AWS-Certified-DevOps-Engineer-Professional Exam
A Review Of Downloadable AWS-Certified-DevOps-Engineer-Professional training tools
Proper study guides for Up to the immediate present Amazon AWS Certified DevOps Engineer Professional certified begins with Amazon AWS-Certified-DevOps-Engineer-Professional preparation products which designed to deliver the Breathing AWS-Certified-DevOps-Engineer-Professional questions by making you pass the AWS-Certified-DevOps-Engineer-Professional test at your first time. Try the free AWS-Certified-DevOps-Engineer-Professional demo right now.
Q31. When thinking of AWS OpsWorks, which of the following is not an instance type you can allocate in a stack layer?
A. 24/7 instances
B. Spot instances
C. Time-based instances
D. Load-based instances
Answer: B
Explanation:
AWS OpsWorks supports the following instance types, which are characterized by how they are started and stopped. 24/7 instances are started manually and run until you stop them.Time-based instances are run by AWS OpsWorks on a specified daily and weekly schedule. They allow your stack to automatically adjust the number of instances to accommodate predictable usage patterns. Load-based instances are automatically started and stopped by AWS OpsWorks, based on specified load metrics, such as CPU utilization. They allow your stack to automatically adjust the number of instances to accommodate variations in incoming traffic. Load-based instances are available only for Linux-based stacks. Reference: http://docs.aws.amazon.com/opsworks/latest/userguide/weIcome.htmI
Q32. You need to replicate API calls across two systems in real time. What tool should you use as a buffer and transport mechanism for API call events?
A. AWS SQS
B. AWS Lambda
C. AWS Kinesis
D. AWS SNS
Answer: C
Explanation:
AWS Kinesis is an event stream service. Streams can act as buffers and transport across systems for in-order programmatic events, making it ideal for replicating API calls across systems.
A typical Amazon Kinesis Streams application reads data from an Amazon Kinesis stream as data records. These applications can use the Amazon Kinesis Client Library, and they can run on Amazon EC2 instances. The processed records can be sent to dashboards, used to generate alerts, dynamically
change pricing and advertising strategies, or send data to a variety of other AWS services. For information about Streams features and pricing, see Amazon Kinesis Streams.
Reference: http://docs.aws.amazon.com/kinesis/Iatest/dev/introduction.htmI
Q33. Your CTO thinks your AWS account was hacked. What is the only way to know for certain if there was unauthorized access and what they did, assuming your hackers are very sophisticated AWS engineers and doing everything they can to cover their tracks?
A. Use CloudTrai| Log File Integrity Validation.
B. Use AWS Config SNS Subscriptions and process events in real time.
C. Use CIoudTraiI backed up to AWS S3 and Glacier.
D. Use AWS Config Timeline forensics.
Answer: A
Explanation:
You must use CloudTraiI Log File Validation (default or custom implementation), as any other tracking method is subject to forgery in the event of a full account compromise by sophisticated enough hackers. Validated log files are invaluable in security and forensic investigations. For example, a validated log file enables you to assert positively that the log file itself has not changed, or that particular user credentials performed specific API actMty. The CIoudTraiI log file integrity validation process also lets you know if a log file has been deleted or changed, or assert positively that no log files were delivered to your account during a given period of time.
Reference:
http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-fiIe-validation-intro.html
Q34. You are building out a layer in a software stack on AWS that needs to be able to scale out to react to increased demand as fast as possible. You are running the code on EC2 instances in an Auto Scaling Group behind an ELB. Which application code deployment method should you use?
A. SSH into new instances that come online, and deploy new code onto the system by pulling it from an S3 bucket, which is populated by code that you refresh from source control on new pushes.
B. Bake an AMI when deploying new versions of code, and use that AMI for the Auto Scaling Launch Configuration.
C. Create a Dockerfile when preparing to deploy a new version to production and publish it to S3. Use UserData in the Auto Scaling Launch configuration to pull down the Dockerfile from S3 and run it when new instances launch.
D. Create a new Auto Scaling Launch Configuration with UserData scripts configured to pull the latest code at all times.
Answer: B
Explanation:
the bootstrapping process can be slower if you have a complex application or multiple applications to install. Managing a fileet of applications with several build tools and dependencies can be a challenging task during rollouts. Furthermore, your deployment service should be designed to do faster rollouts to take advantage of Auto Scaling.
Reference: https://d0.awsstatic.com/whitepapers/overview-of-deployment-options-on-aws.pdf
Q35. Fill the blanks: helps us track AWS API calls and transitions, helps to understand what resources we have now, and allows auditing credentials and logins.
A. AWS Config, CIoudTraiI, IAM Credential Reports
B. CIoudTraiI, IAM Credential Reports, AWS Config
C. CIoudTraiI, AWS Config, IAM Credential Reports
D. AWS Config, IAM Credential Reports, CIoudTraiI
Answer: C
Explanation:
You can use AWS CIoudTraiI to get a history of AWS API calls and related events for your account. This includes calls made by using the AWS Management Console, AWS SDKs, command line tools, and higher-level AWS services.
Reference: http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html
Q36. Which major database needs a BYO license?
A. PostgreSQL
B. NIariaDB
C. MySQL
D. Oracle
Answer: D
Explanation:
Oracle is not open source, and requires a bring your own license model.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_OracIe.htm|
Q37. Which of these configuration or deployment practices is a security risk for RDS?
A. Storing SQL function code in plaintext
B. Non-MuIti-AZ RDS instance
C. Having RDS and EC2 instances exist in the same subnet
D. RDS in a public subnet
Answer: D
Explanation:
Making RDS accessible to the public internet in a public subnet poses a security risk, by making your database directly addressable and spammable.
DB instances deployed within a VPC can be configured to be accessible from the Internet or from EC2 instances outside the VPC. If a VPC security group specifies a port access such as TCP port 22, you would not be able to access the DB instance because the firewall for the DB instance provides access only via the IP addresses specified by the DB security groups the instance is a member of and the port defined when the DB instance was created.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.RDSSecurityGroups.htmI
Q38. For AWS Auto Scaling, what is the first transition state an existing instance enters after leaving steady state in Standby mode?
A. Detaching
B. Terminating:Wait
C. Pending
D. EnteringStandby
Answer: C
Explanation:
You can put any instance that is in an InService state into a Standby state. This enables you to remove the instance from service, troubleshoot or make changes to it, and then put it back into service. Instances in a Standby state continue to be managed by the Auto Scaling group. However, they are not an active part of your application until you put them back into service.
Reference: http://docs.aws.amazon.com/AutoScaling/latest/DeveIoperGuide/AutoScaIingGroupLifecycIe.html
Q39. Which is not a restriction on AWS EBS Snapshots?
A. Snapshots which are shared cannot be used as a basis for other snapshots.
B. You cannot share a snapshot containing an AWS Access Key ID or AWS Secret Access Key.
C. You cannot share unencrypted snapshots.
D. Snapshot restorations are restricted to the region in which the snapshots are created.
Answer: A
Explanation:
Snapshots shared with other users are usable in full by the recipient, including but limited to the ability to base modified volumes and snapshots.
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html
Q40. Your team wants to begin practicing continuous delivery using CIoudFormation, to enable automated builds and deploys of whole, versioned stacks or stack layers. You have a 3-tier, mission-critical system. Which of the following is NOT a best practice for using CIoudFormation in a continuous delivery environment?
A. Use the AWS CIoudFormation <code>VaIidateTempIate</code> call before publishing changes to AWS.
B. ModeI your stack in one template, so you can leverage CIoudFormation's state management and dependency resolution to propagate all changes.
C. Use CIoudFormation to create brand new infrastructure for all stateless resources on each push, and run integration tests on that set of infrastructure.
D. Parametrize the template and use <code>Mappings</code> to ensure your template works in multiple Regions.
Answer: B
Explanation:
Putting all resources in one stack is a bad idea, since different tiers have different life cycles and frequencies of change. For additional guidance about organizing your stacks, you can use two common frameworks: a multi-layered architecture and service-oriented architecture (SOA).
Reference:
http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/best-practices.htmI#organizingstack