[Q132-Q156] AWS-DevOps-Engineer-Professional Free Update With 100% Exam Passing Guarantee [2021]

AWS-DevOps-Engineer-Professional Free Update With 100% Exam Passing Guarantee [2021]

[Sep-2021] Verified Amazon Exam Dumps with AWS-DevOps-Engineer-Professional Exam Study Guide

NEW QUESTION 132
To override an allow in an IAM policy, you set the Effect element to ______.

• A. Allow
• B. Block
• C. Deny
• D. Stop

Answer: C

Explanation:
By default, access to resources is denied. To allow access to a resource, you must set the Effect element to Allow. To override an allow (for example, to override an allow that is otherwise in force), you set the Effect element to Deny.
Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguage_ElementDescriptions.
html

 

NEW QUESTION 133
You are a Devops engineerforyourcompany. You have been instructed to deploy docker containers using the
Opswork service. How could you achieve this? Choose 2 answers from the options given below

• A. Inthe App for Opswork deployment, specify the git url for the recipes which willdeploy the applications
  in the docker environment.
• B. UseCloudformation to deploy docker containers since this is not possible inOpswork. Then attach the
  Cloudformation resources as a layer in Opswork.
• C. Usecustom cookbooks for your Opswork stack and provide the Git repository which hasthe chef recipes
  for the Docker containers. ^
• D. UseElastic beanstalk to deploy docker containers since this is not possible inOpswork. Then attach the
  elastic beanstalk environment as a layer in Opswork.

Answer: A,C

Explanation:
Explanation
This is mentioned in the AWS documentation
AWS OpsWorks lets you deploy and manage application of all shapes and sizes. Ops Works layers let you
create blueprints for CC2 instances to install and configure
any software that you want.
For more information on Opswork and Docker, please refer to the below link:
* https://aws.amazon.com/blogs/devops/running-docker-on-aws-opsworks/

 

NEW QUESTION 134
Management has reported an increase in the monthly bill from Amazon Web Services, and they are extremely
concerned with this increased cost. Management has asked you to determine the exact cause of this increase.
After reviewing the billing report, you notice an increase in the data transfer cost. How can you provide
management with a better insight into data transfer use?

• A. Use Amazon CloudWatch Logs to run a map-reduce on your logs to determine high usage and data
  transfer.
• B. Update your Amazon CloudWatch metrics to use five-second granularity, which will give better detailed
  metrics that can be combined with your billing data to pinpoint anomalies.
• C. Deliver custom metrics to Amazon CloudWatch per application that breaks down application data
  transfer into multiple, more specific data points.
  D- Using Amazon CloudWatch metrics, pull your Elastic Load Balancing outbound data transfer
  metrics monthly, and include them with your billing report to show which application is causing higher
  bandwidth usage.

Answer: C

Explanation:
Explanation
You can publish your own metrics to CloudWatch using the AWS CLI or an API. You can view statistical
graphs of your published metrics with the AWS Management Console.
CloudWatch stores data about a metric as a series of data points. Each data point has an associated time stamp.
You can even publish an aggregated set of data points called a statistic set.
If you have custom metrics specific to your application, you can give a breakdown to the management on the
exact issue.
Option A won't be sufficient to provide better insights.
Option B is an overhead when you can make the application publish custom metrics
Option D is invalid because just the ELB metrics will not give the entire picture
For more information on custom metrics, please refer to the below document link: from AWS
* http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/publ
ishingMetrics.htmI

 

NEW QUESTION 135
You have a web application that's developed in Node.js The code is hosted in Git repository. You want to now deploy this application to AWS. Which of the below 2 options can fulfil this requirement.

• A. Create an AWS CloudFormation template which creates an instance with the AWS::EC2::Container resources type. With UserData, install Git to download the Node.js application and then set it up.
• B. Create an AWS CloudFormation template which creates an instance with the AWS::EC2::lnstance resource type and an AMI with Docker pre-installed. With UserData, install Git to download the Node.js application and then set it up.
• C. Create an Elastic Beanstalk application. Create a Docker file to install Node.js. Get the code from Git.
  Use the command "aws git.push" to deploy the application
• D. Create a Docker file to install Node.js. and gets the code from Git. Use the Dockerfile to perform the deployment on a new AWS Elastic Beanstalk application. S

Answer: B,D

Explanation:
Explanation
Option A is invalid because there is no "awsgitpush" command
Option B is invalid because there is no AWS::CC2::Container resource type.
Clastic Beanstalk supports the deployment of web applications from Docker containers. With Docker containers, you can define your own runtime environment. You can choose your own platform, programming language, and any application dependencies (such as package managers or tools), that aren't supported by other platforms. Docker containers are self-contained and include all the configuration information and software your web application requires to run.
For more information on Docker and Clastic beanstalk please refer to the below link:
http://docs.aws.a
mazon.com/elasticbeanstalk/latest/dg/create_deploy_docker.html
When you launch an instance in Amazon CC2, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts.
You can pass two types of user data to Amazon CC2: shell scripts and cloud-init directives. You can also pass this data into the launch wizard as plain text, as a file (this is useful for launching instances using the command line tools), or as base64-encoded text (for API calls). For more information on Cc2 User data please refer to the below link:
* http://docs.aws.a
mazon.com/AWSCC2/latest/UserGuide/user-data. htm I
Note: "git aws.push" with CB CLI 2.x - see a forum thread at
https://forums.aws.amazon.com/thread.jspa7messageID=583202#jive-message-582979. Basically, this is a predecessor to the newer "eb deploy" command in CB CLI 31. This question kept in order to be consistent with exam.

 

NEW QUESTION 136
A DevOps Engineer is launching a new application that will be deployed on infrastructure using Amazon Route
53, an Application Load Balancer, Auto Scaling, and Amazon DynamoDB. One of the key requirements of this launch is that the application must be able to scale to meet a load increase. During periods of low usage, the infrastructure components must scale down to optimize cost.
What steps can the DevOps Engineer take to meet the requirements? (Choose two.)

• A. Configure the Application Load Balancer to automatically adjust the target group based on the current load.
• B. Create an Amazon CloudWatch Events scheduled rule that runs every 5 minutes to track the current use of the Auto Scaling group. If usage has changed, trigger a scale-up event to adjust the capacity. Do the same for DynamoDB read and write capacities.
• C. Enable Auto Scaling for the DynamoDB tables that are used by the application.
• D. Use AWS Trusted Advisor to submit limit increase requests for the Amazon EC2 instances that will be used by the infrastructure.
• E. Determine which Amazon EC2 instance limits need to be raised by leveraging AWS Trusted Advisor, and submit a request to AWS Support to increase those limits.

Answer: B,C

Explanation:
Explanation/Reference: https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html

 

NEW QUESTION 137
A company wants to adopt a methodology for handling security threats from leaked and compromised IAM access keys. The DevOps Engineer has been asked to automate the process of acting upon compromised access keys, which includes identifying users, revoking their permissions, and sending a notification to the Security team.
Which of the following would achieve this goal?

• A. Use the AWS Trusted Advisor generated security report for access keys. Use AWS Lambda to scan through the report. Use scan result inside AWS Lambda and delete compromised IAM access keys. Use Amazon SNS to notify the Security team.
• B. Use the AWS Trusted Advisor generated security report for access keys. Use Amazon EMR to run analytics on the report. Identify compromised IAM access keys and delete them. Use Amazon CloudWatch with an EMR Cluster State Change event to notify the Security team.
• C. Use AWS Lambda with a third-party library to scan for compromised access keys. Use scan result inside AWS Lambda and delete compromised IAM access keys. Create Amazon CloudWatch custom metrics for compromised keys. Create a CloudWatch alarm on the metrics to notify the Security team.
• D. Use AWS Trusted Advisor to identify compromised access keys. Create an Amazon CloudWatch Events rule with Trusted Advisor as the event source, and AWS Lambda and Amazon SNS as targets. Use AWS Lambda to delete compromised IAM access keys and Amazon SNS to notify the Security team.

Answer: D

Explanation:
Explanation/Reference: https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf

 

NEW QUESTION 138
Your serverless architecture using AWS API Gateway, AWS Lambda, and AWS DynamoDB experienced a large increase in traffic to a sustained 400 requests per second, and dramatically increased in failure rates. Your requests, during normal operation, last 500 milliseconds on average. Your DynamoDB table did not exceed 50% of provisioned throughput, and Table primary keys are designed correctly. What is the most likely issue?

• A. You used Consistent Read requests on DynamoDB and are experiencing semaphore lock.
• B. Your AWS API Gateway Deployment is bottlenecking on request (de)serialization.
• C. Your API Gateway deployment is throttling your requests.
• D. You did not request a limit increase on concurrent Lambda function executions.

Answer: D

Explanation:
AWS API Gateway by default throttles at 500 requests per second steady-state, and 1000 requests per second at spike. Lambda, by default, throttles at 100 concurrent requests for safety.
At 500 milliseconds (half of a second) per request, you can expect to support 200 requests per second at 100 concurrency. This is less than the 400 requests per second your system now requires. Make a limit increase request via the AWS Support Console.
AWS Lambda: Concurrent requests safety throttle per account -> 100
http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_lambda

 

NEW QUESTION 139
A company is adopting AWS CodeDeploy to automate its application deployments for a Java-Apache Tomcat application with an Apache webserver. The Development team started with a proof of concept, created a deployment group for a developer environment, and performed functional tests within the application.
After completion, the team will create additional deployment groups for staging and production The current log level is configured within the Apache settings, but the team wants to change this configuration dynamically when the deployment occurs, so that they can set different log level configurations depending on the deployment group without having a different application revision for each group.
How can these requirements be met with the LEAST management overhead and without requiring different script versions for each deployment group?

• A. Create a CodeDeploy custom environment variable for each environment. Then place a script into the application revision that checks this environment variable to identify which deployment group the instance is part of. Use this information to configure the log level settings. Reference this script as part of the ValidateService lifecycle hook in the appspec.yml file.
• B. Create a script that uses the CodeDeploy environment variable DEPLOYMENT_GROUP_ID to identify which deployment group the instance is part of to configure the log level settings. Reference this script as part of the Install lifecycle hook in the appspec.yml file.
• C. Create a script that uses the CodeDeploy environment variable DEPLOYMENT_GROUP_NAME to identify which deployment group the instances is part of. Use this information to configure the log level settings. Reference this script as part of the BeforeInstall lifecycle hook in the appspec.yml file
• D. Tag the Amazon EC2 instances depending on the deployment group. Then place a script into the application revision that calls the metadata service and the EC2 API to identify which deployment group the instance is part of. Use this information to configure the log level settings. Reference the script as part of the Afterinstall lifecycle hook in the appspec.yml file.

Answer: A

 

NEW QUESTION 140
You currently run your infrastructure on Amazon EC2 instances behind an Auto Scalinggroup. All logs for your application are currentl\ written to ephemeral storage. Recently your company experienced a major bug in the code that made it through testing and was ultimately deployed to your fleet. This bug triggered your Auto Scalinggroup to scale up and back down before you could successfully retrieve the logs off your server to better assist you in troubleshooting the bug. Which technique should you use to make sure you are able to review your logs after your instances have shut down?

• A. Install the CloudWatch Logs Agent on your AMI, and configure CloudWatch Logs Agent to stream your logs. V
• B. Install the CloudWatch monitoring agent on your AMI, and set up new SNS alert for CloudWatch metrics that triggers the CloudWatch monitoring agent to backup all logs on the ephemeral drive.
• C. Configure your Auto Scaling policies to create a snapshot of all ephemeral storage on terminate.
• D. Configure the ephemeral policies on your Auto Scaling group to back up on terminate.

Answer: A

Explanation:
Explanation
You can use Cloud Watch Logs to monitor applications and systems using log data. For example, CloudWatch Logs can track the number of errors that occur in your application logs and send you a notification whenever the rate of errors exceeds a threshold you specify.
CloudWatch Logs uses your log data for monitoring; so, no
code changes are required.
Option A and B are invalid because Autoscaling policies are not designed for these purposes.
Option D is invalid because you use Cloudwatch Logs Agent and not the monitoring agent.
For more information on Cloudwatch logs, please refer to the below link:
* http://docsws.amazon.com/AmazonCloudWatch/latest/logs/WhatlsCloudWatchLogs.html

 

NEW QUESTION 141
You have an application running on Amazon EC2 in an Auto Scaling group. Instances are being bootstrapped dynamically, and the bootstrapping takes over 15 minutes to complete.
You find that instances are reported by Auto Scaling as being In Service before bootstrapping has completed.
You are receiving application alarms related to new instances before they have completed bootstrapping, which is causing confusion.
You find the cause: your application monitoring tool is polling the Auto Scaling Service API for instances that are In Service, and creating alarms for new previously unknown instances.
Which of the following will ensure that new instances are not added to your application monitoring tool before bootstrapping is completed?

• A. Create an Auto Scaling group lifecycle hook to hold the instance in a pending: wait state until your bootstrapping is complete.
  Once bootstrapping is complete, notify Auto Scaling to complete the lifecycle hook and move the instance into a pending: complete state.
• B. Increase the desired number of instances in your Auto Scaling group configuration to reduce the time it takes to bootstrap future instances.
• C. Tag all instances on launch to identify that they are in a pending state.
  Change your application monitoring tool to look for this tag before adding new instances, and the use the Amazon API to set the instance state to 'pending' until bootstrapping is complete.
• D. Use the default Amazon CloudWatch application metrics to monitor your application's health.
  Configure an Amazon SNS topic to send these CloudWatch alarms to the correct recipients.

Answer: A

 

NEW QUESTION 142
A company wants to implement a CI/CD pipeline for building and testing its mobile apps.
A DevOps Engineer has been given the following requirements:
- Use AWS CodePipeline to orchestrate the workflow.
- Test the application on real devices.
- Trigger a notification.
- Stage the application binary on a production bucket in a different account.
- Make the application binary publicly accessible.
Which sequence of actions should the Engineer perform in the pipeline to meet the requirements?

• A. Use AWS CodeCommit as the code source and AWS CodeDeploy to compile and package the application. Use CodeDeploy to deploy the application binary to an AWS Lambda function for testing.
  Use a third-party library on AWS Lambda to simulate the device platform. Allow a Lambda role to upload to the production Amazon S3 bucket. Make the binary publicly accessible. Trigger notifications using Amazon SNS.
• B. Use an Amazon S3 bucket as the code source and AWS CodeBuild to compile and package the application. Use AWS CodeDeploy to deploy the application binary to a device farm for testing.
  Deliver the binary to the production S3 bucket. Use an S3 bucket policy to allow public read on the production S3 bucket. Trigger notifications using an Amazon CloudWatch Events rule with Amazon SNS.
• C. Use AWS CodeCommit as the code source and AWS CodeBuild to compile and package the application. Invoke an AWS Lambda function that uploads the application binary to a device farm for testing. Deliver the binary to the production Amazon S3 bucket. Use an S3 bucket policy to allow public read on the production S3 bucket. Trigger notifications by using an Amazon CloudWatch Events rule.
• D. Use GitHub as the code source and AWS Lambda to compile and package the application. Use another Lambda function to run unit tests and deliver the application binary to a development bucket.
  Use the binary from the development bucket and install the application on a personal device for testing.
  Deliver the binary to the production bucket after approval. Trigger notifications using Amazon SNS.

Answer: C

 

NEW QUESTION 143
You have decided to migrate your application to the cloud. You cannot afford any downtime. You want to gradually migrate so that you can test the application with a small percentage of users and increase over time.
Which of these options should you implement?

• A. Configure an Elastic Load Balancer to distribute the traffic between the on-premises application and the AWS application.
• B. Use Direct Connect to route traffic to the on-premise location. In DirectConnect, configure the amount of traffic to be routed to the on-premise location.
• C. Implement a Route 53 failover routing policy that sends traffic back to the on-premises application if the AWS application fails.
• D. Implement a Route 53 weighted routing policy that distributes the traffic between your on-premises application and the AWS application depending on weight.

Answer: D

Explanation:
Explanation
Option A is incorrect because DirectConnect cannot control the flow of traffic.
Option B is incorrect because you want to split the percentage of traffic. Failover will direct all of the traffic to the backup servers.
Option C is incorrect because you cannot control the percentage distribution of traffic.
Weighted routing lets you associate multiple resources with a single domain name (example.com) or subdomain name (acme.example.com) and choose how much traffic is routed to each resource. This can be useful for a variety of purposes, including load balancing and testing new versions of software.
For more information on the Routing policy please refer to the below link:
* http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.
html

 

NEW QUESTION 144
The company you work for has a huge amount of infrastructure built on AWS. However there has been some
concerns recently about the security of this infrastructure, and an external auditor has been given the task of
running a thorough check of all of your company's AWS assets. The auditor will be in the USA while your
company's infrastructure resides in the Asia Pacific (Sydney) region on AWS. Initially, he needs to check all
of your VPC assets, specifically, security groups and NACLs You have been assigned the task of providing
the auditor with a login to be able to do this. Which of the following would be the best and most secure
solution to provide the auditor with so he can begin his initial investigations? Choose the correct answer from
the options below

• A. Create an 1AM user who will have read-only access to your AWS VPC infrastructure and provide the
  auditor with those credentials.
• B. Create an 1AM user with full VPC access but set a condition that will not allow him to modify anything
  if the request is from any IP other than his own.
• C. Create an 1AM user tied to an administrator role. Also provide an additional level of security with MFA.
  B- Give him root access to your AWS Infrastructure, because he is an auditor he will need access to
  every service.

Answer: B

Explanation:
Explanation
Generally you should refrain from giving high level permissions and give only the required permissions. In
this case option C fits well by just providing the relevant access which is required.
For more information on 1AM please see the below link:
* https://aws.amazon.com/iam/

 

NEW QUESTION 145
A company is implementing an Amazon ECS cluster to run its workload. The company architecture will run multiple ECS services on the cluster, with an Application Load Balancer on the front end, using multiple target groups to route traffic. The Application Development team has been struggling to collect logs that must be collected and sent to an Amazon S3 bucket for near-real time analysis What must the DevOps Engineer configure in the deployment to meet these requirements? (Choose three.)

• A. Use Amazon CloudWatch Events to schedule an AWS Lambda function that will run every 60 seconds running the create-export -task CloudWatch Logs command, then point the output to the logging S3 bucket.
• B. Enable access logging on the Application Load Balancer, then point it directly to the S3 logging bucket.
• C. Download the Amazon CloudWatch Logs container instance from AWS and configure it as a task. Update the application service definitions to include the logging task.
• D. Enable access logging on the target groups that are used by the ECS services, then point it directly to the S3 logging bucket.
• E. Create an Amazon Kinesis Data Firehose with a destination of the S3 logging bucket, then create an Amazon CloudWatch Logs subscription filter for Kinesis.
• F. Install the Amazon CloudWatch Logs logging agent on the ECS instances. Change the logging driver in the ECS task definition to 'awslogs'.

Answer: B,E,F

 

NEW QUESTION 146
A DevOps Engineer must track the health of a stateless RESTful service sitting behind a Classic Load Balancer. The deployment of new application revisions is through a Cl/CD pipeline. If the service's latency increases beyond a defined threshold, deployment should be stopped until the service has recovered.
Which of the following methods allow for the QUICKEST detection time?

• A. Use AWS Lambda and Elastic Load Balancing access logs to detect average latency. Alarm and stop deployment when latency increases beyond the defined threshold.
• B. Use AWS CodeDeploy's Minimum Healthy Hosts setting to define thresholds for rolling back deployments. If these thresholds are breached, roll back the deployment.
• C. Use Metric Filters to parse application logs in Amazon CloudWatch Logs. Create a filter for latency.
  Alarm and stop deployment when latency increases beyond the defined threshold.
• D. Use Amazon CloudWatch metrics provided by Elastic Load Balancing to calculate average latency.
  Alarm and stop deployment when latency increases beyond the defined threshold.

Answer: D

Explanation:
Explanation
https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-cloudwatch-metrics.html
https://docs.aws.amazon.com/codedeploy/latest/userguide/deployments-stop.html

 

NEW QUESTION 147
An application is running on Amazon EC2. It has an attached IAM role that is receiving an AccessDenied error while trying to access a SecureString parameter resource in the AWS Systems Manager Parameter Store. The SecureString parameter is encrypted with a customer- managed Customer Master Key (CMK), What steps should the DevOps Engineer take to grant access to the role while granting least privilege? (Select three.)

• A. Set kms:Decrypt for the parameter resource in the customer-managed CMK policy.
• B. Set ssm:DecryptParameter for the parameter resource in the instance role IAM policy.
• C. Set kms:Decrypt for the customer-managed CMK resource in the role's IAM policy.
• D. Set ssm:GetParamter for the parameter resource in the instance role's IAM policy.
• E. Set kms:GenerateDataKey for the user on the AWS managed SSM KMS key.
• F. Set kms:Decrypt for the instance role in the customer-managed CMK policy.

Answer: A,D,F

 

NEW QUESTION 148
A large enterprise is deploying a web application on AWS. The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application stores data in an Amazon RDS Oracle DB instance and Amazon DynamoDB. There are separate environments for development, testing, and production.
What is the MOST secure and flexible way to obtain password credentials during deployment?

• A. Launch the EC2 instances with an EC2 IAM role to access AWS services. Retrieve the database credentials from AWS Secrets Manager.
• B. Retrieve an access key from an AWS Systems Manager plaintext parameter to access AWS services.
  Retrieve the database credentials from a Systems Manager SecureString parameter.
• C. Retrieve an access key from an AWS Systems Manager SecureString parameter to access AWS services. Retrieve the database credentials from a Systems Manager SecureString parameter.
• D. Launch the EC2 instances with an EC2 IAM role to access AWS services. Store the database passwords in an encrypted config file with the application artifacts.

Answer: D

 

NEW QUESTION 149
There is a requirement to monitor API calls against your AWS account by different users and entities. There
needs to be a history of those calls. The history of those calls are needed in in bulk for later review. Which 2
services can be used in this scenario

• A. AWS CloudTrail; CloudWatch Events
• B. AWS Config; AWS Lambda
• C. AWS CloudTrail; AWS Config
• D. AWS Config; AWS Inspector

Answer: A

Explanation:
Explanation
You can use AWS CloudTrail to get a history of AWS API calls and related events for your account. This
history includes calls made with the AWS Management
Console, AWS Command Line Interface, AWS SDKs, and other AWS services.
For more information on Cloudtrail, please visit the below URL:
* http://docs.aws.a
mazon.com/awscloudtrail/latest/userguide/cloudtrai l-user-guide.html
Amazon Cloud Watch Cvents delivers a near real-time stream of system events that describe changes in
Amazon Web Services (AWS) resources. Using simple rules that you can quickly set up, you can match events
and route them to one or more target functions or streams. Cloud Watch Cvents becomes aware of operational
changes as they occur. Cloud Watch Cvents responds to these operational changes and takes corrective action
as necessary, by sending messages to respond to the environment, activating functions, making changes, and
capturing state information. For more information on Cloud watch events, please visit the below U RL:
* http://docs.aws.a
mazon.com/AmazonCloudWatch/latest/events/Whatl sCloudWatchCvents.html

 

NEW QUESTION 150
A media customer has several thousand Amazon EC2 instances in an AWS account. The customer is using a Slack channel for team communications and important updates. A DevOps Engineer was told to send all AWS-scheduled EC2 maintenance notifications to the company Slack channel.
Which method should the Engineer use to implement this process in the LEAST amount of steps?

• A. Integrate AWS Trusted Advisor with AWS Config. Based on the AWS Config rules created, the AWS Config event can invoke an AWS Lambda function to send notifications to the Slack channel.
• B. Integrate EC2 events with Amazon CloudWatch monitoring. Based on the CloudWatch Alarm created, the alarm can invoke an AWS Lambda function to send EC2 maintenance notifications to the Slack channel.
• C. Integrate AWS Personal Health Dashboard with Amazon CloudWatch Events. Based on the CloudWatch Events created, the event can invoke an AWS Lambda function to send notifications to the Slack channel.
• D. Integrate AWS Support with AWS CloudTrail. Based on the CloudTrail lookup event created, the event can invoke an AWS Lambda function to pass EC2 maintenance notifications to the Slack channel.

Answer: B

 

NEW QUESTION 151
A DevOps Engineer discovered a sudden spike in a website's page load times and found that a recent deployment occurred. A brief diff of the related commit shows that the URL for an external API call was altered and the connecting port changed from 80 to 443. The external API has been verified and works outside the application. The application logs show that the connection is now timing out, resulting in multiple retries and eventual failure of the call.
Which debug steps should the Engineer take to determine the root cause of the issue'?

• A. Check the application logs being written to Amazon CloudWatch Logs for debug information. Check the ingress security group rules and routing rules for the VPC.
• B. Check the egress security group rules and network ACLs for the VPC. Also check the VPC flow logs looking for accepts originating from the web Auto Scaling group.
• C. Check the VPC Flow Logs looking for denies originating from Amazon EC2 instances that are part of the web Auto Scaling group. Check the ingress security group rules and routing rules for the VPC.
• D. Check the existing egress security group rules and network ACLs for the VPC. Also check the application logs being written to Amazon CloudWatch Logs for debug information.

Answer: B

 

NEW QUESTION 152
A company wants to create standard templates for deployment of their Infrastructure. Which AWS service can
be used in this regard? Please choose one option.

• A. AWSCIoudFormation
• B. AmazonSimple Workflow Service
• C. AWSEIastic Beanstalk
• D. AWSOpsWorks

Answer: A

Explanation:
Explanation
AWS Cloud Formation gives developers and systems administrators an easy way to create and manage a
collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion.
You can use AWS Cloud Formation's sample templates or create your own templates to describe the AWS
resources, and any associated dependencies or runtime parameters, required to run your application. You don't
need to figure out the order for provisioning AWS services or the subtleties of making those dependencies
work. Cloud Formation takes care of this for you. After the AWS resources are deployed, you can modify and
update them in a controlled and predictable way, in effect applying version control to your AWS infrastructure
the same way you do with your software. You can also visualize your templates as diagrams and edit them
using a drag-and-drop interface with the AWS CloudFormation Designer.
For more information on Cloudformation, please visit the link:
* https://aws.amazon.com/cloudformation/

 

NEW QUESTION 153
What is true of the way that encryption works with EBS?

• A. Snapshotting an encrypted volume makes an encrypted snapshot when specified / requested; restoring an encrypted snapshot creates an encrypted volume when specified / requested.
• B. Snapshotting an encrypted volume makes an encrypted snapshot; restoring an encrypted snapshot creates an encrypted volume when specified / requested.
• C. Snapshotting an encrypted volume makes an encrypted snapshot when specified / requested; restoring an encrypted snapshot always creates an encrypted volume.
• D. Snapshotting an encrypted volume makes an encrypted snapshot; restoring an encrypted snapshot always creates an encrypted volume.

Answer: D

Explanation:
Snapshots that are taken from encrypted volumes are automatically encrypted. Volumes that are created from encrypted snapshots are also automatically encrypted. Your encrypted volumes and any associated snapshots always remain protected. For more information, see Amazon EBS Encryption.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html

 

NEW QUESTION 154
A DevOps Engineer needs to design and implement a backup mechanism for Amazon EFS. The Engineer is given the following requirements: *The backup should run on schedule. *The backup should be stopped if the backup window expires. *The backup should be stopped if the backup completes before the backup window. *The backup logs should be retained for further analysis. The design should support highly available and fault-tolerant paradigms. *Administrators should be notified with backup metadata. Which design will meet these requirements?

• A. Use AWS Data Pipeline with an Amazon CloudWatch Events rule for scheduling the start/stop of backup activity. Run backup scripts on Amazon EC2 in a single Availability Zone. Use Auto Scaling lifecycle hooks and the SSM Run Command on EC2 for uploading the backup logs to Amazon RDS. Use Amazon SNS to notify administrators with backup activity metadata.
• B. Use Amazon SWF with an Amazon CloudWatch Events rule for scheduling the start/stop of backup activity. Run backup scripts on Amazon EC2 in an Auto Scaling group. Use Auto Scaling lifecycle hooks and the SSM Run Command on EC2 for uploading backup logs to Amazon Redshift. Use CloudWatch Alarms to notify administrators with backup activity metadata.
• C. Use AWS Lambda with an Amazon CloudWatch Events rule for scheduling the start/stop of backup activity. Run backup scripts on Amazon EC2 in an Auto Scaling group. Use Auto Scaling lifecycle hooks and the SSM Run Command on EC2 for uploading backup logs to Amazon S3. Use Amazon SNS to notify administrators with backup activity metadata.
• D. Use AWS CodePipeline with an Amazon CloudWatch Events rule for scheduling the start/stop of backup activity. Run backup scripts on Amazon EC2 in a single Availability Zone. Use Auto Scaling lifecycle hooks and the SSM Run Command on Amazon EC2 for uploading backup logs to Amazon S3. Use Amazon SES to notify admins with backup activity metadata.

Answer: C

Explanation:
https://docs.aws.amazon.com/efs/latest/ug/alternative-efs-backup.html

 

NEW QUESTION 155
A publishing company used AWS Elastic Beanstalk, Amazon S3, and Amazon DynamoDB to develop a web application. The web application has increased dramatically in popularity, resulting in unpredictable spikes in traffic. A DevOps Engineer has noted that 90% of the requests are duplicate read requests.
How can the Engineer improve the performance of the website?

• A. Use Amazon ElastiCache for Redis to cache repeated read requests to DynamoDB and AWS Elemental MediaStore to cache images stored in S3.
• B. Use DynamoDB Accelerator to cache repeated read requests to DynamoDB and Amazon CloudFront to cache images stored in S3.
• C. Use DynamoDB Streams to cache repeated read requests to DynamoDB and API Gateway to cache images stored in S3.
• D. Use Amazon ElastiCache for Memcached to cache repeated read requests to DynamoDB and Varnish to cache images stored in S3.

Answer: B

Explanation:
Explanation
https://aws.amazon.com/blogs/aws/amazon-dynamodb-accelerator-dax-in-memory-caching-for-read-intensive-w
https://aws.amazon.com/dynamodb/dax/

 

NEW QUESTION 156
......

Authentic Best resources for AWS-DevOps-Engineer-Professional Online Practice Exam: https://www.examdumpsvce.com/AWS-DevOps-Engineer-Professional-valid-exam-dumps.html

AWS-DevOps-Engineer-Professional Test Engine Practice Exam: https://drive.google.com/open?id=1VptOWUuU1MUMXAr_y5mJhdZEHAwKU37j