Questions & Answers PDF
For More Information:
90 Days Free Updates
30 Days Money Back Guarantee
Instant Download Once Purchased
24/7 Online Chat Support
Its Latest Version
AWS Certified DevOps Engineer- Professional
Visit us athttps://www.certswarrior.com/exam/dop-c01/
Latest Version: 23.1
To run an application, a DevOps Engineer launches an Amazon EC2 instances with public IP addresses in
a public subnet. A user data script obtains the application artifacts and installs them on the instances
upon launch. A change to the security classification of the application now requires the instances to run
with no access to the Internet. While the instances launch successfully and show as healthy, the
Which of the following should successfully install the application while complying with the new rule?
A. Launch the instances in a public subnet with Elastic IP addresses attached. Once the application is
installed and running, run a script to disassociate the Elastic IP addresses afterwards.
B. Set up a NAT gateway. Deploy the EC2 instances to a private subnet. Update the private subnet's
route table to use the NAT gateway as the default route.
C. Publish the application artifacts to an Amazon S3 bucket and create a VPC endpoint for S3. Assign an
IAM instance profile to the EC2 instances so they can read the application artifacts from the S3 bucket.
D. Create a security group for the application instances and whitelist only outbound traffic to the artifact
repository. Remove the security group rule once the install is complete.
EC2 instances running in private subnets of a VPC can now have controlled access to S3 buckets, objects,
and API functions that are in the same region as the VPC. You can use an S3 bucket policy to indicate