Steps Necessary To Pass The AWS-DevOps-Engineer-Professional Exam from Training Expert Pass4cram [Q85-Q110]

Steps Necessary To Pass The AWS-DevOps-Engineer-Professional Exam from Training Expert Pass4cram

Valid Way To Pass AWS Certified DevOps Engineer's  AWS-DevOps-Engineer-Professional Exam

NEW QUESTION 85
A DevOps Engineer is leading the implementation for automating patching of Windows-based workstations in a hybrid cloud environment by using AWS Systems Manager (SSM).
What steps should the Engineer follow to set up Systems Manager to automate patching in this environment?
(Select TWO.)

• A. Create an IAM service role for Systems Manager so that the ssm.amazonaws.com service can execute the AssumeRole operation. Register the role to enable the creation of a service token. Perform managed-instance activation with the newly created service role.
• B. Run AWS Config to create a list of instances that are unpatched and not compliant. Create an instance scheduler job, and through an AWS Lambda function, perform the instance patching to bring them up to compliance.
• C. Create multiple IAM service roles for Systems Manager so that the ssm.amazonaws.com service can execute the AssumeRole operation on every instance. Register the role on a per-resource level to enable the creation of a service token. Perform managed-instance activation with the newly created service role attached to each managed instance.
• D. Using previously obtained activation codes and activation IDs, download and install the SSM Agent on the hybrid servers, and register the servers or virtual machines on the Systems Manager service. Hybrid instances will show with an "mi-" prefix in the SSM console.
• E. Using previously obtained activation codes and activation IDs, download and install the SSM Agent on the hybrid servers, and register the servers or virtual machines on the Systems Manager service. Hybrid instances will show with an "i-" prefix in the SSM console as if they were provisioned as a regular Amazon EC2 instance.

Answer: A,D

Explanation:
Explanation
https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-managed-instance-activation.html
https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-install-managed-win.html

 

NEW QUESTION 86
What does the Docker network docker_gwbridge do?

• A. allows communication between swarm nodes on the same host
• B. allows communication between containers on the different hosts
• C. allows communication between swarm nodes on different hosts
• D. allows communication between containers on the same host

Answer: C

Explanation:
The docker_gwbridge is a local bridge network which is automatically created by Docker in two different circumstances: When you initialize or join a swarm, Docker creates the docker_gwbridge network and uses it for communication among swarm nodes on different hosts. When none of a container's networks can provide external connectivity, Docker connects the container to the docker_gwbridge network in addition to the container's other networks, so that the container can connect to external networks or other swarm nodes.
Reference:
https://docs.docker.com/engine/userguide/networking/#the-docker_gwbridge-network

 

NEW QUESTION 87
You are responsible for your company's large multi-tiered Windows-based web application running on
Amazon EC2 instances situated behind a load balancer. While reviewing metrics, you've started noticing an
upwards trend for slow customer page load time. Your manager has asked you to come up with a solution to
ensure that customer load time is not affected by too many requests per second. Which technique would you
use to solve this issue?

• A. Re-deploy your infrastructure using an AWS CloudFormation template. Spin up a second AWS
  CloudFormation stack. Configure Elastic Load Balancing SpillOver functionality to spill over any slow
  connections to the second AWS CloudFormation stack.
• B. Re-deploy your infrastructure using AWS CloudFormation, Elastic Beanstalk, and Auto Scaling. Set up
  your Auto Scalinggroup policies to scale based on the number of requests per second as well as the
  current customer load time. *>/
  D- Re-deploy your application using an Auto Scaling template. Configure the Auto Scaling template to
  spin up a new Elastic Beanstalk application when the customer load time surpasses your threshold.
• C. Re-deploy your infrastructure usingan AWS CloudFormation template. Configure Elastic Load
  Balancing health checks to initiate a new AWS CloudFormation stack when health checks return failed.

Answer: B

Explanation:
Explanation
Auto Scaling helps you ensure that you have the correct number of Amazon CC2 instances available to handle
the load for your application. You create collections of
CC2 instances, called Auto Scaling groups. You can specify the minimum number of instances in each Auto
Scaling group, and Auto Scaling ensures that your group
never goes below this size. You can specify the maximum number of instances in each Auto Scaling group,
and Auto Scaling ensures that yourgroup never goes
above this size. If you specify the desired capacity, either when you create the group or at any time thereafter.
Auto Scaling ensures that yourgroup has this many
instances. If you specify scaling policies, then Auto Scaling can launch or terminate instances as demand on
your application increases or decreases.
Option A and B are invalid because Autoscaling is required to solve the issue to ensure the application can
handle high traffic loads.
Option D is invalid because there is no Autoscaling template.
For more information on Autoscaling, please refer to the below document link: from AWS
* http://docs.aws.amazon.com/autoscaling/latest/userguide/Whatl sAutoScaling.html

 

NEW QUESTION 88
A Development team uses AWS CodeCommit for source code control. Developers apply their changes to various feature branches and create pull requests to move those changes to the master branch when they are ready for production. A direct push to the master branch should not be allowed. The team applied the AWS managed policy AWSCodeCommitPowerUser to the Developers' IAM Rote, but now members are able to push to the master branch directly on every repository in the AWS account.
What actions should be taken to restrict this?

• A. Modify the IAM policy and include a deny rule for the codecommit:GitPush action for the specific repositories in the resource statement with a condition for the master reference.
• B. Create an additional policy to include an allow rule for the codecommit:GitPush action and include a restriction for the specific repositories in the resource statement with a condition for the feature branches reference.
• C. Create an additional policy to include a deny rule for the codecommit:GitPush action, and include a restriction for the specific repositories in the resource statement with a condition for the master reference.
• D. Remove the IAM policy and add an AWSCodeCommitReadOnly policy. Add an allow rule for the codecommit:GitPush action for the specific repositories in the resource statement with a condition for the master reference.

Answer: C

Explanation:
Explanation
https://aws.amazon.com/pt/blogs/devops/refining-access-to-branches-in-aws-codecommit/

 

NEW QUESTION 89
A DevOps Engineer just joined a new company that is already running workloads on Amazon EC2 instances. AWS has been adopted incrementally with no central governance. The Engineer must now assess how well the existing deployments comply with the following requirements:
- EC2 instances are running only approved AMIs.
- Amazon EBS volumes are encrypted.
- EC2 instances have an Owner tag.
- Root login over SSH is disabled on EC2 instances.
Which services should the Engineer use to perform this assessment with the LEAST amount of effort? (Select TWO.)

• A. AWS Config
• B. Amazon Inspector
• C. AWS Directory Service
• D. AWS System Manager
• E. Amazon GuardDuty

Answer: A,D

 

NEW QUESTION 90
A financial institution provides security-hardened AMIs of Red Hat Enterprise Linux 7.4 and Windows Server
2016 for its application teams to use in deployments. A DevOps Engineer needs to implement an automated daily check of each AMI to monitor for the latest CVE.
How should the Engineer implement these checks using Amazon Inspector?

• A. Tag each AMI with SecurityCheck: True. Implement a scheduled Amazon Inspector assessment to run once each day for all AMIs with the tag SecurityCheck: True. Amazon Inspector should automatically launch an Amazon EC2 instance for each AMI and perform a security assessment.
• B. Install the Amazon Inspector agent in each AMI. Configure AWS Step Functions to launch an Amazon EC2 instance for each operating system from the hardened AMI, and tag the instance with SecurityCheck: True.
  Once EC2 instances have booted up, Step Functions will trigger an Amazon Inspector assessment for all instances with the tag SecurityCheck: True. Implement a scheduled Amazon CloudWatch Events rule that triggers Step Functions once each day.
• C. Tag each AMI with SecurityCheck: True. Configure AWS Step Functions to first compose an Amazon Inspector assessment template for all AMIs that have the tag SecurityCheck: True and second to make a call to the Amazon Inspector API action StartAssessmentRun. Implement a scheduled Amazon CloudWatch Events rule that triggers Step Functions once each day.
• D. Tag each instance with SecurityCheck: True. Implement a scheduled Amazon Inspector assessment to run once each day for all instances with the tag SecurityCheck: True. Amazon Inspector should automatically perform an in-place security assessment for each AMI.

Answer: B

 

NEW QUESTION 91
A company is using AWS for an application. The Development team must automate its deployments. The team has set up an AWS CodePipeline to deploy the application to Amazon EC2 instances by using AWS CodeDeploy after it has been built using the AWS CodeBuild service. The team would like to add automated testing to the pipeline to confirm that the application is healthy before deploying it to the next stage of the pipeline using the same code. The team requires a manual approval action before the application is deployed, even if the test is successful. The testing and approval must be accomplished at the lowest costs, using the simplest management solution. Which solution will meet these requirements?

• A. Add a test action after the last deployment action. Use a Jenkins server on Amazon EC2 to do the required tests and mark the action as successful if the tests pass. Create a manual approval action that uses Amazon SQS to notify the team and add a deploy action to deploy the application to the next stage.
• B. Add a test action after the last deploy action of the pipeline. Configure the action to use CodeBuild to perform the required tests. If these tests are successful, mark the action as successful. Add a manual approval action that uses Amazon SNS to notify the team, and add a deploy action to deploy the application to the next stage.
• C. Create a new pipeline that uses a source action that gets the code from the same repository as the first pipeline. Add a deploy action to deploy the code to a test environment. Use a test action using AWS Lambda to test the deployment. Add a manual approval action by using Amazon SNS to notify the team, and add a deploy action to deploy the application to the next stage.
• D. Add a manual approval action after the last deploy action of the pipeline. Use Amazon SNS to inform the team of the stage being triggered. Next, add a test action using CodeBuild to do the required tests. At the end of the pipeline, add a deploy action to deploy the application to the next stage.

Answer: B

Explanation:
https://docs.aws.amazon.com/codebuild/latest/userguide/sample-build-notifications.html

 

NEW QUESTION 92
Which statement is true about configuring proxy support for Amazon Inspector agent on a Windows-based system?

• A. Amazon Inspector agent supports proxy usage on Windows-based systems through awsagent.env configuration file.
• B. Amazon Inspector agent supports proxy usage on Windows-based systems through the use of the WinHTTP proxy.
• C. Amazon Inspector agent supports proxy usage on Linux-based systems but not on Windows.
• D. Amazon Inspector proxy support on Windows-based systems is achieved through installing proxy-enabled version of the agent which comes with preconfigured files that you need to edit to match your environment.

Answer: B

Explanation:
Proxy support for AWS agents is achieved through the use of the WinHTTP proxy.
Reference:
https://docs.aws.amazon.com/inspector/latest/userguide/inspector_agents-on-win.html#inspector- agent-proxy

 

NEW QUESTION 93
When you add lifecycle hooks to an Autoscaling Group, what are the wait states that occur during the scale in
and scale out process. Choose 2 answers from the options given below

• A. Pending:Wait
• B. Launching:Wait
• C. Exiting:Wait
• D. Terminating:Wait

Answer: A,D

Explanation:
Explanation
The AWS Documentation mentions the following
After you add lifecycle hooks to your Auto Scaling group, they work as follows:
1. Auto Scaling responds to scale out events by launching instances and scale in events by terminating
instances.
2. Auto Scaling puts the instance into a wait state (Pending:Wait orTerminating: Wait). The instance is paused
until either you tell Auto Scaling to continue or the timeout period ends.
For more information on Autoscaling Lifecycle hooks, please visit the below URL: * http://docs.aws.a
mazon.com/autoscaling/latest/userguide/lifecycle-hooks.htm I

 

NEW QUESTION 94
A company wants to use Amazon ECS to provide a Docker container runtime environment.
For compliance reasons, all Amazon EBS volumes used in the ECS cluster must be encrypted.
Rolling updates will be made to the cluster instances and the company wants the instances drained of all tasks before being terminated.
How can these requirements be met? (Select TWO.)

• A. Modify the default ECS AMI user data to create a script that executes docker rm ""f {id} for all running container instances. Copy the script to the /etc/ init.d/rc.d directory and execute chconfig enabling the script to run during operating system shutdown.
• B. Use AWS CodePipeline to build a pipeline that discovers the latest Amazon-provided ECS AMI, then copies the image to an encrypted AMI outputting the encrypted AMI ID. Use the encrypted AMI ID when deploying the cluster.
• C. Copy the default AWS CloudFormation template that ECS uses to deploy cluster instances.
  Modify the template resource EBS configuration setting to set `Encrypted: True' and include the AWS KMS alias:`aws/ebs' to encrypt the AMI.
• D. Create an Auto Scaling lifecycle hook backed by an AWS Lambda function that uses the AWS SDK to mark a terminating instance as DRAINING. Prevent the lifecycle hook from completing until the running tasks on the instance are zero.
• E. Create an IAM role that allows the action ECS::EncryptedImage. Configure the AWS CLI and a profile to use this role. Start the cluster using the AWS CLI providing the --use-encrypted-image and --kms-key arguments to the create-cluster ECS command.

Answer: C,D

Explanation:
Breakdown.
All EBS volumes used in ECS cluster must be encrypted.
Instances drained of all taksks before being teminated.
Select 2 options.
A. This is a docker level config - nope.
B. Way too much engineering for an encrypted image.
C. Explanation.
C1. If you launch an ECS cluter in console, you get 3 templates to choose from, these are CloudFormation templates for EC2 on-demand or spot instance based deployments.# C2. EBS configuration. Encrypted: True is a valid boolean key + value.
C3. AWS KMS. Alias is accurate.
C4. Option C is valid.
D. This is standard valid behaviour. Different ways to do things, this method is valid. They intentionally used the 'the AWS SDK' to bring doubts into how you do this. Cover the text to layman tems: AWS SDK = in Lambda use something like python to make a call to AWS to put the instance in draining mode.
D response is valid.
E. ECS::EncryptedImage does not exist. No AWS CLI for the --use-encrypted either. Nope.
Final answer.
C and D.
(Try actually deploying a 2 node cluster on T2 micro instances and play around - see what happens and look at the cloudformation templater (EC2+Linux tempalate).

 

NEW QUESTION 95
An application runs on Amazon EC2 instances behind an Application Load Balancer. Amazon RDS MySOL is used on the backend. The instances run in an Auto Scaling group across multiple Availability Zones. The Application Load Balancer health check ensures the web servers are operating and able to make read/write SQL connections. Amazon Route 53 provides DNS functionality with a record pointing to the Application Load Balancer. A new policy requires a geographically isolated disaster recovery site with an RTO of 4 hours and an RPO of 15 minutes.
Which disaster recovery strategy will require the LEAST amount of changes to the application stack?

• A. Launch a replica stack of everything except RDS in a different region. Create an RDS read-only replica in a new region and configure the new stack to point to the local RDS instance. Add the new stack to the Route 53 record set with a latency routing policy.
• B. Launch a replica stack of everything except RDS in a different region. Upon failure, copy the snapshot over from the primary region to the disaster recovery region. Adjust the Amazon Route
  53 record set to point to the disaster recovery region's Application Load Balancer.
• C. Launch a replica stack of everything except RDS in a different region. Create an RDS read-only replica in a new region and configure the new stack to point to the local RDS instance. Add the new stack to the Amazon Route 53 record set with a failover routing policy.
• D. Launch a replica stack of everything except RDS in a different Availability Zone. Create an RDS read- only replica in a new Availability Zone and configure the new stack to point to the local RDS instance.
  Add the new stack to the Route 53 record set with a failover routing policy.

Answer: D

 

NEW QUESTION 96
When thinking of AWS Elastic Beanstalk's model, which is true?

• A. Environments have many applications, applications have many deployments.
• B. Applications have many deployments, deployments have many environments.
• C. Applications have many environments, environments have many deployments.
• D. Deployments have many environments, environments have many applications.

Answer: C

Explanation:
Applications group logical services. Environments belong to Applications, and typically represent different deployment levels (dev, stage, prod, fo forth). Deployments belong to environments, and are pushes of bundles of code for the environments to run.
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/Welcome.html

 

NEW QUESTION 97
When writing custom Ansible modules, which language is not supported?

• A. All of the languages listed are supported
• B. C++
• C. Bash
• D. Python

Answer: A

Explanation:
Ansible modules can be written in any language that is executable on the target system. The only requirement is that the module can write its results as JSON output to STDOUT for Ansible to consume.
Reference: http://docs.ansible.com/ansible/developing_modules.html

 

NEW QUESTION 98
You are building an AWS CloudFormation template for a multi-tier web application. The user data of your Linux web server resource contains a complex script that can take a long time to run. Which techniques could you use to ensure that these servers are fully configured and running before attaching them to the load balancer?
(Choose two.)

• A. Add an AWS CloudFormation Wait Condition that depends on the web server resource. When the UserData script finishes on the web servers, use the command "cfn-signal" to signal that they are ready.
• B. Launch your Linux servers from a nested stack that is called from within the load balancer resource in your AWS CloudFormation template.
• C. Add an AWS CloudFormation Wait Condition that depends on the web server resource. When the UserData script finishes on the web servers, use curl to send a signal the Wait Condition at
  http://169.254.169.254/waithandle/.
• D. Add an AWS CloudFormation wait Condition that depends on the web server resource. When the UserData script finishes on the web servers, use curl to signal to the Wait Condition pre-signed URL that they are ready.
• E. In your AWS CloudFormation template, position the load balancer resource JSON block directly below your Linux server resource.

Answer: A,D

 

NEW QUESTION 99
For AWS CloudFormation, which is true?

• A. Custom resources using SNS have a default timeout of 3 minutes.
• B. Custom resources using SNS do not need a <code>ServiceToken</code> property.
• C. Custom resources using Lambda and <code>Code.ZipFile</code> allow inline nodejs resource composition.
• D. Custom resources using Lambda do not need a <code>ServiceToken</code>property

Answer: C

Explanation:
Code is a property of the AWS::Lambda::Function resource that enables to you specify the source code of an AWS Lambda (Lambda) function.
You can point to a file in an Amazon Simple Storage Service (Amazon S3) bucket or specify your source code as inline text (for nodejs runtime environments only).
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-custom- resources.html

 

NEW QUESTION 100
A mobile application running on eight Amazon EC2 instances is relying on a third-party API endpoint. The third-party service has a high failure rate because of limited capacity which is expected to be resolved in a few weeks.
In the meantime the mobile application developers have added a retry mechanism and are logging failed API requests. A DevOps Engineer must automate the monitoring of application togs and count the specific error messages if there are more than 10 errors within a 1-minute window the system must issue an alert How can the requirements be met with MINIMAL management overhead?

• A. Install the Amazon CloudWatch Logs agent on all instances to push the application logs to CloudWatch Logs Use a metric filter to generate a custom CloudWatch metric that records the number of failures and triggers a CloudWatch alarm if the custom metric reaches 10 errors in a 1- mmute period
• B. Install AfterAllowTraffic hook to the AppSpec file that forces traffic not having fully propagated before the push the application logs to CloudWatch Logs Use metric fitters to count the error messages every minute and trigger a CloudWatch alarm if the count exceeds errors.
• C. Install the Amazon CloudWatch Logs agent on all instances to push the access logs to CloudWatch Logs Create a CloudWatch Events rule to count the error messages every minute and trigger a CloudWatch alarm if the count exceeds 10 errors
• D. Deploy a custom script on all instances to check application logs regularly in a job Count the number of error messages every minute and push a data point to a custom CloudWatch metric Trigger a CloudWatch alarm if the custom metric reaches 10 errors in a 1-minute period

Answer: A

 

NEW QUESTION 101
There is a requirement for a vendor to have access to an S3 bucket in your account. The vendor already has an AWS account. How can you provide access to the vendor on this bucket.

• A. Create a new 1AM group and grant the relevant access to the vendor on that bucket.
• B. Create a cross-account role for the vendor account and grant that role access to the S3 bucket.
• C. Create a new 1AM user and grant the relevant access to the vendor on that bucket.
• D. Create an S3 bucket policy that allows the vendor to read from the bucket from their AWS account.

Answer: B

Explanation:
Explanation
The AWS documentation mentions
You share resources in one account with users in a different account. By setting up cross-account access in this way, you don't need to create individual 1AM users in each account In addition, users don't have to sign out of one account and sign into another in order to access resources that are in different AWS accounts. After configuring the role, you see how to use the role from the AWS Management Console, the AWS CLI, and the API For more information on Cross Account Roles Access, please refer to the below link:
* http://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html

 

NEW QUESTION 102
You have defined a Linux based instance stack in Opswork. You now want to attach a database to the Opswork stack. Which of the below is an important step to ensure that the application on the Linux instances can communicate with the database

• A. Addthe appropriate driver packages to ensure the application can work with thedatabase
• B. Configuredatabase tags for theYou have defined a Linux based instance stack in Opswork. You now want to attach a database to the Opswork stack. Which of the below is an important step to ensure that the application on the Linux instances can communicate with the database
• C. Addthe appropriate driver packages to ensure the application can work with thedatabase
• D. Configuredatabase tags for the Opswork application layerOpswork application layer
• E. ConfigureSSL so that the instance can communicate with the database
• F. ConfigureSSL so that the instance can communicate with the database
• G. Addanother stack with the database layer and attach it to the application stack.
• H. Addanother stack with the database layer and attach it to the application stack.

Answer: C

Explanation:
Explanation
The AWS documentation mentions the below point
Important
For Linux stacks, if you want to associate an Amazon RDS service layer with your app, you must add the appropriate driver package to the associated app server layer, as follows:
1. Click Layers in the navigation pane and open the app server's Recipes tab.
2. Click Edit and add the appropriate driver package to OS Packages. For example, you should specify mysql if the layer contains Amazon Linux instances and mysql-client if the layer contains Ubuntu instances.
3. Save the changes and redeploy the app.
For
more information on Opswork app connectivity, please visit the below URL: http://docs.aws.amazon.com/opsworks/latest/userguide/workingapps-connectdb.htmI

 

NEW QUESTION 103
You have a development team that is planning for continuous release cycles for their application. They want to use the AWS services available to be able to deploy a web application and also ensure they can rollback to previous versions fairly quickly. Which of the following options can be used to achieve this requirement.
Choose 2 answers from the options given below

• A. Usethe Elastic beanstalk service. Create separate environments for eachapplication revision. Revert back to an environment incase the new environmentdoes not work.
• B. Usethe Opswork service to deploy the web instances. Deploy the app to the Opsworkweb layer. Rollback using the Deploy app in Opswork.
• C. Usethe Elastic beanstalk service. Use Application versions and upload therevisions of your application.
  Deploy the revisions accordingly and rollback toprior versions accordingly.
• D. Usethe Cloudformation service. Create separate templates for each applicationrevision and deploy them accordingly.

Answer: B,C

Explanation:
Explanation
The AWS documentation mentions the following
In Elastic Beanstalk, an application version refers to a specific, labeled iteration of deployable code for a web application. An application version points to an Amazon Simple Storage Service (Amazon S3) object that contains the deployable code such as a Java WAR file. An application version is part of an application. Applications can have many versions and each application version is unique. In a running environment, you can deploy any application version you already uploaded to the application or you can upload and immediately deploy a new application version. You might upload multiple application versions to test differences between one version of your web application and another.
For more information on Elastic beanstalk components, please refer to the below link:
http://docs.aws.a
mazon.com/elasticbeanstalk/latest/dg/concepts.compo nents.html
An AWS OpsWorks Stacks app represents code that you want to run on an application server. The code itself resides in a repository such as an Amazon S3 archive; the app contains the information required to deploy the code to the appropriate application server instances. For more information on Opswork apps, please refer to the below link:
* http://docs.aws.amazon.com/opsworks/latest/userguide/workingapps.html Option B is incorrect. Our scenario is focusing on continuous development and continuous releases of the application versions. Since this is going to be an ongoing process, it is a best practice to upload the revision of your application and if required roll back to previous version.
Option D is incorrect. This question gives importance to the application hosted on the infrastructure.
"They want to use the AWS services available to be able to deploy a web application and also ensure they can rollback to previous versions of the application quickly." In this case, Cloud Formation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment. Cloud Formation allows you to use a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts.
Hence, Cloud Formation is nothing to do with an application hosted on the infrastructure.

 

NEW QUESTION 104
Your serverless architecture using AWS API Gateway, AWS Lambda, and AWS DynamoDB experienced a large increase in traffic to a sustained 400 requests per second, and dramatically increased in failure rates.
Your requests, during normal operation, last 500 milliseconds on average. Your DynamoDB table did not exceed 50% of provisioned throughput, and Table primary keys are designed correctly.
What is the most likely issue?

• A. Your API Gateway deployment is throttling your requests.
• B. You used Consistent Read requests on DynamoDB and are experiencing semaphore lock.
• C. Your AWS API Gateway Deployment is bottlenecking on request (de)serialization.
• D. You did not request a limit increase on concurrent Lambda function executions.

Answer: D

Explanation:
AWS API Gateway by default throttles at 500 requests per second steady-state, and 1000 requests per second at spike. Lambda, by default, throttles at 100 concurrent requests for safety. At 500 milliseconds (half of a second) per request, you can expect to support 200 requests per second at 100 concurrency. This is less than the 400 requests per second your system now requires. Make a limit increase request via the AWS Support Console. AWS Lambda: Concurrent requests safety throttle per account -> 100.
Reference:
http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_lambda

 

NEW QUESTION 105
You are building out a layer in a software stack on AWS that needs to be able to scale out to react to increased demand as fast as possible. You are running the code on EC2 instances in an Auto Scaling Group behind an ELB. Which application code deployment method should you use?

• A. Create a new Auto Scaling Launch Configuration with UserData scripts configured to pull the latest code at all times.
• B. Create a Dockerfile when preparing to deploy a new version to production and publish it to S3. Use UserData in the Auto Scaling Launch configuration to pull down the Dockerfile from S3 and run it when new instances launch.
• C. SSH into new instances that come online, and deploy new code onto the system by pulling it from an S3 bucket, which is populated by code that you refresh from source control on new pushes.
• D. Bake an AMI when deploying new versions of code, and use that AMI for the Auto Scaling Launch Configuration.

Answer: D

Explanation:
Explanation
Since the time required to spin up an instance is required to be fast, its better to create an AMI rather than use User Data. When you use User Data, the script will be run during boot up, and hence this will be slower.
An Amazon Machine Image (AMI) provides the information required to launch an instance, which is a virtual server in the cloud. You specify an AM I when you launch an instance, and you can launch as many instances from the AMI as you need. You can also launch instances from as many different AMIs as you need.
For more information on the AMI, please refer to the below link:
* http://docs.aws.amazon.com/AWSCC2/latest/UserGuide/AMIs.html

 

NEW QUESTION 106
You run operations for a company that processes digital wallet payments at a very high volume.
One second of downtime, during which you drop payments or are otherwise unavailable, loses you on average USD 100. You balance the financials of the transaction system once per day.
Which database setup is best suited to address this business risk?

• A. A multi-AZ DynamoDB setup with changes streamed to S3 via AWS Kinesis, for highly durable storage and BASE properties.
• B. A multi-region, multi-master, active-active RDS configuration using database-level ACID design principles with database trigger writes for replication.
• C. A multi-region, multi-master, active-active DynamoDB configuration using application control-level BASE design principles with change-stream write queue buffers for replication.
• D. A multi-AZ RDS deployment with synchronous replication to multiple standbys and read-replicas for fast failover and ACID properties.

Answer: C

Explanation:
Only the multi-master, multi-region DynamoDB answer makes sense. Multi-AZ deployments do not provide sufficient availability when a business loses USD 360,000 per hour of unavailability.
As RDS does not natively support multi-region, and ACID does not perform well/at all over large distances between regions, only the DynamoDB answer works.
http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.CrossRegionRepl
.html

 

NEW QUESTION 107
A company wants to use a grid system for a proprietary enterprise in-memory data store on top of AWS.
This system can run in multiple server nodes in any Linux-based distribution. The system must be able to reconfigure the entire cluster every time a node is added or removed. When adding or removing nodes, an
/etc./cluster/nodes. config file must be updated, listing the IP addresses of the current node members of that cluster The company wants to automate the task of adding new nodes to a cluster.
What can a DevOps Engineer do to meet these requirements?

• A. Create a user data script that lists all members of the current security group of the cluster and automatically updates the /etc/cluster/nodes.config file whenever a new instance is added to the cluster
• B. Put the file nodes.config in version control. Create an AWS CodeDeploy deployment configuration and deployment group based on an Amazon EC2 tag value for the cluster nodes. When adding a new node to the cluster, update the file with all tagged instances, and make a commit in version control. Deploy the new file and restart the services.
• C. Use AWS OpsWorks Stacks to layer the server nodes of that cluster. Create a Chef recipe that populates the content of the/etc/cluster/nodes config file and restarts the service by using the current members of the layer. Assign that recipe to the Configure lifecycle event.
• D. Create an Amazon S3 bucket and upload a version of the etc/cluster/ nodes.config file. Create a crontab script that will poll for that S3 file and download it frequently. Use a process manager, such as Monit or systemd, to restart the cluster services when it detects that the new file was modified. When adding a node to the cluster, edit the file's most recent members. Upload the new file to the S3 bucket .

Answer: B

 

NEW QUESTION 108
You were just hired as a DevOps Engineer for a startup. Your startup uses AWS for 100% of their infrastructure. They currently have no automation at all for deployment, and they have had many failures while trying to deploy to production. The company has told you deployment process risk mitigation is the most important thing now, and you have a lot of budget for tools and AWS resources.
Their stack:
2-tier API
Data stored in DynamoDB or S3, depending on type
Compute layer is EC2 in Auto Scaling Groups
They use Route53 for DNS pointing to an ELB
An ELB balances load across the EC2 instances
The scaling group properly varies between 4 and 12 EC2 servers. Which of the following approaches, given this company's stack and their priorities, best meets the company's needs?

• A. Model the stack in AWS Elastic Beanstalk as a single Application with multiple Environments. Use Elastic Beanstalk's Rolling Deploy option to progressively roll out application code changes when promoting across environments.
• B. Model the stack in AWS OpsWorks as a single Stack, with 1 compute layer and its associated ELB.
  Use Chef and App Deployments to automate Rolling Deployment.
• C. Model the stack in 3 CloudFormation templates: Data layer, compute layer, and networking layer.
  Write stack deployment and integration testing automation following Blue-Green methodologies.
• D. Model the stack in 1 CloudFormation template, to ensure consistency and dependency graph resolution. Write deployment and integration testing automation following Rolling Deployment methodologies.

Answer: C

Explanation:
AWS recommends Blue-Green for zero-downtime deploys. Since you use DynamoDB, and neither AWS OpsWorks nor AWS Elastic Beanstalk directly supports DynamoDB, the option selecting CloudFormation and Blue-Green is correct.
You use various strategies to migrate the traffic from your current application stack (blue) to a new version of the application (green). This is a popular technique for deploying applications with zero downtime. The deployment services like AWS Elastic Beanstalk, AWS CloudFormation, or AWS OpsWorks are particularly useful as they provide a simple way to clone your running application stack. You can set up a new version of your application (green) by simply cloning current version of the application (blue). https://d0.awsstatic.com/whitepapers/overview-of- deployment-options-on-aws.pdf

 

NEW QUESTION 109
A company discovers that some IAM users have been storing their AWS access keys in configuration files that have been pushed to a Git repository hosting service.
Which solution will require the LEAST amount of management overhead while preventing the exposed AWS access keys from being used?

• A. Create an AWS Config rule to detect when a key is exposed online. Haw AWS Config send change notifications to an SNS topic. Configure an AWS Lambda function that is subscribed to the SNS topic to check the notification sent by AWS Config, and then disable the access key so it cannot be used.
• B. Build an application that will create a list of all AWS access keys in the account and search each key on Git repository hosting services. If a match is found, configure the application to disable the associated access key. Then deploy the application to an AWS Elastic Beanstalk worker environment and define a periodic task to invoke the application every hour.
• C. Use Amazon Inspector to detect when a key has been exposed online. Have Amazon Inspector send a notification to an Amazon SNS topic when a key has been exposed. Create an AWS Lambda function subscribed to the SNS topic to disable the IAM user to whom the key belongs, and then delete the key so that it cannot be used.
• D. Configure AWS Trusted Advisor and create an Amazon CloudWatch Events rule that uses Trusted Advisor as the event source. Configure the CloudWatch Events rule to invoke an AWS Lambda function as the target. If the Lambda function finds the exposed access keys, then have it disable the access key so that it cannot be used.

Answer: D

 

NEW QUESTION 110
......

Amazon AWS-DevOps-Engineer-Professional Exam Syllabus Topics:

Topic	Details
Topic 1	Design, Manage, and Maintain Tools to Automate Operational Processes
Topic 2	Determine Source Control Strategies And How To Implement Them Monitoring And Logging
Topic 3	Apply Concepts Required To Automate Monitoring And Event Management Of An Environment
Topic 4	Apply Concepts Required To Set Up Event-Driven Automated Actions Determine Appropriate Use Of Multi-AZ Versus Multi-Region Architectures
Topic 5	Apply Concepts Required To Manage Systems Using AWS Configuration Management Tools And Services
Topic 6	Configuration Management And Infrastructure As Code Apply Concepts Required To Automate And Integrate Testing
Topic 7	Determine Deployment Services Based On Deployment Needs Determine How To Implement Lifecycle Hooks On A Deployment
Topic 8	Apply Concepts Required To Automate A CI/CD Pipeline Policies And Standards Automation
Topic 9	Determine How To Set Up The Aggregation, Storage, And Analysis Of Logs And Metrics
Topic 10	Implement and Manage Continuous Delivery Systems and Methodologies on AWS
Topic 11	Apply Security Concepts In The Automation Of Resource Provisioning Apply Concepts Required To Build And Manage Artifacts Securely
Topic 12	Determine Application And Infrastructure Deployment Models Based On Business Needs
Topic 13	Determine Deployment/Delivery Strategies Implement Them Using AWS Services
Topic 14	Determine The Right Services Based On Business Needs Determine How To Design And Automate Disaster Recovery Strategies

 

All AWS-DevOps-Engineer-Professional Dumps and AWS Certified DevOps Engineer - Professional (DOP-C01) Training Courses: https://validexam.pass4cram.com/AWS-DevOps-Engineer-Professional-dumps-torrent.html