Give Push to your Success with AWS Certified DevOps Engineer AWS-DevOps Exam Questions [Q92-Q107]

Give Push to your Success with AWS Certified DevOps Engineer AWS-DevOps Exam Questions

AWS-DevOps 100% Guarantee Download AWS-DevOps Exam PDF Q&A

NEW QUESTION # 92
You have an ELB setup in AWS with EC2 instances running behind it. You have been requested to monitor the incoming connections to the ELB. Which of the below options can suffice this requirement?

• A. Create a custom metric CloudWatch filter on your load balancer
• B. Enable access logs on the load balancer
• C. UseAWSCIoudTrail with your load balancer
• D. Use a CloudWatch Logs Agent

Answer: B

Explanation:
Clastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer. Cach log contains information such as the time the request was received, the client's IP address, latencies, request paths, and server responses. You can use these access logs to analyze traffic patterns and to troubleshoot issues.
Option A is invalid because this service will monitor all AWS services
Option C and D are invalid since CLB already provides a logging feature.
For more information on ELB access logs, please refer to the below document link: from AWS
http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/access-log-collection. html

NEW QUESTION # 93
A DevOps Engineer is responsible for the deployment of a PHP application. The Engineer is working in a hybrid deployment, with the application running on both on-premises servers and Amazon EC2 instances. The application needs access to a database containing highly confidential information. Application instances need access to database credentials, which must be encrypted at rest and in transit before reaching the instances.
How should the Engineer automate the deployment process while also meeting the security requirements?

• A. Use AWS Elastic Beanstalk with a PHP platform configuration to deploy application packages to the instances. Store database credentials on AWS Systems Manager Parameter Store using the Secure String data type. Define an IAM role for Amazon EC2 allowing access, and decrypt only the database credentials. Associate this role to all the instances.
• B. Use AWS CodeDeploy to deploy application packages to the instances. Store database credentials in the AppSpec file. Define an IAM policy for allowing access to only the database credentials. Attach the IAM policy to the role associated to the instance profile for CodeDeploy-managed instances and the role used for on-premises instances registration on CodeDeploy
• C. Use AWS CodeDeploy to deploy application packages to the instances. Store database credentials on AWS Systems Manager Parameter Store using the Secure String data type. Define an IAM role with an attached policy that allows decryption of the database credentials. Associate this role to all the instances and on-premises servers.
• D. Use AWS CodeDeploy to deploy application packages to the instances. Store database credentials on AWS Systems Manager Parameter Store using the Secure String data type. Define an IAM policy for allowing access, and decrypt only the database credentials. Attach the IAM policy to the role associated to the instance profile for CodeDeploy-managed instances, and to the role used for on-premises instances registration on CodeDeploy.

Answer: C

NEW QUESTION # 94
A DevOps Engineer is launching a new application that will be deployed on infrastructure using Amazon Route
53, an Application Load Balancer, Auto Scaling, and Amazon DynamoDB. One of the key requirements of this launch is that the application must be able to scale to meet a load increase. During periods of low usage, the infrastructure components must scale down to optimize cost.
What steps can the DevOps Engineer take to meet the requirements? (Choose two.)

• A. Use AWS Trusted Advisor to submit limit increase requests for the Amazon EC2 instances that will be used by the infrastructure.
• B. Create an Amazon CloudWatch Events scheduled rule that runs every 5 minutes to track the current use of the Auto Scaling group. If usage has changed, trigger a scale-up event to adjust the capacity. Do the same for DynamoDB read and write capacities.
• C. Configure the Application Load Balancer to automatically adjust the target group based on the current load.
• D. Determine which Amazon EC2 instance limits need to be raised by leveraging AWS Trusted Advisor, and submit a request to AWS Support to increase those limits.
• E. Enable Auto Scaling for the DynamoDB tables that are used by the application.

Answer: C,E

Explanation:
Explanation/Reference:
https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html

NEW QUESTION # 95
The Development team at an online retailer has moved to Business support and want to take advantage of the AWS Health Dashboard and the AWS Health API to automate remediation actions for issues with the health of AWS resources. The first use case is to respond to AWS detecting an IAM access key that is listed on a public code repository site. The automated response will be to delete the IAM access key and send a notification to the Security team.
How should this be achieved?

• A. Create an AWS Lambda function to delete the IAM access key. Send AWS CloudTrail logs to AWS CloudWatch logs. Create a CloudWatch Logs metric filter for the AWS_RISK_CREDENTIALS_EXPOSED event with two actions: first, run the Lambda function; second, use Amazon SNS to send a notification to the Security team.
• B. Use AWS Step Functions to create a function to delete the IAM access key, and then use Amazon SNS to send a notification to the Security team. Create an AWS Personal Health Dashboard rule for the AWS_RISK_CREDENTIALS_EXPOSED event; set the target of the Personal Health Dashboard rule to Step Functions.
• C. Create an AWS Lambda function to delete the IAM access key. Create an AWS Config rule for changes to aws.health and the AWS_RISK_CREDENTIALS_EXPOSED event with two actions: first, run the Lambda function; second, use Amazon SNS to send a notification to the Security team.
• D. Use AWS Step Functions to create a function to delete the IAM access key, and then use Amazon SNS to send a notification to the Security team. Create an Amazon CloudWatch Events rule with an aws.health event source and the AWS_RISK_CREDENTIALS_EXPOSED event, set the target of the CloudWatch Events rule to Step Functions.

Answer: D

NEW QUESTION # 96
Management has reported an increase in the monthly bill from Amazon Web Services, and they are extremely
concerned with this increased cost. Management has asked you to determine the exact cause of this increase.
After reviewing the billing report, you notice an increase in the data transfer cost. How can you provide
management with a better insight into data transfer use?

• A. Use Amazon CloudWatch Logs to run a map-reduce on your logs to determine high usage and data
  transfer.
• B. Deliver custom metrics to Amazon CloudWatch per application that breaks down application data
  transfer into multiple, more specific data points.
  D- Using Amazon CloudWatch metrics, pull your Elastic Load Balancing outbound data transfer
  metrics monthly, and include them with your billing report to show which application is causing higher
  bandwidth usage.
• C. Update your Amazon CloudWatch metrics to use five-second granularity, which will give better detailed
  metrics that can be combined with your billing data to pinpoint anomalies.

Answer: B

Explanation:
Explanation
You can publish your own metrics to CloudWatch using the AWS CLI or an API. You can view statistical
graphs of your published metrics with the AWS Management Console.
CloudWatch stores data about a metric as a series of data points. Each data point has an associated time stamp.
You can even publish an aggregated set of data points called a statistic set.
If you have custom metrics specific to your application, you can give a breakdown to the management on the
exact issue.
Option A won't be sufficient to provide better insights.
Option B is an overhead when you can make the application publish custom metrics
Option D is invalid because just the ELB metrics will not give the entire picture
For more information on custom metrics, please refer to the below document link: from AWS
* http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/publ
ishingMetrics.htmI

NEW QUESTION # 97
You are creating a cloudformation templates which takes in a database password as a parameter. How can you ensure that the password is not visible when anybody tries to describes the stack

• A. Usethe password attribute for the resource
• B. Usethe hidden property for the parameter value
• C. Setthe hidden attribute for the Cloudformation resource.
• D. Usethe NoEcho property for the parameter value

Answer: D

Explanation:
Explanation
The AWS Documentation mentions
For sensitive parameter values (such as passwords), set the NoEcho property to true. That way, whenever anyone describes your stack, the parameter value is shown as asterisks (***").
For more information on Cloudformation parameters, please visit the below URL:
* http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/parameters-section-structure.html

NEW QUESTION # 98
A DevOps Engineer is using AWS CodeDeploy across a fleet of Amazon EC2 instances in an EC2 Auto Scaling group. The associated CodeDeploy deployment group, which is integrated with EC2 Auto Scaling, is configured to perform in-place deployments with CodeDeployDefault.OneAtATime. During an ongoing new deployment, the Engineer discovers that, although the overall deployment finished successfully, two out of five instances have the previous application revision deployed. The other three instances have the newest application revision. What is likely causing this issue?

• A. The two affected instances failed to fetch the new deployment.
• B. EC2 Auto Scaling launched two new instances while the new deployment had not yet finished, causing the previous version to be deployed on the affected instances.
• C. The CodeDeploy agent was not installed in two affected instances.
• D. A failed AfterInstall lifecycle event hook caused the CodeDeploy agent to roll back to the previous version on the affected instances.

Answer: B

NEW QUESTION # 99
A company is using AWS for an application. The Development team must automate its deployments. The team has set up an AWS CodePipeline to deploy the application to Amazon EC2 instances by using AWS CodeDeploy after it has been built using the AWS CodeBuild service.
The team would like to add automated testing to the pipeline to confirm that the application is healthy before deploying it to the next stage of the pipeline using the same code. The team requires a manual approval action before the application is deployed, even if the test is successful. The testing and approval must be accomplished at the lowest costs, using the simplest management solution.
Which solution will meet these requirements?

• A. Create a new pipeline that uses a source action that gets the code from the same repository as the first pipeline. Add a deploy action to deploy the code to a test environment. Use a test action using AWS Lambda to test the deployment. Add a manual approval action by using Amazon SNS to notify the team, and add a deploy action to deploy the application to the next stage.
• B. Add a test action after the last deploy action of the pipeline. Configure the action to use CodeBuild to perform the required tests. If these tests are successful, mark the action as successful. Add a manual approval action that uses Amazon SNS to notify the team, and add a deploy action to deploy the application to the next stage.
• C. Add a test action after the last deployment action. Use a Jenkins server on Amazon EC2 to do the required tests and mark the action as successful if the tests pass. Create a manual approval action that uses Amazon SQS to notify the team and add a deploy action to deploy the application to the next stage.
• D. Add a manual approval action after the last deploy action of the pipeline. Use Amazon SNS to inform the team of the stage being triggered. Next, add a test action using CodeBuild to do the required tests.
  At the end of the pipeline, add a deploy action to deploy the application to the next stage.

Answer: D

NEW QUESTION # 100
If I want Cloud Formation stack status updates to show up in a continuous delivery system in as close to real
time as possible, how should I achieve this?

• A. Use a long-poll on the ListStacksAPI call for your CloudFormation stack and display those state
  changes in the Ul for the system.
• B. Use a long-poll on the Resources object in your Cloud Formation stack and display those state changes
  in the Ul for the system.
• C. Subscribe your continuous delivery system to an SNS topic that you also tell your CloudFormation stack
  to publish events into. V
• D. Subscribe your continuous delivery system to an SQS queue that you also tell your CloudFormation
  stack to publish events into.

Answer: C

Explanation:
Explanation
Answer - C
You can monitor the progress of a stack update by viewing the stack's events. The console's Cvents tab
displays each major step in the creation and update of the stack sorted by the time of each event with latest
events on top. The start of the stack update process is marked with an UPDATE_IN_PROGRCSS event for the
stack For more information on Monitoring your stack, please visit the below URL:
* http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/using-cfn-updating-stacks-monitor-st
html

NEW QUESTION # 101
A company develops and maintains a web application using Amazon EC2 instances and an Amazon RDS for SQL Server DB instance in a single Availability Zone. The resources need to run only when new deployments are being tested using AWS CodePipeline. Testing occurs one or more times a week and each test takes 2-3 hours to run. A DevOps engineer wants a solution that does not change the architecture components.
Which solution will meet these requirements in the MOST cost-effective manner?

• A. Convert the RDS database to an Amazon Aurora Serverless database. Use an AWS Lambda function to start and stop the EC2 instances before and after tests.
• B. Put the EC2 instances into an Auto Scaling group. Schedule scaling to run at the start of the deployment tests.
• C. Replace the EC2 instances with EC2 Spot Instances and the RDS database with an RDS Reserved Instance.
• D. Subscribe Amazon Cloud Watch Events to CodePipeline to trigger AWS Systems Manager Automation documents that start and stop all EC2 and RDS instances before and after deployment tests.

Answer: B

Explanation:
Explanation/Reference: https://docs.amazonaws.cn/en_us/elasticbeanstalk/latest/dg/using-features.managing.as.html?
filter-select=AWS%20Management%20Console

NEW QUESTION # 102
A company runs a production application workload in a single AWS account that uses Amazon Route 53, AWS Elastic Beanstalk, and Amazon RDS. In the event of a security incident, the Security team wants the application workload to fail over to a new AWS account. The Security team also wants to block all access to the original account immediately, with no access to any AWS resources in the original AWS account, during forensic analysis.
What is the most cost-effective way to prepare to fail over to the second account prior to a security incident?

• A. Save/copy the Amazon Route 53 configurations for use in a different AWS account after an incident.
  Save/copy Elastic Beanstalk configuration files to a different account. Enable the RDS database read replica in a different account.
• B. Migrate the Amazon Route 53 configuration to a dedicated AWS account. Mirror the Elastic Beanstalk configuration in a different account. Enable RDS Database Read Replicas in a different account.
• C. Migrate the Amazon Route 53 configuration to a dedicated AWS account. Save/copy the Elastic Beanstalk configuration files in a different AWS account. Copy snapshots of the RDS Database to a different account.
• D. Save/copy the Amazon Route 53 configurations for use in a different AWS account after an incident.
  Mirror the configuration of Elastic Beanstalk in a different account. Copy snapshots of the RDS database to a different account.

Answer: C

NEW QUESTION # 103
A DevOps engineer needs to back up sensitive Amazon S3 objects that are stored within an S3 bucket with a private bucket policy using S3 cross-Region replication functionality. The objects need to be copied to a target bucket In a different AWS Region and account.
Which combination of actions should be performed to enable this replication? (Select THREE.)

• A. Create a replication rule in the target bucket to enable the replication
• B. Create a replication rule in the source bucket to enable the replication.
• C. Add statements to the target bucket policy allowing the replication 1AM role to replicate objects.
• D. Add statements to the source bucket policy allowing the replication 1AM role to replicate objects
• E. Create a replication 1AM role in the source account.
• F. Create a replication 1AM role in the target account.

Answer: B,F

NEW QUESTION # 104
Ansible supports running Playbook on the host directly or via SSH. How can Ansible be told to run its playbooks directly on the host?

• A. Specifying `-type local' on the command line.
• B. It does not need to be specified; it's the default.
• C. Setting `connection: local' in the tasks that run locally.
• D. Setting `connection: local' in the Playbook.

Answer: D

Explanation:
Ansible can be told to run locally on the command line with the `-c' option or can be told via the
`connection: local' declaration in the playbook. The default connection method is `remote'.
Reference: http://docs.ansible.com/ansible/intro_inventory.html#non-ssh-connection-types

NEW QUESTION # 105
You have an application which consists of EC2 instances in an Auto Scaling group. Between a particular time frame every day, there is an increase in traffic to your website. Hence users are complaining of a poor response time on the application. You have configured your Auto Scaling group to deploy one new EC2 instance when CPU utilization is greater than 60% for 2 consecutive periods of 5 minutes. What is the least cost-effective way to resolve this problem?

• A. Increase the minimum number of instances in the Auto Scaling group
• B. Decrease the threshold CPU utilization percentage at which to deploy a new instance
• C. Decrease the consecutive number of collection periods
• D. Decrease the collection period to ten minutes

Answer: A

Explanation:
Explanation
If you increase the minimum number of instances, then they will be running even though the load is not high on the website. Hence you are incurring cost even though there is no need.
All of the remaining options are possible options which can be used to increase the number of instances on a high load.
For more information on On-demand scaling, please refer to the below link:
http://docs.aws.amazon.com/autoscaling/latest/userguide/as-scale-based-on-demand.html Note: The tricky part where the question is asking for 'least cost effective way". You got the design consideration correctly but need to be careful on how the question is phrased.

NEW QUESTION # 106
A company has developed a Node.js web application which provides REST services to store and retrieve time series data. The web application is built by the Development team on company laptops, tested locally, and manually deployed to a single on-premises server, which accesses a local MySQL database. The company is starting a trial in two weeks, during which the application will undergo frequent updates based on customer feedback. The following requirements must be met:
* The team must be able to reliably build, test, and deploy new updates on a daily basis, without downtime or degraded performance.
* The application must be able to scale to meet an unpredictable number of concurrent users during the trial.
Which action will allow the team to quickly meet these objectives?

• A. Develop an AWS CloudFormation template to create an Application Load Balancer and two Amazon EC2 instances with Amazon EBS (SSD) volumes in an Auto Scaling group with rolling updates enabled. Use AWS CodeBuild to build and test the Node.js application and store it in an Amazon S3 bucket. Use user- data scripts to install the application and the MySQL database on each EC2 instance. Update the stack to deploy new application versions.
• B. Create two Amazon Lightsail virtual private servers for Node.js; one for test and one for production. Build the Node.js application using existing process and upload it to the new Lightsail test server using the AWS CLI. Test the application, and if it passes all tests, upload it to the production server. During the trial, monitor the production server usage, and if needed, increase performance by upgrading the instance type.
• C. Configure AWS Elastic Beanstalk to automatically build the application using AWS CodeBuild and to deploy it to a test environment that is configured to support auto scaling. Create a second Elastic Beanstalk environment for production. Use Amazon RDS to store data. When new versions of the applications have passed all tests, use Elastic Beanstalk 'swap cname' to promote the test environment to production.
• D. Modify the application to use Amazon DynamoDB instead of a local MySQL database. Use AWS OpsWorks to create a stack for the application with a DynamoDB layer, an Application Load Balancer layer, and an Amazon EC2 instance layer. Use a Chef recipe to build the application and a Chef recipe to deploy the application to the EC2 instance layer. Use custom health checks to run unit tests on each instance with rollback on failure.

Answer: D

NEW QUESTION # 107
......

The AWS Certified DevOps Engineer - Professional certification exam is a challenging but rewarding opportunity for experienced DevOps engineers to demonstrate their expertise in deploying and managing applications on AWS using DevOps principles and practices. By achieving this certification, candidates can increase their career opportunities and demonstrate their commitment to excellence in the field of DevOps.

 

Get AWS-DevOps Actual Free Exam Q&As to Prepare Certification: https://www.testvalid.com/AWS-DevOps-exam-collection.html

Amazon Actual Free Exam Questions And Answers: https://drive.google.com/open?id=1ysUeMfPLEXecyrAV8mjOKYiZcg2BTvgL