we provide Downloadable Amazon AWS-Certified-DevOps-Engineer-Professional exam question which are the best for clearing AWS-Certified-DevOps-Engineer-Professional test, and to get certified by Amazon AWS Certified DevOps Engineer Professional. The AWS-Certified-DevOps-Engineer-Professional Questions & Answers covers all the knowledge points of the real AWS-Certified-DevOps-Engineer-Professional exam. Crack your Amazon AWS-Certified-DevOps-Engineer-Professional Exam with latest dumps, guaranteed!
Q25. If I want CIoudFormation stack status updates to show up in a continuous delivery system in as close to real time as possible, how should I achieve this?
A. Use a long-poll on the Resources object in your CIoudFormation stack and display those state changes
in the UI for the system.
B. Use a long-poll on the <code>ListStacks</code>API call for your CIoudFormation stack and display those state changes in the UI for the system.
C. Subscribe your continuous delivery system to an SNS topic that you also tell your CIoudFormation stack to publish events into.
D. Subscribe your continuous delivery system to an SQS queue that you also tell your CIoudFormation stack to publish events into.
Answer: C
Explanation:
Use NotificationARNs.member.N when making a CreateStack call to push stack events into SNS in nearly real-time.
Reference:
http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/using-cfn-updating-stacks-monitor-s tack.htmI
Q26. How does Amazon RDS multi Availability Zone model work?
A. A second, standby database is deployed and maintained in a different availability zone from master, using synchronous replication.
B. A second, standby database is deployed and maintained in a different availability zone from master using asynchronous replication.
C. A second, standby database is deployed and maintained in a different region from master using asynchronous replication.
D. A second, standby database is deployed and maintained in a different region from master using synchronous replication.
Answer: A
Explanation:
In a MuIti-AZ deployment, Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.Mu|tiAZ.htmI
Q27. Which status represents a failure state in AWS CIoudFormation?
A. <code>UPDATE_COMPLETE_CLEANUP_IN_PROGRESS</code>
B. <code>DELETE_COMPLETE_WITH_ARTIFACTS</code>
C. <code>ROLLBACK_IN_PROGRESS</code>
D. <code>ROLLBACK_FAILED</code>
Answer: C
Explanation:
ROLLBACK_IN_PROGRESS means an UpdateStack operation failed and the stack is in the process of trying to return to the valid, pre-update state. UPDATE_COMPLETE_CLEANUP_IN_PROGRESS means an update was successful, and CIoudFormation is deleting any replaced, no longer used resources. ROLLBACK_FA|LED is not a CloudFormation state (but UPDATE_ROLLBACK_FAILED is). DELETE_COMPLETE_W|TH_ART|FACTS does not exist at all.
Reference:
http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/using-cfn-updating-stacks.html
Q28. To monitor API calls against our AWS account by different users and entities, we can use to create a history of calls in bulk for later review, and use for reacting to AWS API calls in real-time.
A. AWS Config; AWS Inspector
B. AWS CIoudTraiI; AWS Config
C. AWS CIoudTraiI; CIoudWatch Events
D. AWS Config; AWS Lambda
Answer: C
Explanation:
CIoudTraiI is a batch API call collection service, CIoudWatch Events enables real-time monitoring of calls through the Rules object interface.
Reference: https://aws.amazon.com/whitepapers/security-at-scaIe-governance-in-aws/
Q29. You need to grant a vendor access to your AWS account. They need to be able to read protected messages in a private S3 bucket at their leisure. They also use AWS. What is the best way to accomplish this?
A. Create an IAM User with API Access Keys. Grant the User permissions to access the bucket. Give the vendor the AWS Access Key ID and AWS Secret Access Key for the User.
B. Create an EC2 Instance Profile on your account. Grant the associated IAM role full access to the bucket. Start an EC2 instance with this Profile and give SSH access to the instance to the vendor.
C. Create a cross-account IAM Role with permission to access the bucket, and grant permission to use the Role to the vendor AWS account.
D. Generate a signed S3 PUT URL and a signed S3 PUT URL, both with wildcard values and 2 year durations. Pass the URLs to the vendor.
Answer: C
Explanation:
When third parties require access to your organization's AWS resources, you can use roles to delegate access to them. For example, a third party might provide a service for managing your AWS resources. With IAM roles, you can grant these third parties access to your AWS resources without sharing your AWS security credentials. Instead, the third party can access your AWS resources by assuming a role that you create in your AWS account.
Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roIes_common-scenarios_third-party.html
Q30. What is server immutability?
A. Not updating a server after creation.
B. The ability to change server counts.
C. Updating a server after creation.
D. The inability to change server counts.
Answer: A
Explanation:
disposable upgrades offer a simpler way to know if your application has unknown dependencies. The underlying EC2 instance usage is considered temporary or ephemeral in nature for the period of deployment until the current release is active. During the new release, a new set of EC2 instances are rolled out by terminating older instances. This type of upgrade technique is more common in an immutable infrastructure.
Reference: https://d0.awsstatic.com/whitepapers/overview-of-deployment-options-on-aws.pdf
Q31. You are creating an application which stores extremely sensitive financial information. All information in
the system must be encrypted at rest and in transit. Which of these is a violation of this policy?
A. ELB SSL termination.
B. ELB Using Proxy Protocol v1.
C. CIoudFront Viewer Protocol Policy set to HTTPS redirection.
D. Telling S3 to use AES256 on the server-side.
Answer: A
Explanation:
Terminating SSL terminates the security of a connection over HTTP, removing the S for "Secure" in HTTPS. This violates the "encryption in transit" requirement in the scenario.
Reference:
http://docs.aws.amazon.com/E|asticLoadBaIancing/latest/DeveIoperGuide/elb-listener-config.htmI
Q32. Your CTO has asked you to make sure that you know what all users of your AWS account are doing to change resources at all times. She wants a report of who is doing what over time, reported to her once per week, for as broad a resource type group as possible. How should you do this?
A. Create a global AWS CIoudTraiI Trail. Configure a script to aggregate the log data delivered to S3 once per week and deliver this to the CTO.
B. Use CIoudWatch Events Rules with an SNS topic subscribed to all AWS API calls. Subscribe the CTO to an email type delivery on this SNS Topic.
C. Use AWS IAM credential reports to deliver a CSV of all uses of IAM User Tokens over time to the CTO.
D. Use AWS Config with an SNS subscription on a Lambda, and insert these changes over time into a DynamoDB table. Generate reports based on the contents of this table.
Answer: A
Explanation:
This is the ideal use case for AWS CIoudTraiI.
CloudTrai| provides visibility into user actMty by recording API calls made on your account. CIoudTraiI records important information about each API call, including the name of the API, the identity of the caller, the time of the API call, the request parameters, and the response elements returned by the AWS service. This information helps you to track changes made to your AWS resources and to troubleshoot operational issues. CIoudTraiI makes it easier to ensure compliance with internal policies and regulatory standards. Reference: https://aws.amazon.com/CloudtraiI/faqs/