Amazon AWS-Certified-DevOps-Engineer-Professional Tutorials 2021

NEW QUESTION 1
Which of these is not a CIoudFormation Helper Script?

• A. cfn-signal
• B. cfn-hup
• C. cfn-request
• D. cfn-get-metadata

Answer: C

Explanation:
This is the complete list of CloudFormation Helper Scripts: cfn-init, cfn-signal, cfn-get-metadata, cfn-hup Reference:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-helper-scripts-reference.html

NEW QUESTION 2
You were just hired as a DevOps Engineer for a startup. Your startup uses AWS for 100% of their infrastructure. They currently have no automation at all for deployment, and they have had many failures while trying to deploy to production. The company has told you deployment process risk mitigation is the most important thing now, and you have a lot of budget fortools and AWS resources.
Their stack: 2-tier API
Data stored in DynamoDB or S3, depending on type Compute layer is EC2 in Auto Scaling Groups They use Route53 for DNS pointing to an ELB
An ELB balances load across the EC2 instances
The scaling group properly varies between 4 and 12 EC2 sewers.
Which of the following approaches, given this company's stack and their priorities, best meets the company's needs?

• A. Model the stack in AWS Elastic Beanstalk as a single Application with multiple Environment
• B. Use Elastic BeanstaIk's Rolling Deploy option to progressively roll out application code changes when promoting across environments.
• C. Model the stack in 3 CIoudFormation templates: Data layer, compute layer, and networking laye
• D. Write stack deployment and integration testing automation following Blue-Green methodologies.
• E. Model the stack in AWS OpsWorks as a single Stack, with 1 compute layer and its associated EL
• F. Use Chef and App Deployments to automate Rolling Deployment.
• G. Model the stack in 1 CIoudFormation template, to ensure consistency and dependency graph resolutio
• H. Write deployment and integration testing automation following Rolling Deployment methodologies.

Answer: B

Explanation:
AWS recommends Blue-Green for zero-downtime deploys. Since you use DynamoDB, and neither AWS OpsWorks nor AWS Elastic Beanstalk directly supports DynamoDB, the option selecting CloudFormation and Blue-Green is correct.
You use various strategies to migrate the traffic from your current application stack (blue) to a new version of the application (green). This is a popular technique for deploying applications with zero downtime. The deployment services like AWS Elastic Beanstalk, AWS CIoudFormation, or AWS OpsWorks are particularly useful as they provide a simple way to clone your running application stack. You can set up a
new version of your application (green) by simply cloning current version of the application (blue). Reference: https://d0.awsstatic.com/whitepapers/overview-of-deployment-options-on-aws.pdf

NEW QUESTION 3
What is the scope of an EBS volume?

• A. VPC
• B. Region
• C. Placement Group
• D. Availability Zone

Answer: D

Explanation:
An Amazon EBS volume is tied to its Availability Zone and can be attached only to instances in the same Availability Zone.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resources.htmI

NEW QUESTION 4
When thinking of AWS OpsWorks, which of the following is true?

• A. Stacks have many layers, layers have many instances.
• B. Instances have many stacks, stacks have many layers.
• C. Layers have many stacks, stacks have many instances.
• D. Layers have many instances, instances have many stack

Answer: A

Explanation:
The stack is the core AWS OpsWorks component. It is basically a container for AWS resources—Amazon EC2 instances, Amazon RDS database instances, and so on—that have a common purpose and should
be logically managed together. You define the stack's constituents by adding one or more layers. A layer represents a set of Amazon EC2 instances that serve a particular purpose, such as serving applications or hosting a database server. An instance represents a single computing resource, such as an Amazon EC2 instance.
Reference: http://docs.aws.amazon.com/opsworks/latest/userguide/weIcome.htmI

NEW QUESTION 5
You need your API backed by DynamoDB to stay online during a total regional AWS failure. You can tolerate a couple minutes of lag or slowness during a large failure event, but the system should recover with normal operation after those few minutes. What is a good approach?

• A. Set up DynamoDB cross-region replication in a master-standby configuration, with a single standby in another regio
• B. Create an Auto Scaling Group behind an ELB in each of the two regions DynamoDB is running i
• C. Add a Route53 Latency DNS Record with DNS Failover, using the ELBs in the two regions as the resource records.
• D. Set up a DynamoDB MuIti-Region tabl
• E. Create an Auto Scaling Group behind an ELB in each of the two regions DynamoDB is running i
• F. Add a Route53 Latency DNS Record with DNS Failover, using the ELBs in the two regions as the resource records.
• G. Set up a DynamoDB Mu|ti-Region tabl
• H. Create a cross-region ELB pointing to a cross-region Auto Scaling Group, and direct a Route53 Latency DNS Record with DNS Failover to the cross-region ELB.
• I. Set up DynamoDB cross-region replication in a master-standby configuration, with a single standby in another regio
• J. Create a cross-region ELB pointing to a cross-region Auto Scaling Group, and direct a Route53 Latency DNS Record with DNS Failover to the cross-region ELB.

Answer: A

Explanation:
There is no such thing as a cross-region ELB, nor such thing as a cross-region Auto Scaling Group, nor such thing as a DynamoDB Multi-Region Table. The only option that makes sense is the cross-regional replication version with two ELBs and ASGs with Route53 Failover and Latency DNS.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.CrossRegionRepI.htmI

NEW QUESTION 6
You have been asked to de-risk deployments at your company. Specifically, the CEO is concerned about outages that occur because of accidental inconsistencies between Staging and Production, which sometimes cause unexpected behaviors in Production even when Staging tests pass.
You already use Docker to get high consistency between Staging and Production for the application environment on your EC2 instances. How do you further de-risk the rest of the execution environment, since in AWS, there are many service components you may use beyond EC2 virtual machines?

• A. Develop models of your entire cloud system in CIoudFormatio
• B. Use this model in Staging and Production to achieve greater parity.
• C. Use AWS Config to force the Staging and Production stacks to have configuration parit
• D. Any differences will be detected for you so you are aware of risks.
• E. Use AMIs to ensure the whole machine, including the kernel of the virual machines, is consistent, since Docker uses Linux Container (LXC) technology, and we need to make sure the container environment is consistent.
• F. Use AWS ECS and Docker clusterin
• G. This will make sure that the AMIs and machine sizes are the same across both environments.

Answer: A

Explanation:
Only CIoudFormation's JSON Templates allow declarative version control of repeatably deployable models of entire AWS clouds.
Reference: https://bIogs.aws.amazon.com/application-management/blog/category/Best+practices

NEW QUESTION 7
For AWS CloudFormation, which is true?

• A. Custom resources using SNS have a default timeout of 3 minutes.
• B. Custom resources using SNS do not need a <code>ServiceToken</code> property.
• C. Custom resources using Lambda and <code>Code.ZipFiIe</code> allow inline nodejs resource composition.
• D. Custom resources using Lambda do not need a <code>ServiceToken</code>property

Answer: C

Explanation:
Code is a property of the AWS::Lambda::Function resource that enables to you specify the source code of an AWS Lambda (Lambda) function. You can point to a file in an Amazon Simple Storage Service (Amazon S3) bucket or specify your source code as inline text (for nodejs runtime environments only). Reference:
http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/template-custom-resources.html

NEW QUESTION 8
You need to perform ad-hoc business analytics queries on well-structured data. Data comes in constantly at a high velocity. Your business intelligence team can understand SQL. What AWS service(s) should you look to first?

• A. Kinesis Firehose + RDS
• B. Kinesis Firehose + RedShift
• C. EMR using Hive
• D. EMR running Apache Spark

Answer: B

Explanation:
Kinesis Firehose provides a managed service for aggregating streaming data and inserting it into RedShift. RedShift also supports ad-hoc queries over well-structured data using a SQL-compliant wire protocol, so the business team should be able to adopt this system easily.
Reference: https://aws.amazon.com/kinesis/firehose/detai|s/

NEW QUESTION 9
What method should I use to author automation if I want to wait for a CIoudFormation stack to finish completing in a script?

• A. Event subscription using SQS.
• B. Event subscription using SNS.
• C. Poll using <code>ListStacks</code> / <code>Iist-stacks</code>.
• D. Poll using <code>GetStackStatus</code> / <code>get-stack-status</code>.

Answer: C

Explanation:
Event driven systems are good for IFTTT logic, but only polling will make a script wait to complete. ListStacks / list-stacks is a real method, GetStackStatus / get-stack-status is not.
Reference: http://docs.aws.amazon.com/cli/latest/reference/cloudformation/Iist-stacks.html

NEW QUESTION 10
You need to create a simple, holistic check for your system's general availablity and uptime. Your system presents itself as an HTTP-speaking API. What is the most simple tool on AWS to achieve this with?

• A. Route53 Health Checks
• B. CIoudWatch Health Checks
• C. AWS ELB Health Checks
• D. EC2 Health Checks

Answer: A

Explanation:
You can create a health check that will run into perpetuity using Route53, in one API call, which will ping your service via HTTP every 10 or 30 seconds.
Amazon Route 53 must be able to establish a TCP connection with the endpoint within four seconds. In addition, the endpoint must respond with an HTTP status code of 200 or greater and less than 400 within two seconds after connecting.
Reference:
http://docs.aws.amazon.com/Route53/latest/DeveIoperGuide/dns-failover-determining-health-of-endpoint s.htmI

NEW QUESTION 11
What is web identity federation?

• A. Use of an identity provider like Google or Facebook to become an AWS IAM User.
• B. Use of an identity provider like Google or Facebook to exchange for temporary AWS security credentials.
• C. Use of AWS IAM User tokens to log in as a Google or Facebook user.
• D. Use of AWS STS Tokens to log in as a Google or Facebook use

Answer: B

Explanation:
users of your app can sign in using a well-known identity provider (|dP) -such as Login with Amazon, Facebook, Google, or any other OpenID Connect (OIDC)-compatible IdP, receive an authentication token, and then exchange that token for temporary security credentials in AWS that map to an IAM role with permissions to use the resources in your AWS account.
Reference: http://docs.aws.amazon.com/IANI/latest/UserGuide/id_roIes_providers_oidc.html

NEW QUESTION 12
Which of these is not an intrinsic function in AWS CIoudFormation?

• A. Fn::SpIit
• B. Fn::FindInMap
• C. Fn::SeIect
• D. Fn::GetAZs

Answer: A

Explanation:
This is the complete list of Intrinsic Functions...: Fn::Base64, Fn::And, Fn::EquaIs, Fn::If, Fn::Not, Fn::Or, Fn::FindInMap, Fn::GetAtt, Fn::GetAZs, Fn::Join, Fn::Se|ect, Ref
Reference:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference.html

NEW QUESTION 13
Which of the following tools does not directly support AWS OpsWorks, for monitoring your stacks?

• A. AWS Config
• B. Amazon CIoudWatch Nletrics
• C. AWS CloudTraiI
• D. Amazon CIoudWatch Logs

Answer: A

Explanation:
You can monitor your stacks in the following ways: AWS OpsWorks uses Amazon CIoudWatch to provide thirteen custom metrics with detailed monitoring for each instance in the stack; AWS OpsWorks integrates with AWS CIoudTraiI to log every AWS OpsWorks API call and store the data in an Amazon S3 bucket; You can use Amazon CIoudWatch Logs to monitor your stack's system, application, and custom logs. Reference: http://docs.aws.amazon.com/opsworks/latest/userguide/monitoring.htmI

NEW QUESTION 14
You need to know when you spend $1000 or more on AWS. What's the easy way for you to see that notification?

• A. AWS CIoudWatch Events tied to API calls, when certain thresholds are exceeded, publish to SNS.
• B. Scrape the billing page periodically and pump into Kinesis.
• C. AWS CIoudWatch Metrics + Billing Alarm + Lambda event subscriptio
• D. When a threshold is exceeded, email the manager.
• E. Scrape the billing page periodically and publish to SN

Answer: C

Explanation:
Even if you're careful to stay within the free tier, it's a good idea to create a billing alarm to notify you if you exceed the limits of the free tier. Billing alarms can help to protect you against unknowingly accruing charges if you inadvertently use a service outside of the free tier or if traffic exceeds your expectations. Reference: http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-aIarms.htmI

NEW QUESTION 15
You need to migrate 10 million records in one hour into DynamoDB. All records are 1.5KB in size. The data is evenly distributed across the partition key. How many write capacity units should you provision during this batch load?

• A. 6667
• B. 4166
• C. 5556
• D. 2778

Answer: C

Explanation:
You need 2 units to make a 1.5KB write, since you round up. You need 20 million total units to perform this load. You have 3600 seconds to do so. DMde and round up for 5556.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ProvisionedThroughp ut.htmI

NEW QUESTION 16
Which major database needs a BYO license?

• A. PostgreSQL
• B. NIariaDB
• C. MySQL
• D. Oracle

Answer: D

Explanation:
Oracle is not open source, and requires a bring your own license model.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_OracIe.htm|

NEW QUESTION 17
What is the scope of an EBS snapshot?

• A. Availability Zone
• B. Placement Group
• C. Region
• D. VPC

Answer: C

Explanation:
An EBS snapshot is tied to its region and can only be used to create volumes in the same region. You can copy a snapshot from one region to another. For more information, see Copying an Amazon EBS Snapshot.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resources.htmI

NEW QUESTION 18
When thinking of AWS Elastic Beanstalk, the 'Swap Environment URLs' feature most directly aids in what?

• A. Immutable Rolling Deployments
• B. MutabIe Rolling Deployments
• C. Canary Deployments
• D. Blue-Green Deployments

Answer: D

Explanation:
Simply upload the new version of your application and let your deployment service (AWS Elastic Beanstalk, AWS CIoudFormation, or AWS OpsWorks) deploy a new version (green). To cut over to the new version, you simply replace the ELB URLs in your DNS records. Elastic Beanstalk has a Swap
Environment URLs feature to facilitate a simpler cutover process.
Reference: https://d0.awsstatic.com/whitepapers/overview-of-deployment-options-on-aws.pdf

NEW QUESTION 19
What is the scope of an EC2 EIP?

• A. Placement Group
• B. Availability Zone
• C. Region
• D. VPC

Answer: C

Explanation:
An Elastic IP address is tied to a region and can be associated only with an instance in the same region. Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resources.htmI

NEW QUESTION 20
Your appIication's Auto Scaling Group scales up too quickly, too much, and stays scaled when traffic decreases. What should you do to fix this?

• A. Set a longer cooldown period on the Group, so the system stops overshooting the target capacit
• B. The issue is that the scaling system doesn't allow enough time for new instances to begin servicing requests before measuring aggregate load again.
• C. Calculate the bottleneck or constraint on the compute layer, then select that as the new metric, and set the metric thresholds to the bounding values that begin to affect response latency.
• D. Raise the CIoudWatch Alarms threshold associated with your autoscaling group, so the scaling takes more of an increase in demand before beginning.
• E. Use larger instances instead of lots of smaller ones, so the Group stops scaling out so much and wasting resources as the OS level, since the OS uses a higher proportion of resources on smaller instances.

Answer: B

Explanation:
Systems will always over-scale unless you choose the metric that runs out first and becomes constrained first. You also need to set the thresholds of the metric based on whether or not latency is affected by the change, tojustify adding capacity instead of wasting money.
Reference: http://docs.aws.amazon.com/AutoSca|ing/latest/DeveIoperGuide/poIicy_creating.htmI

NEW QUESTION 21
Your system automatically provisions EIPs to EC2 instances in a VPC on boot. The system provisions the whole VPC and stack at once. You have two of them per VPC. On your new AWS account, your attempt to create a Development environment failed, after successfully creating Staging and Production environments in the same region. What happened?

• A. You didn't choose the Development version of the AMI you are using.
• B. You didn't set the Development flag to true when deploying EC2 instances.
• C. You hit the soft limit of 5 EIPs per region and requested a 6th.
• D. You hit the soft limit of 2 VPCs per region and requested a 3r

Answer: C

Explanation:
There is a soft limit of 5 E|Ps per Region for VPC on new accounts. The third environment could not allocate the 6th EIP.
Reference: http://docs.aws.amazon.com/generaI/latest/gr/aws_service_|imits.htmI#Iimits_vpc

NEW QUESTION 22
If I want CIoudFormation stack status updates to show up in a continuous delivery system in as close to real time as possible, how should I achieve this?

• A. Use a long-poll on the Resources object in your CIoudFormation stack and display those state changesin the UI for the system.
• B. Use a long-poll on the <code>ListStacks</code>API call for your CIoudFormation stack and display those state changes in the UI for the system.
• C. Subscribe your continuous delivery system to an SNS topic that you also tell your CIoudFormation stack to publish events into.
• D. Subscribe your continuous delivery system to an SQS queue that you also tell your CIoudFormation stack to publish events into.

Answer: C

Explanation:
Use NotificationARNs.member.N when making a CreateStack call to push stack events into SNS in nearly real-time.
Reference:
http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/using-cfn-updating-stacks-monitor-s tack.htmI

NEW QUESTION 23
......