AWS Devops Engineer Professional Certified Practice Exam Set 9

You have a setup in AWS which consists of EC2 Instances sitting behind and ELB. The launching and termination of the Instances are controlled via an Auto scaling Group. The architecture consists of a My SQL AWS RDS database. Which of the following can be used to induce one more step towards a self-healing architecture for this design?


Options are :

  • Enable Read Replica?s for the AWS RDS database.
  • Enable Multi-AZ feature for the AWS RDS database. (Correct)
  • Create one more Auto scaling Group in another region for fault tolerance
  • Create one more ELB in another region for fault tolerance

Answer : Enable Multi-AZ feature for the AWS RDS database.

which is done by specifying the Auto Scaling Rolling Update policy. This retains the same Auto Scaling group and replaces old InstYour application is currently running on Amazon EC2 instances behind a load balancer. Your management has decided to use a Blue/Green deployment strategy. How should you implement this for each deployment?


Options are :

  • Set up Amazon Route 53 health checks to fail over from any Amazon EC2 instance that is currently being deployed to.
  • Launch more Amazon EC2 instances to ensure high availability, de-register each Amazon EC2 instance from the load balancer, upgrade it, and test it. and then register it again with the load balancer.
  • Using AWS Cloud Formation. create a test stack for validating the code, and then deploy the code to each production Amazon EC2 instance.
  • Create a new load balancer with new Amazon EC2 instances, carry out the deployment, and then switch DNS over to the new load balancer using Amazon Route 53 after testing. . (Correct)

Answer : Create a new load balancer with new Amazon EC2 instances, carry out the deployment, and then switch DNS over to the new load balancer using Amazon Route 53 after testing. .

What is the amount of time that Ops work stacks services waits for a response from an underlying instance before deeming it as a failed instance?


Options are :

  • 60 minutes
  • 20 minutes
  • 1 minute
  • 5 minutes (Correct)

Answer : 5 minutes

You have a set of EC2 Instances running behind an ELB. These EC2 Instances are launched via an Auto scaling Group. There is a requirement to ensure that the logs from the server are stored in a durable storage layer. This is so that log data can be analyzed by staff in the future. Which of the following steps can be implemented to ensure this requirement is fulfilled. Choose 2 answers from the options given below ?


Options are :

  • On the web servers, create a scheduled task that executes a script to rotate and transmit the logs to an Amazon S3 bucket. (Correct)
  • On the web servers, create a scheduled task that executes a script to rotate and transmit the logs to Amazon Glacier.
  • Use AWS Data Pipeline to move log data from the Amazon S3 bucket to Amazon SQS in order to process and run reports
  • Use AWS Data Pipeline to move log data from the Amazon 53 bucket to Amazon Redshift in order to proce and run reports (Correct)

Answer : On the web servers, create a scheduled task that executes a script to rotate and transmit the logs to an Amazon S3 bucket. Use AWS Data Pipeline to move log data from the Amazon 53 bucket to Amazon Redshift in order to proce and run reports

You are a Dev ops engineer for your company. The company hosts a web application that is hosted on a single EC2 Instance. The end users are complaining of slow response times for the application. Which of the following can be used to effectively scale the application?


Options are :

  • Use Cloud formation to deploy the app again with an Amazon RDS with the Multi-AZ feature.
  • Use Amazon RDS with the Multi-AZ feature.
  • Use Auto scaling launch configurations to launch multiple instances and place them behing an ELB.
  • Use Auto scaling Groups to launch multiple instances and place them behind an ELB. (Correct)

Answer : Use Auto scaling Groups to launch multiple instances and place them behind an ELB.

Your company is planning on using the available services in AWS to completely automate their integration, build and deployment process. They are planning on using AWS Code Build to build their artifacts. When using Code Build, which of the following files specifies a collection of build commands that can be used by the service during the build process?


Options are :

  • build spec. yrnl (Correct)
  • appspec.yml
  • App spec. j son
  • buildspec.xml

Answer : build spec. yrnl

You have decided you need to change the instance type of your instances in production which are running as part of an Auto scaling Group. We have used Cloud Formation Template to launch our architecture and have currently 4 instances in production. You cannot have any interruption in service and need to ensure 2 Instances are always running during the update. Which of the options listed below can be chosen for this?


Options are :

  • Auto Scaling Rolling Update (Correct)
  • Auto Scaling Replacing Update
  • Auto Scaling integration Update
  • Auto Scaling Scheduled Action

Answer : Auto Scaling Rolling Update

When you add lifecycle hooks to an Auto scaling Group , what are the wait states that occur during the scale in and scale out process. Choose 2 answers from the options given below Please select:


Options are :

  • Pending: Wait
  • Exiting: Wait (Correct)
  • Launching: Wait
  • Terminating: Wait (Correct)

Answer : Exiting: Wait Terminating: Wait

Your public website uses a load balancer and an Auto Scaling group in a virtual private cloud. Your chief security officer has asked you to set up a monitoring system that quickly detects and alerts your team when a large sudden traffic increase occurs. How should you set this up?


Options are :

  • Set up an Amazon Cloud Watch alarm for the Amazon EC2 Network in metric for the Auto Scaling group and then use Amazon SNS to alert your team. (Correct)
  • Set up a cron job to actively monitor the AWS Cloud Trail logs for increased traffic and use Amazon SNS to
  • Use an Amazon EMR job to run every thirty minutes analyze the CloudWatch logs from your application Amazon EC2 instances in a batch manner to detect a sharp increase in traffic and then use the Amazon SNS SMS notification to alert your team
  • Set up an Amazon Cloud Watch alarm for the Elastic Load Balancing Network in metric and then use Amazon SNS to alert your team.
  • Use an Amazon EMR job to run every thirty minutes, analyze the Elastic Load Balancing access logs in a batch manner to detect a sharp increase in traffic and then use the Amazon Simple Email Service to alert your tea

Answer : Set up an Amazon Cloud Watch alarm for the Amazon EC2 Network in metric for the Auto Scaling group and then use Amazon SNS to alert your team.

You need to grant a vendor access to your AWS account. They need to be able to read protected messages in a private S3 bucket at their leisure. They also use AWS. What Is the best way to accomplish this? Please select:


Options are :

  • Create a cross-account lAM Role with permission to access the bucket, and grant permission to use the RoI?, to the vendor AWS account. (Correct)
  • Generate a signed S3 PUT URL and a signed S3 PUT URL both with wildcard values and 2 year durations. Pass the URL5 to the vendor.
  • Create an EC2 Instance Profile on your account. Grant the associated lAM role full access to the bucket. Start.... an EC2 instance with this Profile and give SSH access to the instance to the vendor.
  • Create an lAM User with API Access Keys. Grant the User permissions to access the bucket. Give the vendor the AWS Access Key ID and AWS Secret Access Key for the User.

Answer : Create a cross-account lAM Role with permission to access the bucket, and grant permission to use the RoI?, to the vendor AWS account.

You are building an application based on the Go programming language for internal, nonproduction use which uses My SQL as a database. You want developers without very much AWS experience to be able to deploy new code with a single command line push. You also want to set this up as simply as possible. Which Sh tool is ideal for this setup? Please select:


Options are :

  • AWS Ops Works
  • AWS ELB+EC2
  • AWS ELB+EC2 (Correct)
  • AWS Cloud Formation

Answer : AWS ELB+EC2

You have instances running on your VPC. You have both production and development based instances running in the VPC. You want to ensure that people who are responsible for the development instances don?t have the access to work on the production Instances to ensure better security. Using policies, which of the following would be the best way to accomplish this? Choose the correct answer from the options given below ?


Options are :

  • Launch the test and production Instances in separate VPC?s and use VPC peering
  • Create an lAM policy with a condition which allows access to only instances that are used for production or development
  • Launch the test and production instances in different Availability Zones and use Multi Factor Authentication?
  • Define the tags on the test and production servers and add a condition to the lAM policy which allows access to specific tags (Correct)

Answer : Define the tags on the test and production servers and add a condition to the lAM policy which allows access to specific tags

Your development team is developing a mobile application that access resources in AWS. The users accessing this application will be logging in via Face book and Google. Which of the following AWS mechanisms would you use to authenticate users for the application that needs to access AWS resources Please select:


Options are :

  • Use separate lAM Roles that correspond to each Face book and Google user
  • Use Web identity federation to authenticate the users (Correct)
  • Use AWS Policies to authenticate the users
  • Use separate lAM users that correspond to each Face book and Google user

Answer : Use Web identity federation to authenticate the users

Which of the following is a reliable and durable logging solution to track changes made to your AWS resources?


Options are :

  • Create a new Cloud Trail with an existing 53 bucket to store the logs and with the global services option selected. Use S3 ACL5 and Multi Factor Authentication (MFA) Delete on the S3 bucket that stores your logs.
  • Create a new Cloud Trail with one new 53 bucket to store the logs and with the global services option selected. Use AM roles S3 bucket policies and Multi Factor Authentication (MFA) Delete on the S3 bucket that stores your logs. (Correct)
  • Create three new Cloud Trail trails with three new S3 buckets to store the logs one for the AWS Management console, one for AWS SDK5 and one for command line tools. Use IAM roles and 53 bucket policies on the 53 buckets that store your logs.
  • Create a new Cloud Trail with one new 53 bucket to store the logs. Configure SNS to send log file delivery notifications to your management system. Use IAM roles and 53 bucket policies on the 53 bucket that stores your logs.

Answer : Create a new Cloud Trail with one new 53 bucket to store the logs and with the global services option selected. Use AM roles S3 bucket policies and Multi Factor Authentication (MFA) Delete on the S3 bucket that stores your logs.

There is a company website that is going to be launched in the coming weeks. There is a probability that the traffic will be quite high in the ffrst couple of weeks. In the event of a load failure, how can you set up DNS fall over to a static website? Choose the correct answer from the options given below?


Options are :

  • Add more servers in case the application fails.
  • Enable failover to an on-premise data center to the application hosted there.
  • Use Route 53 with the failover option to failover to a static S3 website bucket or Cloud Front distribution. (Correct)
  • Duplicate the exact application architecture in another region and configure DNS weight-based routing

Answer : Use Route 53 with the failover option to failover to a static S3 website bucket or Cloud Front distribution.

Your company uses an application hosted in AWS which consists of EC2 Instances. The logs of the EC2 instances need to be processed and analyzed in real time , since this is a requirement from the IT Security department. Which of the following can be used to process the logs in real time?


Options are :

  • Use Cloud watch logs to process and analyze the logs in real time
  • Use another EC2 Instance with a larger instance type to process the logs
  • Use Amazon Glacier to store the logs and then use Amazon Kinesis to process and analyze the logs in real
  • Use Amazon 53 to store the logs and then use Amazon Kinesis to process and analyze the logs in real time. (Correct)

Answer : Use Amazon 53 to store the logs and then use Amazon Kinesis to process and analyze the logs in real time.

Your company is hosting an application in AWS. The application consists of a set of web servers and AWS RDS. The application is a read intensive application. It has been noticed that the response time of the application decreases due to the load on the AWS RDS instance. Which of the following measures can be taken to scale the data tier. Choose 2 answers from the options given below Please select:


Options are :

  • Use SQS to cache the database queries
  • Use Elastic Cache in front of your Amazon RDS DB to cache common queries. (Correct)
  • Use Auto scaling to scale out and scale in the database tier
  • Create Amazon DB Read Replica?s. Configure the application layer to query the read replica?s for query needs. (Correct)

Answer : Use Elastic Cache in front of your Amazon RDS DB to cache common queries. Create Amazon DB Read Replica?s. Configure the application layer to query the read replica?s for query needs.

As part of your deployment pipeline, you want to enable automated testing of your AWS Cloud Formation template. What testing should be performed to enable faster feedback while minimizing costs and risk? Select three answers from the options given below ?


Options are :

  • When creating the stack. specify an Amazon SNS topic to which your testing system Is subscribed. Your testing system runs tests when it receives notification that the stack is created or updated. (Correct)
  • Validate the template?s is syntax using a general JSON parser.
  • Validate the AWS Cloud Formation template against the official XSD scheme definition published by Amazon Web Services.
  • Use the AWS Cloud Formation Validate Template to validate the syntax of the template (Correct)
  • Use the AWS Cloud Formation Validate Template to validate the properties of resources defined in the template.
  • Update the stack with the template. If the template fails rollback will return the stack and its resources to exactly the same state. (Correct)

Answer : When creating the stack. specify an Amazon SNS topic to which your testing system Is subscribed. Your testing system runs tests when it receives notification that the stack is created or updated. Use the AWS Cloud Formation Validate Template to validate the syntax of the template Update the stack with the template. If the template fails rollback will return the stack and its resources to exactly the same state.

Which of the following resource is used in Cloud formation to create nested stacks Please select:


Options are :

  • AWS::Cloud Formation::Stack Net
  • AWS::Cloud Formation::Stack . (Correct)
  • AWS::Cloud Formation::Nested
  • AWS::Cloud Formation::Nested Stack

Answer : AWS::Cloud Formation::Stack .

Your company has a set of development teams that work in a variety of programming languages. They develop applications which have a lot of different application dependencies. There is a move from the company to move these development environments onto AWS. Which of the below is the best option to make this happen?


Options are :

  • Use the Ops work service. create a stack and create separate layers for each application environment for the developer community
  • Launch separate EC2 Instances to host each application type for the developer community
  • Use the Cloud formation service to create ducker containers for each type of application
  • Use the Elastic beanstalk service and use Ducker containers to host each application environment for the developer community (Correct)

Answer : Use the Elastic beanstalk service and use Ducker containers to host each application environment for the developer community

You are a Dev ops Engineer for your company. The company has a number of Cloud formation templates in AWS. There is a concern from the IT Security department and they want to know who all use the Cloud formation stacks In the company?s AWS account. Which of the following can be done to take care of this security concern?


Options are :

  • Enable Cloud trail logs so that the API calls can be recorded (Correct)
  • Enable Cloud watch logs for each cloud formation stack to track the resource creation events.
  • Connect SQS and Cloud formation so that a message Is published for each resource created in the Cloud formation stack.
  • Enable Cloud watch events for each cloud formation stack to track the resource creation events.

Answer : Enable Cloud trail logs so that the API calls can be recorded

You are a Dev ops Engineer for your company. You have been instructed to create a continuous integrated and continuous delivery model for the application In your organization. Which of the below services could be used for this purpose. Choose 2 answers from the options given below ?


Options are :

  • AWS Code Deploy (Correct)
  • AWS Code Pipeline (Correct)
  • AWSS QS
  • AWS AM

Answer : AWS Code Deploy AWS Code Pipeline

Your company wants to understand where cost is coming from in the company?s production AWS account. There are a number of applications and services running at any given time. Without expending too much initial development time, how best can you give the business a good understanding of which applications cost the most per month to operate?


Options are :

  • Use custom Cloud Watch Metrics in your system, and put a metric data point whenever cost is incurred.
  • Create an automation script which periodically creates AWS Support tickets requesting detailed lntra.month information about your bill.
  • Use the AWS Price API and constantly running resource inventory scripts to calculate total price based on multiplication of consumed resources over time.
  • Use AWS Cost Allocation Tagging for all resources which support it. Use the Cost Explorer to analyze costs throughout the month. (Correct)

Answer : Use AWS Cost Allocation Tagging for all resources which support it. Use the Cost Explorer to analyze costs throughout the month.

You have written a Cloud Formation template that creates 1 elastic load balancer fronting 2 EC2 instances. Which section of the template should you edit so that the DNS of the load balancer Is returned upon creation of the stack?


Options are :

  • Outputs (Correct)
  • Parameters
  • Mappings
  • Resources

Answer : Outputs

Which of the following items are required to allow an application deployed on an EC2 instance to write data to a Dynamo DB table? Assume that no security keys are allowed to be stored on the EC2 instance. Choose 2 answers from the options below ?


Options are :

  • Create an lAM User that allows write access to the Dynamo DB table.
  • Add an lAM User to a running EC2 instance.
  • Add an AM Role to a running EC2 Instance. (Correct)
  • Create an lAM Role that allows write access to the Dynamo DB table (Correct)

Answer : Add an AM Role to a running EC2 Instance. Create an lAM Role that allows write access to the Dynamo DB table

Which of the following can be used in Cloud formation to coordinate the creation of stack resources. Choose 2 answers from the options given below ?


Options are :

  • AWS::Cloud Formation::Hold Condition
  • Creation Policy attribute . (Correct)
  • Hold Policy attribute
  • AWS::Cloud Formation::Wait Condition (Correct)

Answer : Creation Policy attribute . AWS::Cloud Formation::Wait Condition

You have just been assigned to take care of the Automated resources which have been setup by your company In AWS. You are looking at Integrating some of the company?s chef recipes to be used for the existing Ops work stacks already setup in AWS. By when you go to the recipes section, you cannot see the option to add any recipes. What could be the reason for this?


Options are :

  • The stack layers were created without the custom cookbooks option. Just change the layer settings accordingly.
  • The stacks were created without the custom cookbooks option. Just change the stack settings accordingly. (Correct)
  • Once you create a stack, you cannot assign custom recipe?s. this needs to be done when the stack Is created.
  • Once you create layers in the stack, you cannot assign custom recipe?s, this needs to be done when the layers are created.

Answer : The stacks were created without the custom cookbooks option. Just change the stack settings accordingly.

Your company has an on-premise Active Directory setup in place. The company has extended their footprint on AWS, but still want to have the ability to use their on-premise Active Directory for authentication. Which of the following AWS services can be used to ensure that AWS resources such as AWS Workspaces can continue to use the existing credentials stored in the on-premise Active Directory?


Options are :

  • Use the Active Directory connector service on AWS (Correct)
  • Use the AWS Simple AD service
  • Use the Classic Link feature on AWS
  • Use the Active Directory service on AWS

Answer : Use the Active Directory connector service on AWS

You are using Jenkins as your continuous integration systems for the application hosted in AWS. The builds are then placed on newly launched EC2 Instances. You want to ensure that the overall cost of the entire continuous Integration and deployment pipeline Is minimized. Which of the below options would meet these requirements? Choose 2 answers from the options given below Please select:


Options are :

  • Ensure that all build tests are conducted using Jenkins before deploying the build to newly launched EC2 Instances. (Correct)
  • Ensure the Instances are launched only when the build tests are completed. (Correct)
  • Ensure that all build tests are conducted on the newly launched EC2 Instances.
  • Ensure the Instances are created beforehand for faster turnaround time for the application builds to be placed.

Answer : Ensure that all build tests are conducted using Jenkins before deploying the build to newly launched EC2 Instances. Ensure the Instances are launched only when the build tests are completed.

The AWS Code Deploy service can be used to deploy code from which of the below mentioned source repositories. Choose 3 answers from the options given below Please select:


Options are :

  • Subversion repositories
  • Git Hub repositories .- (Correct)
  • Bit bucket repositories (Correct)
  • 53 Buckets (Correct)

Answer : Git Hub repositories .- Bit bucket repositories 53 Buckets

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions