• Home
  • Articles
  • [Jan 24, 2022] Fully Updated Dumps PDF - Latest AWS-DevOps Exam Questions and Answers [Q153-Q175]

[Jan 24, 2022] Fully Updated Dumps PDF - Latest AWS-DevOps Exam Questions and Answers [Q153-Q175]

Share

[Jan 24, 2022] Fully Updated Dumps PDF - Latest AWS-DevOps Exam Questions and Answers

100% Free AWS-DevOps Exam Dumps to Pass Exam Easily from Lead2Passed


Career Opportunities

These were some important things that you need to know about the Amazon AWS Certified DevOps Engineer – Professional certification and its corresponding exam. You should understand that getting this certificate comes with a lot of benefits. The companies are becoming more and more reliant on AWS and that is why they need people who will be able to work for them. If you have this Amazon certification, it will allow you to land a better job with a decent salary. The certified specialists can choose between different job roles, including an AWS Cloud Engineer, a Remote Senior DevOps Engineer, a Cloud Operations Engineer, a DevOps Engineer, and Senior Linux Engineer, among others. The average salary can be up to $120,000 per annum, depending on your job title, related tasks, and working experience.


AWS DOP-C01 Exam Certification Details:

Exam Price$300 USD
Schedule ExamPEARSON VUE
Recommended Training / BooksDevOps Engineering on AWS
Sample QuestionsAWS DOP-C01 Sample Questions
Exam NameAWS DevOps Engineer Professional (AWS-DevOps)
Duration180 minutes
Passing Score75%
Exam CodeDOP-C01
Number of Questions75

 

NEW QUESTION 153
You currently have EC2 Instances hosting an application. These instances are part of an Autoscaling Group.
You now want to change the instance type of the EC2 Instances. How can you manage the deployment with the least amount of downtime

  • A. Use the Rolling Update feature which is available for EC2 Instances.
  • B. Use the AutoScalingRollingUpdate policy on CloudFormation Template Auto Scalinggroup
  • C. Terminate the existing Auto Scalinggroup. Create a new launch configuration with the new Instance type. Attach that to the new Autoscaing Group.
  • D. Manually terminate the instances, launch new instances with the new instance type and attach them to the Autoscaling group

Answer: B

Explanation:
Explanation
The AWS::AutoScaling::AutoScalingGroup resource supports an UpdatePolicy attribute. This is used to define how an Auto Scalinggroup resource is updated when an update to the Cloud Formation stack occurs. A common approach to updating an Auto Scaling group is to perform a rolling update, which is done by specifying the AutoScalingRollingUpdate policy. This retains the same Auto Scalinggroup and replaces old instances with new ones, according to the parameters specified.
For more information on AutoScaling Rolling Update, please refer to the below link:
* https://aws.amazon.com/premiumsupport/knowledge-center/auto-scaling-group-rolling-updates/

 

NEW QUESTION 154
A Security team requires all Amazon EBS volumes that are attached to an Amazon EC2 instance to have AWS Key Management Service (AWS KMS) encryption enabled. If encryption is not enabled, the company's policy requires the EBS volume to be detached and deleted. A DevOps Engineer must automate the detection and deletion of unencrypted EBS volumes.
Which method should the Engineer use to accomplish this with the LEAST operational effort?

  • A. Launch an EC2 instance with an IAM role that has permissions to describe and delete volumes. Run a script on the EC2 instance every 5 minutes to describe all EBS volumes in all regions and identify volumes that are attached without encryption enabled. The script then deletes those volumes.
  • B. Create an Amazon CloudWatch Events rule that invokes an AWS Lambda function when an EBS volume is created. The Lambda function checks the EBS volume for encryption. If encryption is not enabled and the volume is attached to an instance, the function deletes the volume.
  • C. Create a rule in AWS Config to check for unencrypted and attached EBS volumes. Subscribe an AWS Lambda function to the Amazon SNS topic that AWS Config sends change notifications to.
    The Lambda function checks the change notification and deletes any EBS volumes that are non- compliant.
  • D. Create an AWS Lambda function to describe all EBS volumes in the region and identify volumes that are attached to an EC2 instance without encryption enabled. The function then deletes all non- compliant volumes. The AWS Lambda function is invoked every 5 minutes by an Amazon CloudWatch Events scheduled rule.

Answer: C

 

NEW QUESTION 155
You are building a large, multi-tenant SaaS (software-as-a-service) application with a component that fetches data to process from a customer-specific Amazon S3 bucket in their account.
How should you ensure that your application follows security best practices and limits risk when fetching data from customer-owned Amazon S3 buckets?

  • A. Have users create an Amazon S3 bucket policy that grants read-only access to the Amazon S3 bucket required by your application, and securely store the corresponding access keys in the database holding their account data.
  • B. Have users create an IAM user with a policy that grants read-only access to the Amazon S3 bucket required by your application, and store the corresponding access keys in an encrypted database that holds their account data.
  • C. Have users create a cross-account lAM role with a policy that grants read-only access to the Amazon S3 bucket required by your application to the AWS account ID running your production Sass application.
  • D. Have users create an Amazon S3 bucket policy that grants read-only access to the Amazon S3 bucket required by your application and limits access to the public IP address of the SaaS application.

Answer: C

 

NEW QUESTION 156
During metric analysis, your team has determined that the company's website during peak hours is experiencing response times higher than anticipated. You currently rely on Auto Scaling to make sure that you are scaling your environment during peak windows. How can you improve your Auto Scaling policy to reduce this high response time? Choose 2 answers.

  • A. Push custom metrics to CloudWatch to monitor your CPU and network bandwidth from your servers, which will allow your Auto Scaling policy to have betterfine-grain insight.
  • B. Push custom metrics to CloudWatch for your application that include more detailed information about your web application, such as how many requests it is handling and how many are waiting to be processed.
  • C. Create a script that runs and monitors your servers; when it detects an anomaly in load, it posts to an Amazon SNS topic that triggers Elastic Load Balancing to add more servers to the load balancer.
  • D. IncreaseyourAutoScalinggroup'snumberofmaxservers.

Answer: B,D

Explanation:
Explanation
Option B makes sense because maybe the max servers is low hence the application cannot handle the peak load.
Option D helps in ensuring Autoscaling can scale the group on the right metrics.
For more information on Autoscaling health checks, please refer to the below document link: from AWS
* http://docs.aws.amazon.com/autoscaling/latest/userguide/healthcheck.html

 

NEW QUESTION 157
A Development team is working on a serverless application in AWS. To quickly identify and remediate potential production issues, the team decides to roll out changes to a small number of users as a test before the full release. The DevOps Engineer must develop a solution to minimize downtime and impact. Which of the following solutions should be used to meet the requirements?
(Select TWO.)

  • A. Create an ELB Network Load Balancer with two target groups. Set up the Network Load Balancer for Amazon API Gateway private integration Associate one target group with the current version and the other target group with the new version. Configure the load balancer to route 10% of incoming traffic to the new version. As the new version becomes stable, detach the old version from the load balancer.
  • B. Create an alias for an AWS Lambda function pointing to both the current and new versions.
    Configure the alias to route 10% of incoming traffic to the new version. As the new version is considered stable, update the alias to route all traffic to the new version.
  • C. Create an Application Load Balancer with two target groups. Set up the Application Load Balancer for Amazon API Gateway private integration. Associate one target group to the current version and the other target group to the new version. Configure API Gateway to route 10% of incoming traffic to the new version. As the new version becomes stable, configure API Gateway to send all traffic to the new version and detach the old version from the load balancer.
  • D. In Amazon API Gateway, create a canary release deployment by adding canary settings to the stage of a regular deployment. Configure API Gateway to route 10% of the incoming traffic to the canary release. As the canary release is considered stable, promote it to a production release
  • E. Create a rollover record set in AWS Route 53 pointing to the AWS Lambda endpoints for the old and new versions. Configure Route 53 to route 10% of incoming traffic to the new version. As the new version becomes stable, update the DNS record to route all traffic to the new version.

Answer: B,D

Explanation:
https://aws.amazon.com/blogs/compute/implementing-canary-deployments-of-aws-lambda- functions-with-alias-traffic-shifting/

 

NEW QUESTION 158
You need your CI to build AM Is with code pre-installed on the images on every new code push. You need to do this as cheaply as possible. How do you do this?

  • A. Have the CI launch a new on-demand EC2 instance when new commits come in, perform all instance configuration and setup, then create an AMI based on the on-demand instance.
  • B. When the CI instance receives commits, attach a new EBS volume to the CI machine. Perform all setup on this EBS volume so you don't need
  • C. Bid on spot instances just above the asking price as soon as new commits come in, perform all instance configuration and setup, then create an AM I based on the spot instance.
  • D. Purchase a Light Utilization Reserved Instance to save money on the continuous integration machine.
    Use these credits whenever your create AMIs on instances.

Answer: C

Explanation:
Explanation
Amazon CC2 Spot instances allow you to bid on spare Amazon CC2 computing capacity. Since Spot instances are often available at a discount compared to On- Demand pricing, you can significantly reduce the cost of running your applications, grow your application's compute capacity and throughput for the same budget, and enable new types of cloud computing applications.
For more information on Spot Instances, please visit the below URL:
* https://aws.amazon.com/ec2/spot/

 

NEW QUESTION 159
A DevOps Engineer has several legacy applications that all generate different log formats. The Engineer must standardize the formats before writing them to Amazon S3 for querying and analysis.
How can this requirement be met at the LOWEST cost?

  • A. Have the application send its logs to Amazon QuickSight then use the Amazon QuickSight SPICE engine to normalize the logs Do the analysis directly from Amazon QuickSight.
  • B. Have the application send its logs to an Amazon EMR cluster and normalize the logs before sending them to Amazon S3
  • C. Keep the logs in Amazon S3 and use Amazon Redshift Spectrum to normalize the logs in place
  • D. Use Amazon Kinesis Agent on each server to upload the logs and have Amazon Kinesis Data Firehose use an AWS Lambda function to normalize the logs before writing them to Amazon S3

Answer: D

 

NEW QUESTION 160
When an Auto Scaling group is running in Amazon Elastic Compute Cloud (EC2), your application rapidly scales up and down in response to load within a 10-minute window; however, after the load peaks, you begin to see problems in your configuration management system where previously terminated Amazon EC2 resources are still showing as active. What would be a reliable and efficient way to handle the cleanup of Amazon EC2 resources within your configuration management system? Choose two answers from the options given below

  • A. Write a script that is run by a daily cron job on an Amazon EC2 instance and that executes API Describe calls of the EC2 Auto Scalinggroup and removes terminated instances from the configuration management system.
  • B. Use your existing configuration management system to control the launchingand bootstrapping of instances to reduce the number of moving parts in the automation.
  • C. Configure an Amazon Simple Queue Service (SQS) queue for Auto Scaling actions that has a script that listens for new messages and removes terminated instances from the configuration management system.
  • D. Write a small script that is run during Amazon EC2 instance shutdown to de-register the resource from the configuration management system.

Answer: A,D

Explanation:
Explanation
There is a rich brand of CLI commands available for Cc2 Instances. The CLI is located in the following link:
* http://docs.aws.amazon.com/cli/latest/reference/ec2/
You can then use the describe instances command to describe the EC2 instances.
If you specify one or more instance I Ds, Amazon CC2 returns information for those instances. If you do not specify instance IDs, Amazon EC2 returns information for all relevant instances. If you specify an instance ID that is not valid, an error is returned. If you specify an instance that you do not own, it is not included in the returned results.
* http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html
You can use the CC2 instances to get those instances which need to be removed from the configuration management system.

 

NEW QUESTION 161
A company is using an AWS CodeBuild project to build and package an application.
The packages are copied to a shared Amazon S3 bucket before being deployed across multiple AWS accounts.
The buildspec.yml file contains the following:

The DevOps Engineer has noticed that anybody with an AWS account is able to download the artifacts.
What steps should the DevOps Engineer take to stop this?

  • A. Modify the post_build to command to use --acl public-readand configure a bucket policy that grants read access to the relevant AWS accounts only.
  • B. Configure a default ACL for the S3 bucket that defines the set of authenticated users as the relevant AWS accounts only and grants read-only access.
  • C. Modify the post_build command to remove --acl authenticated-readand configure a bucket policy that allows read access to the relevant AWS accounts only.
  • D. Create an S3 bucket policy that grants read access to the relevant AWS accounts and denies read access to the principal "*"

Answer: C

Explanation:
You can define bucket policy using NotPrincipal to grant permission to specified accounts or users while it explicitly denies access from other users.
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notprincipal.ht ml

 

NEW QUESTION 162
A company develops and maintains a web application using Amazon EC2 instances and an Amazon RDS for SQL Server DB instance in a single Availability Zone The resources need to run only when new deployments are being tested using AWS CodePipeline. Testing occurs one or more times a week and each test takes 2-3 hours to run. A DovOps engineer wants a solution that does not change the architecture components.
Which solution will meet these requirements in the MOST cost-effective manner?

  • A. Convert the RDS database to an Amazon Aurora Serverless database Use an AWS Lambda function to start and stop the EC2 instances before and after tests
  • B. Replace the EC2 instances with EC2 Spot Instances and the RDS database with an RDS Reserved Instance.
  • C. Put the EC2 instances into an Auto Scaling group. Schedule scaling to run at the start of the deployment tests.
  • D. Subscribe Amazon CloudWatch Events to CodePipeline to trigger AWS Systems Manager Automation documents that start and stop all EC2 and RDS instances before and after deployment tests.

Answer: A

 

NEW QUESTION 163
Why are more frequent snapshots or EBS Volumes faster?

  • A. AWS provisions more disk throughput for burst capacity during snapshots if the drive has been pre-warmed by snapshotting and reading all blocks.
  • B. Blocks in EBS Volumes are allocated lazily, since while logically separated from other EBS Volumes, Volumes often share the same physical hardware. Snapshotting the first time forces full block range allocation, so the second snapshot doesn't need to perform the allocation phase and is faster.
  • C. The drive is pre-warmed, so block access is more rapid for volumes when every block on the device has already been read at least one time.
  • D. The snapshots are incremental so that only the blocks on the device that have changed after your last snapshot are saved in the new snapshot.

Answer: D

Explanation:
After writing data to an EBS volume, you can periodically create a snapshot of the volume to use as a baseline for new volumes or for data backup. If you make periodic snapshots of a volume, the snapshots are incremental so that only the blocks on the device that have changed after your last snapshot are saved in the new snapshot. Even though snapshots are saved incrementally, the snapshot deletion process is designed so that you need to retain only the most recent snapshot in order to restore the volume.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-creating-snapshot.html

 

NEW QUESTION 164
Which EBS volume type is best for high performance NoSQL cluster deployments?

  • A. gp2
  • B. standard
  • C. io1
  • D. gp1

Answer: C

Explanation:
io1 volumes, or Provisioned IOPS (PIOPS) SSDs, are best for: Critical business applications that require sustained IOPS performance, or more than 10,000 IOPS or 160 MiB/s of throughput per volume, like large database workloads, such as MongoDB.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html

 

NEW QUESTION 165
Your company has an application hosted on an Elastic beanstalk environment. You have been instructed that whenever application changes occur and new versions need to be deployed that the fastest deployment approach is employed. Which of the following deployment mechanisms will fulfil this requirement?

  • A. Allatonce
  • B. Rollingwith batch
  • C. Rolling
  • D. Immutable

Answer: A

Explanation:
Explanation
The following table from the AWS documentation shows the deployment time for each deployment methods.

For more information on Elastic beanstalk deployments, please refer to the below link:
* http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.deploy-existing-version,htmI

 

NEW QUESTION 166
A DevOps Engineer has a single Amazon Dynamo DB table that received shipping orders and tracks inventory. The Engineer has three AWS Lambda functions reading from a DymamoDB stream on that table.
The Lambda functions perform various functions such as doing an item count, moving items to Amazon Kinesis Data Firehose, monitoring inventory levels, and creating vendor orders when parts are low.
While reviewing logs, the Engineer notices the Lambda functions occasionally fail under increased load, receiving a stream throttling error.
Which is the MOST cost-effective solution that requires the LEAST amount of operational management?

  • A. Use AWS Glue integration to ingest the DynamoDB stream, then migrate the Lambda code to an AWS Fargate task.
  • B. Create a fourth Lambda function and configure it to be the only Lambda reading from the stream. Then use this Lambda function to pass the payload to the other three Lambda functions.
  • C. Have the Lambda functions query the table directly and disable DynamoDB streams. Then have the Lambda functions query from a global secondary index.
  • D. Use Amazon Kinesis streams instead of Dynamo DB streams, then use Kinesis analytics to trigger the Lambda functions.

Answer: B

 

NEW QUESTION 167
You work as a Devops Engineer for your company. There are currently a number of environments hosted via
Elastic beanstalk. There is a requirement to ensure to ensure that the rollback time for a new version
application deployment is kept to a minimal. Which elastic beanstalk deployment method would fulfil this
requirement ?

  • A. Blue/Green
  • B. AllatOnce
  • C. Rollingwith additional batch
  • D. Rolling

Answer: A

Explanation:
Explanation
The below table from the AWS documentation shows that the least amount of time is spent in rollbacks when
it comes to Blue Green deployments. This is because the only thing that needs to be done is for URL's to be
swapped.

For more information on Elastic beanstalk deployment strategies, please visit the below URL:
* http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-featu
res.de ploy-existing- version, htm I

 

NEW QUESTION 168
A healthcare provider has a hybrid architecture that includes 120 on-premises VMware servers running RedHat and 50 Amazon EC2 instances running Amazon Linux.
The company is in the middle of an all-in migration to AWS and wants to implement a solution for collecting information from the on-premises virtual machines and the EC2 instances for data analysis.
The information includes:
- Operating system type and version
- Data for installed applications
- Network configuration information, such as MAC and IP addresses
- Amazon EC2 instance AMI ID and IAM profile
How can these requirements be met with the LEAST amount of administration?

  • A. Install AWS Systems Manager agents on both the on-premises virtual machines and the EC2 instances. Enable inventory collection and configure resource data sync to an Amazon S3 bucket to analyze the data with Amazon Athena.
  • B. Use AWS Application Discovery Service for deploying Agentless Discovery Connector in the VMware environment and Discovery Agents on the EC2 instances for collecting the data. Then use the AWS Migration Hub Dashboard for analytics.
  • C. Use a script on the on-premises virtual machines as well as the EC2 instances to gather and push the data into Amazon S3, and then use Amazon Athena for analytics.
  • D. Write a shell script to run as a cron job on EC2 instances to collect and push the data to Amazon S3. For on-premises resources, use VMware vSphere to collect the data and write it into a file gateway for storing the data in S3. Finally, use Amazon Athena on the S3 bucket for analytics.

Answer: A

 

NEW QUESTION 169
A company runs an application with an Amazon EC2 and on-premises configuration. A DevOps Engineer needs to standardize patching across both environments. Company policy dictates that patching only happens during non-business hours.
Which combination of actions will meet these requirements? (Choose three.)

  • A. Execute an AWS Systems Manager Automation document to patch the systems every hour.
  • B. Create IAM access keys for the on-premises machines to interact with AWS Systems Manager.
  • C. Attach an IAM role to the EC2 instances, allowing them to be managed by AWS Systems Manager.
  • D. Use Amazon CloudWatch Events scheduled events to schedule a patch window.
  • E. Use AWS Systems Manager Maintenance Windows to schedule a patch window.
  • F. Add the physical machines into AWS Systems Manager using Systems Manager Hybrid Activations.

Answer: C,E,F

 

NEW QUESTION 170
When deploying to a Docker swarm, which section of the docker-compose file defines configuration related to the deployment and running of services?

  • A. build
  • B. deploy
  • C. services
  • D. args

Answer: B

Explanation:
Version 3 only.
Specify configuration related to the deployment and running of services. This only takes effect when deploying to a swarm withdocker stack deploy, and is ignored by docker-compose up and docker-compose run.
Reference: https://docs.docker.com/compose/compose-file/#deploy

 

NEW QUESTION 171
You have an ELB setup in AWS with EC2 instances running behind it. You have been requested to monitor the incoming connections to the ELB.
Which of the below options can suffice this requirement?

  • A. Create a custom metric CloudWatch filter on your load balancer
  • B. Use AWSCIoudTrail with your load balancer
  • C. Enable access logs on the load balancer
  • D. Use a CloudWatch Logs Agent

Answer: C

Explanation:
Clastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer. Cach log contains information such as the time the request was received, the client's IP address, latencies, request paths, and server responses. You can use these access logs to analyze traffic patterns and to troubleshoot issues.
Option A is invalid because this service will monitor all AWS services Option C and D are invalid since CLB already provides a logging feature.

 

NEW QUESTION 172
Your application's Auto Scaling Group scales up too quickly, too much, and stays scaled when traffic decreases. What should you do to fix this?

  • A. Calculate the bottleneck or constraint on the compute layer, then select that as the new metric, and set the metric thresholds to the bounding values that begin to affect response latency.
  • B. Set a longer cooldown period on the Group, so the system stops overshooting the target capacity.
    The issue is that the scaling system doesn't allow enough time for new instances to begin servicing requests before measuring aggregate load again.
  • C. Raise the CloudWatch Alarms threshold associated with your autoscaling group, so the scaling takes more of an increase in demand before beginning.
  • D. Use larger instances instead of lots of smaller ones, so the Group stops scaling out so much and wasting resources as the OS level, since the OS uses a higher proportion of resources on smaller instances.

Answer: A

Explanation:
Systems will always over-scale unless you choose the metric that runs out first and becomes constrained first. You also need to set the thresholds of the metric based on whether or not latency is affected by the change, to justify adding capacity instead of wasting money.
http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/policy_creating.html

 

NEW QUESTION 173
An application is running on Amazon EC2. It has an attached IAM role that is receiving an AccessDenied error while trying to access a SecureString parameter resource in the AWS Systems Manager Parameter Store.
The SecureString parameter is encrypted with a customer-managed Customer Master Key (CMK), What steps should the DevOps Engineer take to grant access to the role while granting least privilege? (Select three.)

  • A. Set kms:Decrypt for the customer-managed CMK resource in the role's IAM policy.
  • B. Set ssm:GetParamter for the parameter resource in the instance role's IAM policy.
  • C. Set ssm:DecryptParameter for the parameter resource in the instance role IAM policy.
  • D. Set kms:Decrypt for the instance role in the customer-managed CMK policy.
  • E. Set kms:Decrypt for the parameter resource in the customer-managed CMK policy.
  • F. Set kms:GenerateDataKey for the user on the AWS managed SSM KMS key.

Answer: B,D,E

 

NEW QUESTION 174
To monitor API calls against our AWS account by different users and entities, we can use
________ to create a history of calls in bulk for later review, and use ___________ for reacting to AWS API calls in real-time.

  • A. AWS Config; AWS Inspector
  • B. AWS CloudTrail; CloudWatch Events
  • C. AWS CloudTrail; AWS Config
  • D. AWS Config; AWS Lambda

Answer: B

Explanation:
CloudTrail is a batch API call collection service, CloudWatch Events enables real-time monitoring of calls through the Rules object interface.
Reference: https://aws.amazon.com/whitepapers/security-at-scale-governance-in-aws/

 

NEW QUESTION 175
......

Free AWS-DevOps Exam Questions AWS-DevOps Actual Free Exam Questions: https://www.lead2passed.com/Amazon/AWS-DevOps-practice-exam-dumps.html

Verified AWS-DevOps dumps and 275 unique questions: https://drive.google.com/open?id=1Bz98k2LeMi99kDUc5SyiHFfg0zYiJspW

Related Articles

more
Amazon AWS-DevOps Certification Practice Exam