[Feb-2022] AWS-DevOps Braindumps - AWS-DevOps Questions to Get Better Grades [Q23-Q42]

[Feb-2022] AWS-DevOps Braindumps – AWS-DevOps Questions to Get Better Grades

AWS-DevOps Exam Dumps - Try Best AWS-DevOps Exam Questions - VCEDumps

Amazon AWS Certified DevOps Engineer – Professional: Main Requirements

This certification is intended for those individuals who know how to perform the DevOps Engineer role. Considering the fact that this is a professional-level certificate, you should fulfill certain requirements to become eligible for it. Therefore, you need to have at least two years of hands-on experience managing, operating, and provisioning the AWS environments. Besides that, you should know how to develop code, which means that you need to have some skills with at least one programming language of a high level. This certification also requires that you are able to build highly automated infrastructures and administer operating systems. Your level of knowledge and expertise should also include a full understanding of methodologies, operations processes, and modern development.

The prerequisite exam for the Amazon AWS Certified DevOps Engineer – Professional certification evaluates your skills in operating the methodologies and continuous delivery systems on AWS, so you need to be ready for that. Another skill you have to possess include the deployment of logging systems, metrics, and monitoring on AWS. It is also important to know how to automate compliance validation, governance processes, and security controls. Your ability to successfully design, maintain, and manage various tools will be also critical for the automation of operational processes.

 

NEW QUESTION 23
You are a Devops Engineer for your company. You are planning on using Cloudwatch for monitoring the resources hosted in AWS. Which of the following can you do with Cloudwatch logs ideally. Choose 3 answers from the options given below

• A. Sendthe log data to AWS Lambda for custom processing
• B. StreamthelogdatatoAmazonKinesisforfurtherprocessing
• C. Sendthe data to SQS for further processing.
• D. Streamthe log data into Amazon Elasticsearch for any search analysis required.

Answer: A,B,D

Explanation:
Explanation
Amazon Kinesis can be used for rapid and continuous data intake and aggregation. The type of data used includes IT infrastructure log data, application logs, social media, market data feeds, and web clickstream data Amazon Lambda is a web service which can be used to do serverless computing of the logs which are published by Cloudwatch logs Amazon dasticsearch Service makes it easy to deploy, operate, and scale dasticsearch for log analytics, full text search, application monitoring, and more.
For more information on Cloudwatch logs please see the below link:
* http://docs.ws.amazon.com/AmazonCloudWatch/latest/logs/WhatlsCloudWatchLogs.html

 

NEW QUESTION 24
A company is using AWS CodeDeploy to manage its application deployments. Recently, the Development team decided to use GitHub for version control, and the team is looking for ways to integrate the GitHub repository with CodeDeploy. The team also needs to develop a way to automate deployment whenever there is a new commit on that repository. The team is currently deploying new application revisions by manually indicating the Amazon S3 location.
How can the integration be achieved in the MOST efficient way?

• A. Create an AWS CodePipeline pipeline that uses GitHub as a source provider and AWS CodeDeploy as a deployment provider. Connect this new pipeline with the GitHub account and instruct CodePipeline to use webhooks in GitHub to automatically start the pipeline when a change occurs.
• B. Create a GitHub webhook to replicate the repository to AWS CodeCommit. Create an AWS CodePipeline pipeline that uses CodeCommit as a source provider and AWS CodeDeploy as a deployment provider.
  Once configured, commit a change to the GitHub repository to start the first deployment.
• C. Create an AWS CodeDeploy custom deployment configuration to associate the GitHub repository with the deployment group. During the association process, authenticate the deployment group with GitHub to obtain the GitHub security authentication token. Configure the deployment group options to automatically deploy if a new commit is found. Perform a new commit to the GitHub repository to trigger the first deployment.
• D. Create an AWS Lambda function to check periodically if there has been a new commit within the GitHub repository. If a new commit is found, trigger a CreateDeployment API call to AWS CodeDeploy to start a new deployment based on the last commit ID within the deployment group.

Answer: C

 

NEW QUESTION 25
What is the amount of time that Opswork stacks services waits for a response from an underlying instance
before deeming it as a failed instance?

• A. 20minutes.
• B. 5minutes.
• C. 60minutes
• D. Iminute.

Answer: B

Explanation:
Explanation
The AWS Documentation mentions
Every instance has an AWS OpsWorks Stacks agent that communicates regularly with the service. AWS
OpsWorks Stacks uses that communication to monitor instance health. If an agent does not communicate with
the service for more than approximately five minutes, AWS OpsWorks Stacks considers the instance to have
failed.
For more information on the Auto healing feature, please visit the below URL:
* http://docs.aws.amazon.com/opsworks/latest/userguide/workinginstances-auto
healing.htm I

 

NEW QUESTION 26
A business has an application that consists of five independent AWS Lambda functions. The DevOps Engineer has built a CI/CD pipeline using AWS CodePipeline and AWS CodeBuild that builds, tests, packages, and deploys each Lambda function in sequence. The pipeline uses an Amazon CloudWatch Events rule to ensure the pipeline execution starts as quickly as possible after a change is made to the application source code.
After working with the pipeline for a few months the DevOps Engineer has noticed the pipeline takes too long to complete.
What should the DevOps Engineer implement to BEST improve the speed of the pipeline?

• A. Create a custom CodeBuild execution environment that includes a symmetric multiprocessing configuration to run the builds in parallel.
• B. Modify the CodePipeline configuration to execute actions for each Lambda function in parallel by specifying the same runOrder.
• C. Modify each CodeBuild project to run within a VPC and use dedicated instances to increase throughput.
• D. Modify the CodeBuild projects within the pipeline to use a compute type with more available network throughput.

Answer: B

 

NEW QUESTION 27
You need to create a simple, holistic check for your system's general availablity and uptime. Your system
presents itself as an HTTP-speaking API. What is the most simple tool on AWS to achieve this with?

• A. EC2 Health Checks
• B. CloudWatch Health Checks
• C. Route53 Health Checks
• D. AWS ELB Health Checks

Answer: C

Explanation:
You can create a health check that will run into perpetuity using Route53, in one API call, which will ping
your service via HTTP every 10 or 30 seconds.
Amazon Route 53 must be able to establish a TCP connection with the endpoint within four seconds. In
addition, the endpoint must respond with an HTTP status code of 200 or greater and less than 400 within
two seconds after connecting.
Reference:
http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-determining-health-of-endpoint
s.html

 

NEW QUESTION 28
Which of the following credentials types are supported by AWSCodeCommit? Select 3 Options

• A. AWS Access Kevs
• B. User name/password
• C. Git Credentials
• D. SSH Keys

Answer: A,C,D

Explanation:
Explanation
The AWS documentation mentions
I AM supports AWS CodeCommit with three types of credentials:
* Git credentials, an 1AM -generated user name and password pair you can use to communicate with AWS CodeCommit repositories over HTTPS.
* SSH keys, a locally generated public-private key pair that you can associate with your 1AM user to
* communicate with AWS CodeCommit repositories over SSH.
AWS access keys, which you can use with the credential helper included with the AWS CLI to communicate with AWS CodeCommit repositories over HTTPS.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_ssh-keys.htmI

 

NEW QUESTION 29
An ecommerce company is receiving reports that its order history page is experiencing delays in reflecting the processing status of orders. The order processing system consists of an AWS Lambda function using reserved concurrency. The Lambda function processes order messages from an Amazon SQS queue and inserts processed orders into an Amazon DynamoDB table. The DynamoDB table has Auto Scaling enabled for read and write capacity.
Which actions will diagnose and resolve the delay? (Select TWO.)

• A. Check the NumberOfMessagesSent metric for the SQS queue and increase the SQS queue visibility timeout.
• B. Check the ThrottledWriteRequests metric for the DynamoDB table and increase the maximum write capacity units for the table's Auto Scaling policy.
• C. Check the ApproximateAgeOfOldestMessage metric for the SQS queue and increase the Lambda function concurrency limit.
• D. Check the ApproximateAgeOfOldestMessage metric for the SQS queue and configure a redrive policy on the SQS queue.
• E. Check the Throttles metric for the Lambda function and increase the Lambda function timeout.

Answer: C,D

 

NEW QUESTION 30
A DevOps Engineer at a startup cloud-based gaming company has the task formalizing deployment strategies.
The strategies must meet the following requirements:
Use standard Git commands, such as git clone and git push for the code repository.
Management tools should maximize the use of platform solutions where possible.
Deployment packages must be immutable and in the form of Docker images.
How can the Engineer meet these requirements?

• A. Use AWS CodePipeline to trigger a build process when software is pushed to a private GitHub repository. CodePipeline will use AWS CodeBuild to build new Docker images. CodePipeline will deploy into a second target group in Amazon ECS behind an Application Load Balancer. Cutover will be managed by swapping the listener rules on the Application Load Balancer.
• B. Use AWS CodePipeline to trigger a build process when software is pushed to a self-hosted GitHub repository. CodePipeline will use a Jenkins build server to build new Docker images. CodePipeline will deploy into a second target group in Amazon ECS behind an Application Load Balancer. Cutover will be managed by swapping the listener rules on the Application Load Balancer.
• C. Use a Jenkins pipeline to trigger a build process when software is pushed to a private GitHub repository.
  AWS CodePipeline will use AWS CodeBuild new Docker images. CodePipeline will deploy into a second target group in Amazon ECS behind an Application Load Balancer. Cutover will be managed by swapping the listener rules on the Application Load Balancer.
• D. Use AWS CodePipeline to trigger a build process when software is pushed to an AWS CodeCommit repository CodePipeline will use an AWS CodeBuild build server to build new Docker images.
  CodePipeline will deploy into a second target group in a Kubernetes Cluster hosted on Amazon EC2 behind an Application Load Balancer. Cutover will be managed by swapping the listener rules on the Application Load Balancer.

Answer: A

 

NEW QUESTION 31
A DevOps Engineer is working on a project that is hosted on Amazon Linux and has failed a security review.
The DevOps Manager has been asked to review the company buildspec.yaml file for an AWS CodeBuild project and provide recommendations. The buildspec.yaml file is configured as follows:

What changes should be recommended to comply with AWS security best practices? (Select THREE.)

• A. Update the CodeBuild project role with the necessary permissions and then remove the AWS credentials from the environment variable.
• B. Move the environment variables to the "db-deploy-bucket' Amazon S3 bucket, add a prebuild stage to download, then export the variables.
• C. Add a post-build command to remove the temporary files from the container before termination to ensure they cannot be seen by other CodeBuild users.
• D. Scramble the environment variables using XOR followed by Base64, add a section to install, and then run XOR and Base64 to the build phase.
• E. Store the DB_PASSWORD as a SecureString value in AWS Systems Manager Parameter Store and then remove the DB_PASSWORD from the environment variables.
• F. Use AWS Systems Manager run command versus scp and ssh commands directly to the instance.

Answer: A,E,F

Explanation:
Explanation
https://aws.amazon.com/codebuild/faqs/

 

NEW QUESTION 32
You work for a company that has multiple applications which are very different and built on different programming languages. How can you deploy applications as quickly as possible?

• A. Develop each app in one Docker container and deploy using ElasticBeanstalk
• B. Create a Lambda function deployment package consisting of code and any dependencies
• C. Develop each app in a separate Docker container and deploy using Elastic Beanstalk V
• D. Develop each app in a separate Docker containers and deploy using CloudFormation

Answer: C

Explanation:
Explanation
Elastic Beanstalk supports the deployment of web applications from Docker containers. With Docker containers, you can define your own runtime environment. You can choose your own platform, programming language, and any application dependencies (such as package managers or tools), that aren't supported by other platforms. Docker containers are self-contained and include all the configuration information and software your web application requires to run.
Option A is an efficient way to use Docker. The entire idea of Docker is that you have a separate environment for various applications.
Option B is ideally used to running code and not packaging the applications and dependencies Option D is not ideal deploying Docker containers using Cloudformation For more information on Docker and Clastic Beanstalk, please visit the below URL:
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker.html

 

NEW QUESTION 33
You have deployed an Elastic Beanstalk application in a new environment and want to save the current state of your environment in a document. You want to be able to restore your environment to the current state later or possibly create a new environment. You also want to make sure you have a restore point. How can you achieve this?

• A. Configuration Management Templates
• B. Saved Configurations
• C. Use CloudFormation templates
• D. Saved Templates

Answer: B

Explanation:
Explanation
You can save your environment's configuration as an object in Amazon S3 that can be applied to other environments during environment creation, or applied to a running environment. Saved configurations are YAML formatted templates that define an environment's platform configuration, tier, configuration option settings, and tags.
For more information on Saved Configurations please refer to the below link:
* http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/environment-configuration-savedconfig.html

 

NEW QUESTION 34
Your CTO is very worried about the security of your AWS account. How best can you prevent hackers from
completely hijacking your account?

• A. Useshort but complex password on the root account and any administrators.
• B. Don'twrite down or remember the root account password after creating the AWSaccount.
• C. UseMFA on all users and accounts, especially on the root account.
• D. UseAWS 1AM Geo-Lock and disallow anyone from logging in except for in your city.

Answer: C

Explanation:
Explanation
The AWS documentation mentions the following on MFA
AWS Multi-Factor Authentication (MFA) is a simple best practice that adds an extra layer of protection on top
of your user name and password. With MFA enabled, when a user signs in to an AWS website, they will be
prompted for their user name and password (the first factor-what they know), as well as for an authentication
code from their AWS MFA device (the second factor-what they have). Taken together, these multiple factors
provide increased security for your AWS account settings and resources.
For more information on MFA please visit the below link
https://aws.ama zon.com/ia m/detai Is/mfa/

 

NEW QUESTION 35
As part of your continuous deployment process, your application undergoes an I/O load performance test
before it is deployed to production using new AMIs. The application uses one Amazon Elastic Block Store
(EBS) PIOPS volume per instance and requires consistent I/O performance. Which of the following must be
carried out to ensure that I/O load performance tests yield the correct results in a repeatable manner?

• A. Ensure that the I/O block sizes for the test are randomly selected.
• B. Ensure that snapshots of the Amazon EBS volumes are created as a backup.
• C. Ensure that the Amazon EBS volumes have been pre-warmed by reading all the blocks before the test.
• D. Ensure that the Amazon EBS volume is encrypted.

Answer: C

Explanation:
Explanation
During the AMI-creation process, Amazon CC2 creates snapshots of your instance's root volume and any
other CBS volumes attached to your instance
New CBS volumes receive their maximum performance the moment that they are available and do not require
initialization (formerly known as pre-warming).
However, storage blocks on volumes that were restored from snapshots must to initialized (pulled down from
Amazon S3 and written to the volume) before you can access the block. This preliminary action takes time and
can cause a significant increase in the latency of an I/O operation the first time each block is accessed. For
most applications, amortizing this cost over the lifetime of the volume is acceptable.
Option A is invalid because block sizes are predetermined and should not be randomly selected.
Option C is invalid because this is part of continuous integration and hence volumes can be destroyed after the
test and hence there should not be snapshots created unnecessarily
Option D is invalid because the encryption is a security feature and not part of load tests normally.
For more information on CBS initialization please refer to the below link:
* http://docs.aws.a
mazon.com/AWSCC2/latest/UserGuide/ebs-in itialize.html

 

NEW QUESTION 36
An e-commerce company is running a web application in an AWS Elastic Beanstalk environment.
In recent months, the average load of the Amazon EC2 instances has been increased to handle more traffic. The company would like to improve the scalability and resilience of the environment.
The Development team has been asked to decouple long-running tasks from the environment if the tasks can be executed asynchronously. Examples of these tasks include confirmation emails when users are registered to the platform, and processing images or videos. Also, some of the periodic tasks that are currently running within the web server should be offloaded.
What is the most time-efficient and integrated way to achieve this?

• A. Create a second Elastic Beanstalk worker tier environment and deploy the application to process the asynchronous tasks there. Send the tasks that should be decoupled from the original Elastic Beanstalk web server environment to the auto-generated Amazon SQS queue by the Elastic Beanstalk worker environment. Place a cron.yaml file within the root of the application source bundle for the worker environment periodic tasks. Use environment links to link the web server environment with the worker environment.
• B. Create an Amazon SQS queue and send the tasks that should be decoupled from the Elastic Beanstalk web server environment to the SQS queue. Create a fleet of EC2 instances under an Auto Scaling group. Install and configure the application to listen for messages within the SQS queue from UserData and create periodic tasks by placing those into the cron in the operating system. Create an environment variable within the Elastic Beanstalk web server environment with a value pointing to the SQS queue endpoint.
• C. Create an Amazon SQS queue and send the tasks that should be decoupled from the Elastic Beanstalk web server environment to the SQS queue. Create a fleet of EC2 instances under an Auto Scaling group. Use an AMI that contains the application to process the asynchronous tasks, configure the application to listen for messages within the SQS queue, and create periodic tasks by placing those into the cron in the operating system. Create an environment variable within the Elastic Beanstalk environment with a value pointing to the SQS queue endpoint.
• D. Create a second Elastic Beanstalk web server tier environment and deploy the application to process the asynchronous tasks. Send the tasks that should be decoupled from the original Elastic Beanstalk web server to the auto-generated Amazon SQS queue by the Elastic Beanstalk web server tier environment. Place a cron.yaml file within the root of the application source bundle for the second web server tier environment with the necessary periodic tasks. Use environment links to link both web server environments.

Answer: A

 

NEW QUESTION 37
A DevOps Engineer wants to prevent Developers from pushing updates directly to the company's master branch in AWS CodeCommit. These updates should be approved before they are merged.
Which solution will meet these requirements?

• A. Configure an IAM role for the Developers with access to CodeCommit and attach an access policy to the CodeCommit repository that denies the Developers role access when the reference is master.
  Allow Developers to use feature branches and create a pull request when a feature is complete.
  Allow an approver to use CodeCommit to view the changes and approve the pull requests.
• B. Configure an IAM role for the Developers with access to CodeCommit and an explicit deny for write actions when the reference is the master. Allow Developers to use feature branches and create a pull request when a feature is complete. Allow an approver to use CodeCommit to view the changes and approve the pull requests.
• C. Configure an IAM role for the Developers to use feature branches and create a pull request when a feature is complete. Allow CodeCommit to test all code in the feature branches, and issue a new AWS Security Token Service (STS) token allowing a one-time API call to merge the feature branches into the master. Allow an approver to use CodeCommit to view the changes and approve the pull requests.
• D. Configure an IAM role for the Developers to use feature branches and create a pull request when a feature is complete. Allow CodeCommit to test all code in the feature branches, and dynamically modify the IAM role to allow merging the feature branches into the master. Allow an approver to use CodeCommit to view the changes and approve the pull requests.

Answer: A

 

NEW QUESTION 38
A DevOps Engineer is launching a new application that will be deployed using Amazon Route 53, an Application Load Balancer, Auto Scaling, and Amazon DynamoDB. One of the key requirements of this launch is that the application must be able to scale to meet a sudden load increase. During periods of low usage, the infrastructure components must scale down to optimize cost.
What steps can the DevOps Engineer take to meet the requirements? (Select TWO.)

• A. Configure the Application Load Balancer to automatically adjust the target group based on the current load.
• B. Determine which Amazon EC2 instance limits need to be raised by leveraging AWS Trusted Advisor, and submit a request to AWS Support to increase those limits.
• C. Use AWS Trusted Advisor to submit limit increase requests for the Amazon EC2 instances that will be used by the infrastructure.
• D. Enable Auto Scaling for the DynamoDB tables that are used by the application.
• E. Create an Amazon CloudWatch Events scheduled rule that runs every 5 minutes to track the current use of the Auto Scaling group. If usage has changed, trigger a scale-up event to adjust the capacity. Do the same for DynamoDB read and write capacities.

Answer: A,D

 

NEW QUESTION 39
You are responsible for a large-scale video transcoding system that operates with an Auto Scaling group of video transcoding workers.
The Auto Scaling group is configured with a minimum of 750 Amazon EC2 instances and a maximum of 1000 Amazon EC2 instances.
You are using Amazon SQS to pass a message containing the URI for a video stored in Amazon S3 to the transcoding workers.
An Amazon CloudWatch alarm has notified you that the queue depth is becoming very large.
How can you resolve the alarm without the risk of increasing the time to transcode videos?
Choose 2 answers.

• A. Create a second queue in Amazon SQS.
• B. Change the Amazon CloudWatch alarm so that it monitors the CPU utilization of the Amazon EC2 instances rather than the Amazon SQS queue depth.
• C. Adjust the Amazon CloudWatch alarms for a higher queue depth.
• D. Adjust the Auto Scaling group configuration to increase the maximum number of Amazon EC2 instances.
• E. Add an additional Availability Zone to the Auto Scaling group configuration.
• F. Create a new Auto Scaling group with a launch configuration that has a larger Amazon EC2 instance type

Answer: D,F

 

NEW QUESTION 40
A development team wants to deploy an application using AWS CloudFormation stacks, but the developer IAM role does not currently have the required permissions to provision the resources specified in the CloudFormation template. A DevOps engineer is tasked with allowing developers to deploy the stacks while following the principal of least privilege.
Which solution will meet these requirements?

• A. Create a new IAM role with the required permissions to use as a CloudFormation service role. Grant the developer role a cloudformation:* action.
• B. Create an IAM policy that allows full access to CloudFormation. Attach the policy to the developer role.
• C. Create an IAM policy that allows developers to provision the required resources. Attach the policy to the developer role.
• D. Create a new IAM role with the required permissions to use as a CloudFormation service role. Grant the developer role the iam:PassRole permission.

Answer: A

Explanation:
Explanation
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-servicerole.html

 

NEW QUESTION 41
Your CTO is very worried about the security of your AWS account. How best can you prevent hackers from completely hijacking your account?

• A. Use AWS IAM Geo-Lock and disallow anyone from logging in except for in your city.
• B. Don't write down or remember the root account password after creating the AWS account.
• C. Use MFA on all users and accounts, especially on the root account.
• D. Use short but complex password on the root account and any administrators.

Answer: C

Explanation:
For increased security, we recommend that you configure multi-factor authentication (MFA) to help protect your AWS resources. MFA adds extra security because it requires users to enter a unique authentication code from an approved authentication device or SMS text message when they access AWS websites or services.
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa.html

 

NEW QUESTION 42
......

Disaster Recovery, Fault Tolerance, and High Availability (16%)

• Determining how to automate and design various disaster recovery strategies;
• Defining the right service based on the business needs;
• Evaluating a deployment for the points of failure.
• Determining the appropriate use of multi-region versus multi-AZ architectures;
• Defining the implementation process of fault tolerance, scalability, and high availability;

 

Verified AWS-DevOps exam dumps Q&As with Correct 275 Questions and Answers: https://testinsides.vcedumps.com/AWS-DevOps-examcollection.html