应用程序的更改，然后使用 Amazon Route 53 的加权路由策略将流量转移。对于新的无服务器应用程序，该公司计划使用 Amazon API Gateway 和 AWS Lambda。公司需要更新其部署流程以适应新的应用程序。它还需要保留在向整个用户群推出新功能之前，先在少量用户上测试新功能的能力。哪种部署策略可以满足这些需求？

A development team uses AWS CodeCommit, AWS CodePipeline, and AWS CodeBuild to develop and deploy an application. Changes to the code are submitted by pull requests. The development team reviews and merges the pull requests, and then the pipeline builds and tests the application. Over time, the number of pull requests has increased. The pipeline is frequently blocked because of failing tests. To prevent this blockage, the development team wants to run the unit and integration tests on each pull request before it is merged. Which solution will meet these requirements? 一个开发团队使用 AWS CodeCommit、AWS CodePipeline 和 AWS CodeBuild 来开发和部署一个应用程序。代码的更改通过 pull requests 提交。开发团队审查并合并 pull requests，然后管道构建并测试应用程序。随着时间的推移，pull requests 的数量增加了。由于测试失败，管道经常被阻塞。为了防止这种阻塞，开发团队希望在每个 pull request 合并之前运行单元测试和集成测试。哪种解决方案可以满足这些要求？

A company has an application that runs on a fleet of Amazon EC2 instances. The application requires frequent restarts. The application logs contain error messages when a restart is required. The application logs are published to a log group in Amazon CloudWatch Logs. An Amazon CloudWatch alarm notifies an application engineer through an Amazon Simple Notification Service (Amazon SNS) topic when the logs contain a large number of restart-related error messages. The application engineer manually restarts the application on the instances after the application engineer receives a notification from the SNS topic. A DevOps engineer needs to implement a solution to automate the application restart on the instances without restarting the instances. Which solution will meet these requirements in the MOST operationally efficient manner? 一家公司有一个运行在一组 Amazon EC2 实例上的应用程序。该应用程序需要频繁重启。应用程序日志在需要重启时包含错误消息。应用程序日志被发布到 Amazon CloudWatch Logs 中的一个日志组。当日志中包含大量与重启相关的错误消息时，一个 Amazon CloudWatch alarm 会通过 Amazon Simple Notification Service (Amazon SNS) 主题通知应用程序工程师。应用程序工程师在收到 SNS 主题的通知后手动重启实例上的应用程序。一位 DevOps 工程师需要实现一个解决方案，以自动化实例上的应用程序重启，而无需重启实例。哪种解决方案能够以最具操作效率的方式满足这些需求？

A company wants to set up a continuous delivery pipeline. The company stores application code in a private GitHub repository. The company needs to deploy the application components to Amazon Elastic Container Service (Amazon ECS). Amazon EC2, and AWS Lambda. The pipeline must support manual approval actions. Which solution will meet these requirements? 一家公司希望建立一个持续交付管道。该公司将应用程序代码存储在一个私有的 GitHub 仓库中。公司需要将应用程序组件部署到 Amazon Elastic Container Service (Amazon ECS)、Amazon EC2 和 AWS Lambda。管道必须支持手动审批操作。哪种解决方案可以满足这些要求？

A company has an application that runs on Amazon EC2 instances that are in an Auto Scaling group. When the application starts up. the application needs to process data from an Amazon S3 bucket before the application can start to serve requests. The size of the data that is stored in the S3 bucket is growing. When the Auto Scaling group adds new instances, the application now takes several minutes to download and process the data before the application can serve requests. The company must reduce the time that elapses before new EC2 instances are ready to serve requests. Which solution is the MOST cost-effective way to reduce the application startup time? 一家公司有一个应用程序运行在一个 Amazon EC2 实例上，这些实例属于一个 Auto Scaling 组。当应用程序启动时，应用程序需要处理来自 Amazon S3 bucket 的数据，然后才能开始处理请求。存储在 S3 bucket 中的数据量正在增长。当 Auto Scaling 组添加新实例时，应用程序现在需要几分钟时间来下载和处理数据，然后才能开始处理请求。公司必须减少新 EC2 实例准备好处理请求所需的时间。哪种解决方案是减少应用程序启动时间的最具成本效益的方法？

A company is using an AWS CodeBuild project to build and package an application. The packages are copied to a shared Amazon S3 bucket before being deployed across multiple AWS accounts.The buildspec.yml file contains the following:（含图）The DevOps engineer has noticed that anybody with an AWS account is able to download the artifacts.What steps should the DevOps engineer take to stop this?一家公司正在使用一个AWS CodeBuild项目来构建和打包一个应用程序。打包后的文件被复制到一个共享的Amazon S3桶中，然后在多个AWS账户之间进行部署。buildspec.yml文件包含以下内容：DevOps工程师注意到任何拥有AWS账户的人都能够下载这些制品。DevOps工程师应该采取哪些步骤来阻止这种情况？

A company has developed a serverless web application that is hosted on AWS. The application consists of Amazon S3. Amazon API Gateway, several AWS Lambda functions, and an Amazon RDS for MySQL database. The company is using AWS CodeCommit to store the source code. The source code is a combination of AWS Serverless Application Model (AWS SAM) templates and Python code. A security audit and penetration test reveal that user names and passwords for authentication to the database are hardcoded within CodeCommit repositories. A DevOps engineer must implement a solution to automatically detect and prevent hardcoded secrets. What is the MOST secure solution that meets these requirements? 一家公司开发了一个无服务器的 Web 应用程序，该应用程序托管在 AWS 上。该应用程序由 Amazon S3、Amazon API Gateway、多个 AWS Lambda 函数和一个 Amazon RDS for MySQL 数据库组成。公司使用 AWS CodeCommit 来存储源代码。源代码是 AWS Serverless Application Model (AWS SAM) 模板和 Python 代码的组合。一次安全审计和渗透测试发现，用于数据库身份验证的用户名和密码被硬编码在 CodeCommit 仓库中。一名 DevOps 工程师必须实施一个解决方案，以自动检测和防止硬编码的密钥。满足这些要求的最安全解决方案是什么？

A company is using Amazon S3 buckets to store important documents. The company discovers that some S3 buckets are not encrypted. Currently, the company’s IAM users can create new S3 buckets without encryption. The company is implementing a new requirement that all S3 buckets must be encrypted. A DevOps engineer must implement a solution to ensure that server-side encryption is enabled on all existing S3 buckets and all new S3 buckets. The encryption must be enabled on new S3 buckets as soon as the S3 buckets are created. The default encryption type must be 256-bit Advanced Encryption Standard (AES-256). Which solution will meet these requirements? 一家公司正在使用 Amazon S3 存储桶存储重要文档。该公司发现一些 S3 存储桶未加密。目前，该公司的 IAM 用户可以创建未加密的新 S3 存储桶。公司正在实施一项新要求，即所有 S3 存储桶必须加密。一名 DevOps 工程师必须实施一个解决方案，以确保所有现有的 S3 存储桶和所有新的 S3 存储桶启用服务器端加密。加密必须在新 S3 存储桶创建时立即启用。默认加密类型必须是 256 位高级加密标准 (AES-256)。哪种解决方案可以满足这些要求？

A DevOps engineer is architecting a continuous development strategy for a company’s software as a service (SaaS) web application running on AWS. For application and security reasons, users subscribing to this application are distributed across multiple Application Load Balancers (ALBs), each of which has a dedicated Auto Scaling group and fleet of Amazon EC2 instances. The application does not require a build stage, and when it is committed to AWS CodeCommit, the application must trigger a simultaneous deployment to all ALBs, Auto Scaling groups, and EC2 fleets. Which architecture will meet these requirements with the LEAST amount of configuration? 一位DevOps工程师正在为公司运行在AWS上的软件即服务（SaaS）Web应用程序设计一个持续开发策略。由于应用程序和安全原因，订阅此应用程序的用户分布在多个Application Load Balancers（ALBs）上，每个ALB都有一个专属的Auto Scaling组和一组Amazon EC2实例。该应用程序不需要构建阶段，当应用程序提交到AWS CodeCommit时，必须触发对所有ALBs、Auto Scaling组和EC2实例组的同时部署。哪种架构能够以最少的配置满足这些要求？

A company is hosting a static website from an Amazon S3 bucket. The website is available to customers at example.com. The company uses an Amazon Route 53 weighted routing policy with a TTL of 1 day. The company has decided to replace the existing static website with a dynamic web application. The dynamic web application uses an Application Load Balancer (ALB) in front of a fleet of Amazon EC2 instances. On the day of production launch to customers, the company creates an additional Route 53 weighted DNS record entry that points to the ALB with a weight of 255 and a TTL of 1 hour. Two days later, a DevOps engineer notices that the previous static website is displayed sometimes when customers navigate to example.com. How can the DevOps engineer ensure that the company serves only dynamic content for example.com? 一家公司通过 Amazon S3 存储桶托管一个静态网站。该网站通过 example.com 向客户提供服务。公司使用 Amazon Route 53 加权路由策略，并设置了 1 天的 TTL。公司决定用一个动态 Web 应用程序替换现有的静态网站。动态 Web 应用程序使用一个 Application Load Balancer (ALB) 来作为一组 Amazon EC2 实例的前端。在向客户发布生产版本的当天，公司创建了一个额外的 Route 53 加权 DNS 记录条目，该条目指向 ALB，权重为 255，TTL 为 1 小时。两天后，一名 DevOps 工程师注意到，当客户访问 example.com 时，有时会显示之前的静态网站。 DevOps 工程师如何确保公司仅为 example.com 提供动态内容？

A company is implementing AWS CodePipeline to automate its testing process. The company wants to be notified when the execution state fails and used the following custom event pattern in Amazon EventBridge:（含图）Which type of events will match this event pattern?一家公司正在实施 AWS CodePipeline 以自动化其测试流程。该公司希望在执行状态失败时收到通知，并在 Amazon EventBridge 中使用以下自定义事件模式：哪些类型的事件会匹配此事件模式？

更多题库