AWS Certified DevOps Engineer – Professional Practice Questions Part 4

Louis has used AWS CodeDeploy to deploy the latest software release to several AWS EC2 instances. In this CodeDeploy application, there are two Deployment groups called Stage and Prod. At the moment, the only difference between Stage and Prod is the logging level, which can be configured in a file. What is the most efficient way to implement the different logging levels for the two Deployment groups?

The company you work for recently began using the AWS system and used a basic support package for its AWS account. As AWS resources are limited, your director requested to develop a solution to alert him to the low utilization rate of EC2 assets. You intend to use AWS CloudWatch Events to define the lambda feature as the target for these tools. The Lambda feature can provide the director with personalized text. How are you to combine these two choices to fulfill your requirements? (Choose 2)

In order to activate CloudTrail, the company wants to increase visibility in AWS user and resource activities. The trail was set up only to collect activities in the ap-south-1 region since most resources were used. However, customers are concerned that the data in the CloudTrail could be lost if a disaster occurs in the ap-south region. What measures should you take to tackle the problem?

You have to set up a solution that incorporates single sign-on from your corporate AD or LDAP directory and does not allow access to each user to a designated user folder in a bucket. Choose 3 answers to fulfill the given scenario.

Specific attention is needed to ensure that the security vulnerability is not present for its AWS services. A rule is provided in AWS Config to test if the assets of AWS are always according to expectations. The policy is very complex and the current AWS-managed rule is not applicable to the needs of the organization. What actions can this requirement achieve in combination? (Choose any 2)

You have an instance in Auto-scaling group, in which lifecycle hooks are enabled. Due to lifecycle hooks, initially, the instance is put into Pending: Wait state, which means that the instance cannot handle the traffic in this state. In wait sate, other scaling actions are also suspended. Later, the instance is put into Pending: Proceed and then it is changed to InService, which means that instances in Auto-scaling group can now serve the traffic, but you have observed that the bootstrapping process finishes earlier than the status Pending: Proceed is updated.
What can you do to check that the status of the instance is updated correctly after the bootstrapping process?

The AWS API Gateway and Lambda service both have been implemented by a team. The JSON input data can be saved to the internal database and S3. Some data in the JSON body are not used after the service runs for several years, and should no longer be saved. The Lambda, which is at the backend was modified to only support the current JSON values. Before all users move to the new API, the original API in API Gateway remains used for a while. How should the original API be set to still support the backend of the old application by Lambda?

You want to design a .Net front end and DynamoDB back end application. You know that the application will run with a heavy load. How will you ensure the scalability of application for minimum DynamoDB database load?

To maintain an API endpoint, your team uses the AWS API Gateway and Lambda functionality. Recently, the Lambda function has been modified and some new data is applied to the response body. The Lambda feature has been updated to support the change and a new API has been added. The team wants to keep API version 1 and version 2 accessible to your API consumers simultaneously. In order to make the version 1 API compliant, how should you change it in the API Gateway?

You are working in a company where you have to record all the activities occurring in AWS account and provide the access of the loggings of events to the security officer across all regions in a simple and secure way that no one else would be able to access those events other than the security officer. How will you execute your task? Select the best solution from the given options.

You are tasked to move an application to the world of AWS Elastic Beanstalk. The OS is Amazon Linux and package managers need ‘yum’ and ‘rubygems’ to download all packages required for the program. In .ebextensions, you have created config files in which you have added a software package section. For the package segment in the configuration folder, what is the correct statement?

An IT administrator has the responsibility to create a development environment, which would confirm the LAMP development stack. Whenever a new instance is launched, the development team should be updated with the latest version of the LAMP stack. Choose 2 answers, which will meet the requirements in the best way possible.

If you are asked to build a social media mobile application, which needs permission for every user login and storing their data in DynamoDB. What would you choose to do from the following options in order to grant access to DynamoDB to your application users when required?

You are building a pipeline for a new Web application that AWS CodePipeline. The source provider in the source stage is GitHub and its output artifact is designed as WebApp. In the Build process, two simultaneous development activities have been performed and the service providers have used AWS CodeBuild. Which input/output artifact configuration is right for these two build actions?

A DevOps engineer is constructing a pipeline for an ongoing Java project. The CI/CD software is chosen as AWS CodePipeline. CloudFormation stacks are used during the deployment process. Nonetheless, a variety of conditions must be taken into account. For example, if there is no stack, the stack may be generated. Check whether a stack already exists or should be created and then inspected. The team managers tend to introduce an overviewed state machine and each state executes a Lambda operation. How can this requirement best be fulfilled?

Your company CTO assigns you that task to connect a MySQL Database to a Wordpress application keeping in ming that the environment must be fault tolerant and highly available. Select 2 options from the following, which would individually play their role to perform the required task.

A company is designing loosely coupled system. For executing this successfully, which of the following design strategies are ideal? (Choose 2)

You assist a team in developing a new AWS system CI/CD Pipeline. The pre-requisite is that an orchestration system like origin control, design, and implementation handle the pipeline as a whole. Throughout implementation, various workflow-driven activities are taken into account to ensure that the state machine engine is able to handle these actions correctly. The execution status of the pipeline and state machine should be visualized. What two combined approaches can implement this? (Choose 2)

An organization has an Auto-scaling group with the following setting: Minimum capacity: 2, Desired capacity: 2 and Maximum capacity: 4. In the Auto-scaling group, the total number of instances is two that are currently running. You are advised to ensure that no new instances were introduced by the Auto-scaling team for a duration of an hour. Which combination of steps will avoid the release of new instances? (Choose 2)

How will you, as DevOps engineer, automate the creation of EBS snapshot?

You are a partner for AWS and assist a customer in the development of applications with AWS Elastic Beanstalk network. In the Amazon Linux system, one significant software will be installed. You also built some config files in the.ebextensions folder because there are several Shell commands to execute before and after the program version is extracted. What parts of the config file can you insert commands to make it work properly? (Choose 2)

A DevOps engineer helps the development team build AWS Elastic Beanstalk’s Node.js software. The maximum number of Auto-scaling group instances was updated to 10 in AWS console during environment development. In the source bundle, however, the .ebextensions folder contains a configuration file setting the maximum number of instances to 5. Since the limit of 4 is standard for Elastic Beanstalk, how many ASGs can the DevOps engineer build in the AWS console after the environment?

Allen created a CloudWatch events rule to capture CloudFormation API call:
{
“source”: [
“aws.cloudformation”
],
“detail-type”: [
“AWS API Call via CloudTrail”
],
“detail”: {
“eventSource”: [
“cloudformation.amazon.com”
]
}
}
The Event rule has the Lambda Function as a target for slack channel notifications. Nevertheless, no notification was provided when a CloudFormation stack was modified. Which one of the following could be the cause?

A company wants to use a SaaS third-party app running on AWS. The SaaS application must be able to issue several API commands to detect Amazon EC2 resources in the company’s account. The company has internal security policies that require external access to its environment and must ensure with the minimum privilege principles and controls, which ensure that the credentials used by the SaaS vendor cannot be accessed by the third party. Which of the following would satisfy all these requirements?

A company wants to access the on-premises LDAP server from an application launched on a VPC. The connection of VPC and on-premises location is established through an IPSec VPN. Choose 2 correct options for application user authentication.

There are several AWS CloudFormation templates that Harry has to maintain. Two incidents occurred last month where someone modified assets in existing CloudFormation stacks without any alert or notification. This had negative effects on the stacks of possible changes, and the changes were lost when the stacks were reset. This is not compliant with company policy. His team leader has demanded that he alerts the team when drifts occur in the CloudFormation stack. What is the best way to do this?

You are using an EC2 instance, on which web and worker role infrastructure is defined. Jobs sent by the web role are managed through SQS. Now, what way will be suitable to check that the jobs are sent properly by the web role?

Jose is working in a company that has to do a major public announcement of a social media site in AWS. The website is running on EC2 instances launched in multiple availability zones with a Multi-AZ RDS MySQL Extra Large DB Instance. The site executes a high number of small reads and writes per second and depends on an eventual consistency model. After complete tests, he observes that there is read contention on RDS MySQL. Which approaches should he choose to meet these requirements? (Choose 2)

A company has given you the task of designing a CloudFormation template. In the template, it must be included that the CloudFormation stack is deleted and a snapshot of the Relational DB is created as a part of the stack. What should you do to complete this task?

AWS DevOps admins are working on building the infrastructure of the company’s development team through CloudFormation, which includes the VPC and networking components, installing a LAMP stack and securing the created resources. For designing this template, choose the best way among the following options.

A company is using OpsWork with several stacks for development, staging, and production to deploy and manage the application. The company wants to start using python instead of Ruby as it already as Ruby on Rail content management platform. Choose the correct solution to manage the new deployment.

You are responsible for creating a cloud information template to spin resources on your DevOps team’s demand. The necessity is to distribute assets in different regions through this cloud creation model. Which of the following aspects will help you develop a model to spin the resources based on region?

The company for which you are working has an enormous infrastructure built on AWS. However, there are some security concerns regarding this infrastructure and an external auditor has been given the task of thoroughly checking all the AWS assets of your company. Your company is located in the Asia-Pacific (Sydney) region of AWS whereas the auditor is in the USA. You have been assigned the task of providing the auditor with login in order to check all your VPC assets, in particular, security groups and NACLs. Choose the best and secured solution for initiating this investigation.

As an orchestration tool for the control of pipelines, AWS CodePipeline has been used in a financial firm. Certain AWS services, like CodeCommit, CodeBuild, CodeDeploy, etc, can be installed in pipelines. There is a safety policy in place to manage all artifacts created during the execution of the pipeline in a durable and highly available location. What is the correct statement about handling an objects by AWS CodePipeline? (Choose 2)

You have designed a critical application with the requirement of the least downtime of rollback (if required). You want to rollout updates to your application introduced on Elastic Beanstalk Environment. Which of the following deployment action is best suitable for this purpose?

The IT department of a company wants to launch instances in the Auto-scaling group. They need to setup lifecycle hooks for setting custom based software and do the required configuration on the instances. This setting would take an hour at maximum. Considering this scenario, how will you suggest to setup lifecycle hooks? Select 2 answers.

Your company has announced a new IT procedure for EC2 instances, which states that EC2 instances must be of the particular instance type. You want to find out the list of instances that do not match the demanded instance type. From the following options, which one would you use to obtain the list?

Your company IT supervisor is interested in optimizing the cost of running AWS resources. Which of the 2 options are suitable for this purpose?

Jenifer has an Auto-scaling group with the following setting: Minimum capacity: 2, Desired capacity: 2 and Maximum capacity: 4. The launch setup has AMIs that are t2.micro-instance-based. The program that runs on these instances now faces problems and she has found that the solution is to change the type of instance in the Auto-scaling group. From the following, which meets the desired requirement?

You are running a video processing application launched in AWS. Users upload videos on site, which are then processed by using the built-in custom program in case if there are any failures in processing, the program will be able to balance the situation. Now considering the minimum cost budget, which of the following mechanism should you use to deploy the instance for running video processing activities?

You are an AWS DevOps engineer in a company and have created a job in Jenkins to use an Elastic Beanstalk script. The eb config command was used to set up an Elastic Load Balancer Security Group. After a while, one of your colleagues thought that the security group should be changed to another and modified the configuration option in the .ebextensions folder with the config file. The Security Group, however, did not change to the new Jenkins job when it was rebuilt. What is the issue and how are you going to resolve it?

On the SaaS platform, an email with important information is sent to the user when an existing user modifies his/her subscription information. The subscription data is stored in a DynamoDB table and the stream allows the changes to table item to be recorded. The stream data is tracked and emails sent accordingly through a Java program. Which statement is correct about the use of DynamoDB streams?

There are many onsite servers operated by a company who plans to move its main servers to AWS ap-southeast-2 in order to formulate a disaster recovery plan in the cloud. The servers are installed on Microsoft HyperV-managed virtual machines for Windows. The company’s team wants to use an AWS platform to ease the migration process by periodically creating AMIs. The tool can also schedule replications and monitor progress. Which tool should be used to fulfill the requirement?

The technical team of your company is concerned with AWS account security. What will you suggest to prevent the account from being hacked?

Your company’s owner asked you to show all of the CloudFormation stacks, which have a completed status. Which command should you use?

A blue/green deployment approach for a new application is being applied by the Allen. A CloudFormation stack with tools like Auto-scaling group, launch setup and Classic Load Balancer allows the application to be deployed for every new release. Route53 configures a weighted routing system. For route53, a small percentage of traffic enters the green environment and the weight increases until the full production traffic is borne by the green environment. What is the downside of this approach?

Leo has just started using AWS ECS/ECR for its Docker applications. He is searching for a pipeline system that can use a blue/green configuration to deploy the container software in the ECS cluster. At present, all Docker pictures are stored as artifactories in the ECR system in pipelines. How is this pipeline to be applied the quickest?

198. What is the meaning of the given code in the CloudFormation template?
“SNSTopic” : {
“Type” : “AWS::SNS::Topic”,
“Properties” : {
“Subscription” : [{
“Protocol” : “sqs”,
“Endpoint” : { “Fn::GetAtt” : [ “SQSQueue” , “Arn” ] }
}]
}

A large number of aerial image data has been uploaded to S3 by your company. In the past, you used a dedicated group of servers in your local environment to process these data and used Rabbit MQ– an open source message system to get job information to the servers. The data would go to the tape and be shipped offsite once processed. Now your manager told you to use the current design along with AWS archive storage and messaging to reduce costs. Which option is right?

A company is using an Auto-scaling group to scale out and scale in EC2 instances. The traffic peak occurs every Monday at 8 am and it comes down before the weekend on Friday at 5 pm. If you have to configure Auto-scaling group in this scenario, what would you do?