AWS Certified DevOps Engineer – Professional Practice Questions Part 6

An enterprise is using a warm standby DR strategy for its application with RTO and RPO of 30 minutes. The application consists of EC2 instance and RDS MySQL. From the following options, which is helpful to meet these RTO and RPO? (Choose 2)

A big company handles the source code using AWS CodeCommit. There are over 100 repositories and numerous teams working on various projects. You need to provide the appropriate access to different users as a DevOps engineer. For example, the development team should not access the repositories containing sensitive information. How are you supposed to manage this?

John’s company has started using AWS CodeCommit to maintain the source code. Thousands of developers are present and new Git repositories are introduced regularly in CodeCommit. The DevOps team was instructed to formulate an approach in the creation of a new repository through the running of a script and after the script is running, it can automatically add setup code, such as model and README. What is the best approach to manage everything?

You are using AWS Elastic Beanstalk to run a social media marketing application, for which you have written a component in Ruby. To support different marketing campaigns, this application component sends messages to social media sites. Your management needs to record responses to these messages from social media to analyze the marketing campaign’s effectiveness compared to past and future efforts. A new application component has already been developed for the social media site API to read the replies. Which method should you use to record social media responses for analytical historical data in a sustainable data storage that can be accessed at any time?

A start-up IT firm has just moved its most important web-based software to AWS. A disaster recovery program in AWS must be built as soon as possible, otherwise, the failure may have a huge impact on the credibility of the business and on the cash flow. The organization does, however, have a budget run out and has to review its operating costs. What tools will help the organization control costs during the implementation of a disaster recovery system? (Choose 2)

You maintain an application that serves as a front end and uses MongoDB for document management on an acceptable web server. You use the user data tab to set up the application to pre-bake AMI with the newest version of the web server. You now have an amendment to the underlying version of the OS and must, therefore, deploy it. How will you do that as easily as possible?

Your development team uses Elastic Beanstalk. Deploying multiple versions of your application is your responsibility. How do you ideally ensure that you do not cross Elastic Beanstalk’s application version limit?

You are working on an application that has three EC2 instances in the Auto-scaling group behind an Elastic Load Balancer. You find that the Auto-scaling group was updated with a new launch configuration that refers to an updated AMI. Your ELB health checks were successful yet, you still have received complains of error from users. What will you do to prevent this situation from happening again?

Choose the invalid statement regarding the application deployment if you want to deploy applications to ELB.

In AWS CodeDeploy, ABC company used a single web application, which includes EC2, for AWS services. CodeDeploy works well, but your manager wants to get notifications in time when the next installation is successful or fails, in the slack channel. You were told to implement this in AWS CloudWatch events. A Lambda feature that only covers deployments would be the target of the Event rule. What is the right event pattern for the rule?

Which of the following 3 things would you be able to accomplish with the benefit of the CloudWatch logs?

In your organization, you have set up the following AWS services: Auto-scaling Group, Elastic Load Balancer, and EC2 Instances. If the utilization of CPU is less than 30%, you have to terminate an instance from the Auto-scaling group. How will you do that?

What is not a supported Elastic Beanstalk service platform?

Your team will run a Java project using AWS CodeStar. AWS CodeCommit includes the source code. The build stage is managed with AWS CodeBuild followed by a stack with resources like the Lambda function via the CloudFormation deployment stage. Several team members, including Jason (owner), Tony (viewer) and Eric (contributor), have been added to the CodeStar project. The various roles in the project should be allowed to different members. How are CodeStar’s permissions managed?

In a project, a Linux-based instance stack in Opswork has been defined. Furthermore, you want to attach a database to it. Which of the following is an important step towards ensuring that the Linux application can communicate with the database?

You have been tasked to build a dashboard for security control in AWS. The dashboard should be able to determine if EC2 instances are vulnerable and exposed (CVEs). This incident should be detected, for example, when an EC2 instance does not download a particular patch and is exposed to a known CVE. What is the best approach to do so?

Your company designed an application to transfer all user logs to a Kinesis channel, and those logs will live for 24 hours in the streams. A recent strategy of Splunk Enterprise is to scan, track, and review request logs. Also, on an EC2 instance, the Splunk Server has been deployed. What is the best approach to loading streaming data into the Splunk instance on the Kinesis Stream?

You are creating a DynamoDB application for the storage of JSON data. The read and write capability of the DynamoDB table has already been set. The amount of traffic received during the deployment period by the application is not known. Your IT officer asks you to ensure that DynamoDB is not throttled and is not an application bottleneck. What steps should you take for this? (Choose 2)

You are responsible for an application, which is using EC2, ELB, and Auto-scaling. The ELB access logs were requested by your manager. You do not find any log in the S3 bucket. Why is that happening?

For several years, an organization has been using the Jenkins database on site as a CI/CD tool. Most of its services have recently moved to AWS. AWS CodePipeline will be used as the new tool in order to replace the Jenkins database by the DevOps team. Initial research and reporting were given to the CEO. What are CodePipeline’s strengths relative to that of the Jenkins server? (Choose 2)

Which of the following can be used to monitor whether the changes made to your AWS resources are reliable and durable logging solutions?

A crew is working on the development of a new AWS EC2 web application. Atlassian JIRA Software is used for many existing projects within the company. The team is expected to work with a single project management portal where information is available such as JIRA tales, on-going implementation, system endpoints, etc. for this new project. How can the team meet the expectations?

A large company has a massive quantity of data in AWS S3. These S3 buckets include the application’s read or write data. The safety auditor was concerned that some sensitive information could be revealed in S3. Some programs, for example, can store some text files containing PII data for customers. In these S3 buckets, the auditor asked for a solution to quickly scan potential security issues. What is the best solution?

You have an OpsWork stack on Linux instances. Your recipe execution failed. How can you diagnose the reason for failure?

AWS platform is used by the company to host the bulk of its applications and services. You have handled a great many AWS assets as an AWS administrator to meet business needs. In many AWS regions and accounts, you sometimes need to build, upgrade or delete similar resources. For example, to decide whether CloudTrail is allowed on all accounts, you have to set up an AWS Config rule. What is the safest way to implement these settings in multiple regions or on account of single operations?

The Kinesis Stream was used by a financial firm to store processed logs from a busy application in real time. The data is then sent to a Kinesis Firehose distribution system that provides information to the final destination of the S3 container. The data input format is RFC3163 Syslog. Before the data is delivered, the format must be converted to JSON in Kinesis Firehose. How will this be done?

The DevOps group assesses AWS CodeBuild to figure out if it is suitable for developing new software. Different objects or environments are needed to build artifacts for these applications. The environmental image, for which the construction project is to run must be selected in AWS CodeBuild. From the given options, what are good CodeBuild environment images? (Choose 2)

Your organization owns several AWS accounts. The AWS operation team creates several base docker images in AWS ECR. Another development team is working on a new project, in which the build phase needs to use AWS CodeBuild to build artifacts. One requirement is that the environment image of CodeBuild must use an ECR docker image owned by the operation team. However, the ECR docker image is located in a different AWS account. How would you resolve this and create the CodeBuild project?

Robert’s team has created a new AWS CodeDeploy software to simplify Amazon EC2 deployments under auto-scaling. A deployment operation may have failed because of software problems. In the production environment, your manager asked you to automatically setup a rollback to the deployment group. What statement is correct when it comes to the automatic rollback setup of CodeDeploy?

A multi-level architecture is being operated on AWS with the Nginx web server instances. The application is having bugs when operated by users. How can you quickly and effectively identify those errors?

A new project to build a pipeline for a new Android app was assigned to you in the AWS CodePipeline operation. The source stage of the pipeline is GitHub and CodeBuild is used for building the app. This uses a buildspec file to create objects that are stored in an S3 bucket during the construction phase. To test the new version of the App in AWS Device Farm, a further step needs to be added. The QA team has already developed a test project in AWS Server Farm. In AWS CodePipeline, how should you configure this new stage?

As a DevOps Engineers, you have to host a custom application with custom dependencies for a development team by using AWS service. From the following options, choose the perfect way to perform your task.

Raffaele has heavy AWS users and possesses many AWS resources such as EC2, S3, RDS, etc. in his company. Now he is required to develop an ongoing monitoring service in AWS to track services from the safety standpoint. For example, if an EC2 instance is compromised and used to carry out a Denial of Service (DoS) attack using the UDP protocol, the service should be able to identify potential risks. What should Raffaele do?

In his AWS EC2 instances, Raymond recently experienced an IT security incident. An offender used an EC2 penetration testing tool from Kali Linux, found weaknesses in the EC2 configurations, and gained unauthorized access to the company’s resources. To ensure that all EC2 cases are properly patched, Raymond needs to develop a plan. For such potential security risks, a monitoring tool is also needed. How should he work together with his team to fulfill the requirements? (Choose 2)

Rex has several AWS CloudFormation StackSets. A StackSet has been developed in several regions to set up web application network resources, such as IAM roles and Security Groups. A parameter value of CloudFormation StackSets must be modified because of some new features in the program. Nevertheless, only two regions need this modification and the parameter for the other regions should not be modified. How can he do this?

Your application is running behind a load balancer on Amazon EC2 instances. Your company has decided to use a strategy for the blue/green deployment. How do you do this for every deployment?

The team is creating an online bid program that has been used to store information for customers in DynamoDB tables. For read, a response time of microseconds is needed. The latest DynamoDB tables do not seem to provide this efficiency however. What is the best approach to greatly improve the reading output without altering current program logic?

You decided to change the instance type of your production instances that run in the Auto-scaling group. To launch your architecture, you used the CloudFormation template and currently used 4 instances in production. The service cannot be interrupted therefore two instances should always run during the update. Which of the following options can be applicable?

You configure the Continuous Integration (CI) system to create AMIs in your deployment process. You want to build them in a cost-effective, automated way. What method are you supposed to use?

A website is running in a virtual private cloud, using a load balancer and an Auto-scaling group. Your Head of Security has asked you to set up a system of monitoring that will rapidly detect and notify your team when there is a sudden increase in traffic. How would you configure that?

Amazon SQS and Auto-scaling are used by the program to handle background work. The Auto-scaling policy is based on the amount and maximum instance count of 100 messaging in the queue. The category has never increased beyond 50 since the application was launched. The Auto-scaling group is now 100, the queue size is growing and there are very few jobs that are completed. The number of messages sent to the queue is regular. What should you do to identify why the queue size is unusually high and reduce it?

In several Amazon EC2 instances, you have an I/O and a network-intensive application that cannot handle a large ongoing increase in traffic. Two volumes of Amazon EBS PIOPS are used in the Amazon EC2 instances, each with the identical instance.
Choose the right approach in order to reduce the load on instances with the least interference with the application.

You developed a new feature using AWS services. You want to test it from inside a staging VPC. How would you do this with the fastest turnaround time?

Your company assigns you the management of application that uses Amazon SDK and Amazon EC2 roles to store and retrieve Amazon S3 data, access multiple tables of DynamoDB and exchange messages using Amazon SQS queues. Your Compliance Vice- President is concerned that your security practices is not outstanding. He asked you to check that the application AWS access key is not older than six months, and to provide control evidence that these keys are rotated at least once every six months. Which option suits the best to provide the required information to VP?

You have an application that has mandate requirements for security and compliance and the protected health information that belongs to your application should be encrypted both at rest and transit. The data flows through the load balancer and is stored on Amazon EBS volumes using three-architecture for processing. The outputs are stored in S3 using AWS SDK service. Choose the two options which allow fulfilling the security requirements.

Ace has an organization that has an AWS application with three tiers: frontend, backend and database. Different AWS services including EC2, ELB, Auto-scaling, Route53, RDS, and others are being used. The RTO (Recovery Time Objective) is set at 1 hour for the entire application. What can help you achieve this goal?

During a deployment cycle, you recently found a major error in your web application. It took four hours by the team during this unsuccessful deployment to return to a previously functional state, which left customers with poor user experience. Your team discussed the need to roll back failed deployments quicker and more robust. Your web application is running on Amazon EC2 and is using Elastic Load Balancing to balance your load. How do you solve the problem?

Addis has a Chef Version 11.10 running on AWS OpsWorks Stack. He has its own cookbook hosted on Amazon S3, and this is specified in the stack as a custom cookbook. A cookbook located in an external Git repository is required, which is an open source cookbook. How could he use both of the custom books?

A group of developers within your company wishes to move its current application in Elastic Beanstalk and use Elastic Load Balancing and Amazon SQS. Currently, you have a custom application server. How can this requirement be achieved?

Your web application is running on three M3 instances in three AZs. A group of three to thirty instances are scaled using the Auto-scaling group. When you review the CloudWatch metrics, you see that there are sometimes 15 instances in your Auto Scaling group. The web application reads and writes to a DynamoDB-configured backend with 800 Write and read capacity units. The company’s ID is your DynamoDB main key. In your web application, you receive 25 TB of data. You have one customer who complains delay in load time when his employees arrive at the office at 9:00 am and load the website consisting of content drawn out by DynamoDB. Other customers use the web application routinely. Select the response to ensure high availability and reduce access times for the customer.