[Q145-Q169] 100% Guaranteed Results AWS-DevOps-Engineer-Professional Unlimited 275 Questions [2023]

100% Guaranteed Results AWS-DevOps-Engineer-Professional Unlimited 275 Questions [2023]

AWS-DevOps-Engineer-Professional Dumps PDF - Want To Pass AWS-DevOps-Engineer-Professional Fast

If you want to start your career in the field of IT, you need to have at least one certification under your belt. Many vendors are providing a wide range of certificates you can choose from. So, if you are interested in improving your skills related to AWS, it is recommended to get one of the Amazon certifications, for example, AWS Certified DevOps Engineer – Professional.

 

NEW QUESTION 145
A company runs a database on a single Amazon EC2 instance in a development environment.
The data is stored on separate Amazon EBS volumes that are attached to the EC2 instance. An Amazon Route 53 A record has been created and configured to point to the EC2 instance. The company would like to automate the recovery of the database instance when an instance or Availability Zone (AZ) fails. The company also wants to keep its costs low. The RTO is 4 hours and RPO is 12 hours. Which solution should a DevOps Engineer implement to meet these requirements?

• A. Run the database in an Auto Scaling group with a minimum and maximum instance count of 1 in multiple AZs. Create an AWS Lambda function that is triggered by a scheduled Amazon CloudWatch Events rule every 4 hours to take a snapshot of the data volume and apply a tag.
  Have the instance UserData get the latest snapshot, create a new volume from it, and attach and mount the volume. Then start the database and update the Route 53 record.
• B. Run the database on two separate EC2 instances in different AZs with one active and the other as a standby. Attach the data volumes to the active instance. Configure an Amazon CloudWatch Events rule to invoke an AWS Lambda function on EC2 instance termination. The Lambda function launches a replacement EC2 instance. If the terminated instance was the active node, then the function attaches the data volumes to the standby node. Start the database and update the Route 53 record.
• C. Run the database in an Auto Scaling group with a minimum and maximum instance count of 1 in multiple AZs. Add a lifecycle hook to the Auto Scaling group and define an Amazon CloudWatch Events rule that is triggered when a lifecycle event occurs. Have the CloudWatch Events rule invoke an AWS Lambda function to detach or attach the Amazon EBS data volumes from the EC2 instance based on the event. Configure the EC2 instance UserData to mount the data volumes (retry on failure with a short delay), then start the database and update the Route 53 record.
• D. Run the database on two separate EC2 instances in different AZs. Configure one of the instances as a master and the other as a standby. Set up replication between the master and standby instances. Point the Route 53 record to the master. Configure an Amazon CloudWatch Events rule to invoke an AWS Lambda function upon the EC2 instance termination. The Lambda function launches a replacement EC2 instance. If the terminated instance was the active node, the function promotes the standby to master and points the Route 53 record to it.

Answer: A

Explanation:
It restores EBS volumes from snapshot and snapshot is not AZ independent.
Two instances means more costs.
Also Auto Scaling group with min 1 max 1 IS the preferred method for HA.

 

NEW QUESTION 146
A company wants to use Amazon DynamoDB for maintaining metadata on its forums. See the sample data set in the image below.

A DevOps Engineer is required to define the table schema with the partition key, the sort key, the local secondary index, projected attributes, and fetch operations.
The schema should support the following example searches using the least provisioned read capacity units to minimize cost.
-Search within ForumName for items where the subject starts with "a'.
-Search forums within the given LastPostDateTime time frame.
-Return the thread value where LastPostDateTime is within the last three months.
Which schema meets the requirements?

• A. Use Subject as the primary key and ForumName as the sort key. Have LSI with Thread as the sort key and fetch operations for LastPostDateTime.
• B. Use ForumName as the primary key and Subject as the sort key. Have LSI with Thread as the sort key and the projected attribute LastPostDateTime.
• C. Use Subject as the primary key and ForumName as the sort key. Have LSI with LastPostDateTime as the sort key and fetch operations for thread.
• D. Use ForumName as the primary key and Subject as the sort key. Have LSI with LastPostDateTime as the sort key and the projected attribute thread.

Answer: D

Explanation:
Explanation
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/LSI.html

 

NEW QUESTION 147
When an Auto Scaling group is running in Amazon Elastic Compute Cloud (EC2), your application rapidly scales up and down in response to load within a 10-minute window; however, after the load peaks, you begin to see problems in your configuration management system where previously terminated Amazon EC2 resources are still showing as active. What would be a reliable and efficient way to handle the cleanup of Amazon EC2 resources within your configuration management system? Choose two answers from the options given below

• A. Configure an Amazon Simple Queue Service (SQS) queue for Auto Scaling actions that has a script that listens for new messages and removes terminated instances from the configuration management system.
• B. Write a small script that is run during Amazon EC2 instance shutdown to de-register the resource from the configuration management system.
• C. Use your existing configuration management system to control the launchingand bootstrapping of instances to reduce the number of moving parts in the automation.
• D. Write a script that is run by a daily cron job on an Amazon EC2 instance and that executes API Describe calls of the EC2 Auto Scalinggroup and removes terminated instances from the configuration management system.

Answer: B,D

Explanation:
Explanation
There is a rich brand of CLI commands available for Cc2 Instances. The CLI is located in the following link:
* http://docs.aws.amazon.com/cli/latest/reference/ec2/
You can then use the describe instances command to describe the EC2 instances.
If you specify one or more instance I Ds, Amazon CC2 returns information for those instances. If you do not specify instance IDs, Amazon EC2 returns information for all relevant instances. If you specify an instance ID that is not valid, an error is returned. If you specify an instance that you do not own, it is not included in the returned results.
* http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html
You can use the CC2 instances to get those instances which need to be removed from the configuration management system.

 

NEW QUESTION 148
A Development team is working on a serverless application in AWS. To quickly identify and remediate potential production issues, the team decides to roll out changes to a small number of users as a test before the full release. The DevOps Engineer must develop a solution to minimize downtime and impact.
Which of the following solutions should be used to meet the requirements? (Select TWO.)

• A. Create a failover record set in AWS Route 53 pointing to the AWS Lambda endpoints for the old and new versions. Configure Route 53 to route 10% of incoming traffic to the new version. As the new version becomes stable, update the DNS record to route all traffic to the new version.
• B. In Amazon API Gateway, create a canary release deployment by adding canary settings to the stage of a regular deployment. Configure API Gateway to route 10% of the incoming traffic to the canary release.
  As the canary release is considered stable, promote it to a production release
• C. Create an ELB Network Load Balancer with two target groups. Set up the Network Load Balancer for Amazon API Gateway private integration Associate one target group with the current version and the other target group with the new version. Configure the load balancer to route 10% of incoming traffic to the new version. As the new version becomes stable, detach the old version from the load balancer.
• D. Create an alias for an AWS Lambda function pointing to both the current and new versions. Configure the alias to route 10% of incoming traffic to the new version. As the new version is considered stable, update the alias to route all traffic to the new version.
• E. Create an Application Load Balancer with two target groups. Set up the Application Load Balancer for Amazon API Gateway private integration. Associate one target group to the current version and the other target group to the new version. Configure API Gateway to route 10% of incoming traffic to the new version. As the new version becomes stable, configure API Gateway to send all traffic to the new version and detach the old version from the load balancer.

Answer: B,C

 

NEW QUESTION 149
Your company has an e-commerce platform which is expanding all over the globe, you have EC2 instances deployed in multiple regions you want to monitor performance of all of these EC2 instances. How will you setup CloudWatch to monitor EC2 instances in multiple regions?

• A. Createseparate dashboards in every region
• B. Thisis not possible
• C. Haveone single dashboard to report metrics to CloudWatch from different region
• D. Register!nstances running on different regions to CloudWatch

Answer: C

Explanation:
Explanation
You can monitor AWS resources in multiple regions using a single Cloud Watch dashboard. For example, you can create a dashboard that shows CPU utilization for an CC2 instance located in the us-west-2 region with your billing metrics, which are located in the us-east-1 region.
For more information on Cloudwatch dashboard, please refer to the below url
* http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cross_region_dashboard.html

 

NEW QUESTION 150
Which of the following Deployment types are available in the CodeDeploy service. Choose 2 answers from the options given below

• A. Immutable deployment
• B. Rolling deployment
• C. Blue/green deployment
• D. In-place deployment

Answer: C,D

Explanation:
Explanation
The following deployment types are available
1. In-place deployment: The application on each instance in the deployment group is stopped, the latest application revision is installed, and the new version of the application is started and validated.
2. Blue/green deployment: The instances in a deployment group (the original environment) are replaced by a different set of instances (the replacement environment) For more information on Code Deploy please refer to the below link:
* http://docs.aws.amazon.com/codedeploy/latest/userguide/primary-components.html

 

NEW QUESTION 151
You are a Devops Engineer for your company. You are responsible for creating Cloudformation templates for your company. There is a requirement to ensure that an S3 bucket is created for all resources in development for logging purposes. How would you achieve this?

• A. Createa parameter in the Cloudformation template and then use the Condition clause inthe template to create an S3 bucket if the parameter has a value of development
• B. Createseparate Cloudformation templates for Development and production.
• C. Createan S3 bucket from before and then just provide access based on the tag valuementioned in the Cloudformation template
• D. Usethe metadata section in the Cloudformation template to decide on whether tocreate the S3 bucket or not.

Answer: A

Explanation:
Explanation
The AWS Documentation mentions the following
You might use conditions when you want to reuse a template that can create resources in different contexts, such as a test environment versus a production environment In your template, you can add an CnvironmentType input parameter, which accepts either prod or test as inputs. For the production environment, you might include Amazon CC2 instances with certain capabilities; however, for the test environment, you want to use reduced capabilities to save money. With conditions, you can define which resources are created and how they're configured for each environment type.
For more information on Cloudformation conditions please visit the below url
* http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/conditions-section-structure.htmI

 

NEW QUESTION 152
You have the requirement to get a snapshot of the current configuration of the resources in your AWS
Account. Which of the following services can be used for this purpose

• A. AWSConfig
• B. AWS CodeDeploy
• C. AWSIAM
• D. AWS Trusted Advisor

Answer: A

Explanation:
Explanation
The AWS Documentation mentions the following
With AWS Config, you can do the following:
* Evaluate your AWS resource configurations for desired settings.
* Get a snapshot of the current configurations of the supported resources that are associated with your AWS
account.
* Retrieve configurations of one or more resources that exist in your account.
* Retrieve historical configurations of one or more resources.
* Receive a notification whenever a resource is created, modified, or deleted.
* View relationships between resources. For example, you might want to find all resources that use a particular
security group. For more information on AWS Config, please visit the below URL:
* http://docs.aws.amazon.com/config/latest/developerguide/WhatlsConfig.
html

 

NEW QUESTION 153
Your company wants to understand where cost is coming from in the company's production AWS account. There are a number of applications and services running at any given time. Without expending too much initial development time, how best can you give the business a good understanding of which applications cost the most per month to operate?

• A. Use the AWS Price API and constantly running resource inventory scripts to calculate total price based on multiplication of consumed resources over time.
• B. Use AWS Cost Allocation Tagging for all resources which support it. Use the Cost Explorer to analyze costs throughout the month.
• C. Use custom CloudWatch Metrics in your system, and put a metric data point whenever cost is incurred.
• D. Create an automation script which periodically creates AWS Support tickets requesting detailed intra-month information about your bill.

Answer: B

Explanation:
Cost Allocation Tagging is a built-in feature of AWS, and when coupled with the Cost Explorer, provides a simple and robust way to track expenses.
You can also use tags to filter views in Cost Explorer. Note that before you can filter views by tags in Cost Explorer, you must have applied tags to your resources and activate them, as described in the following sections. For more information about Cost Explorer, see Analyzing Your Costs with Cost Explorer.
http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html

 

NEW QUESTION 154
You are in charge of designing a number of Cloudformation templates for your organization. You are required to make changes to stack resources every now and then based on the requirement. How can you check the impact of the change to resources in a cloudformation stack before deploying changes to the stack?

• A. Thereis no way to control this. You need to check for the impact beforehand.
• B. UseCloudformation Stack Policies to check for the impact to the changes.
• C. UseCloudformation Rolling Updates to check for the impact to the changes.
• D. UseCloudformation change sets to check for the impact to the changes.

Answer: D

Explanation:
Explanation
The AWS Documentation mentions
When you need to update a stack, understanding how your changes will affect running resources before you implement them can help you update stacks with confidence. Change sets allow you to preview how proposed changes to a stack might impact your running resources, for example, whether your changes will delete or replace any critical resources, AWS CloudFormation makes the changes to your stack only when you decide to execute the change set, allowing you to decide whether to proceed with your proposed changes or explore other changes by creating another change set. You can create and manage change sets using the AWS CloudFormation console, AWS CLI, or AWS CloudFormation API.
For more information on Cloudformation change sets, please visit the below url
http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/using-cfn-updating-stacks-changesets.html

 

NEW QUESTION 155
A company's web application will be migrated to AWS. The application is designed so that there is no server-side code required. As part of the migration, the company would like to improve the security of the application by adding HTTP response headers, following the Open Web Application Security Project (OWASP) secure headers recommendations.
How can this solution be implemented to meet the security requirements using best practices?

• A. Use an Amazon S3 bucket configured for website hosting. Create an Amazon CloudFront distribution that refers to this S3 bucket, with the origin response event set to trigger a Lambda@Edge Node.js function to add in the security headers.
• B. Use an Amazon S3 bucket configured for website hosting, then set up server access logging on the S3 bucket to track user activity. Then configure the static website hosting and execute a scheduled AWS Lambda function to verify, and if missing, add security headers to the metadata.
• C. Use an Amazon S3 bucket configured for website hosting, then set up server access logging on the S3 bucket to track user activity. Configure the static website hosting to return the required security headers.
• D. set an Amazon S3 bucket configured for website hosting. Create an Amazon CloudFront distribution that refers to this S3 bucket. Set "Cache Based on Selected Request Headers" to
  "Whitelist," and add the security headers into the whitelist.

Answer: A

Explanation:
https://aws.amazon.com/blogs/networking-and-content-delivery/adding-http-security-headers- using-lambdaedge-and-amazon-cloudfront/

 

NEW QUESTION 156
A DevOps Engineer is responsible for the deployment of a PHP application. The Engineer is working in a hybrid deployment, with the application running on both on-premises servers and Amazon EC2 instances. The application needs access to a database containing highly confidential information. Application instances need access to database credentials, which must be encrypted at rest and in transit before reaching the instances. How should the Engineer automate the deployment process while also meeting the security requirements?

• A. Use AWS CodeDeploy to deploy application packages to the instances. Store database credentials in the AppSpec file. Define an IAM policy for allowing access to only the database credentials. Attach the IAM policy to the role associated to the instance profile for CodeDeploy-managed instances and the role used for on-premises instances registration on CodeDeploy
• B. Use AWS Elastic Beanstalk with a PHP platform configuration to deploy application packages to the instances. Store database credentials on AWS Systems Manager Parameter Store using the Secure String data type. Define an IAM role for Amazon EC2 allowing access, and decrypt only the database credentials. Associate this role to all the instances.
• C. Use AWS CodeDeploy to deploy application packages to the instances. Store database credentials on AWS Systems Manager Parameter Store using the Secure String data type. Define an IAM role with an attached policy that allows decryption of the database credentials. Associate this role to all the instances and on-premises servers.
• D. Use AWS CodeDeploy to deploy application packages to the instances. Store database credentials on AWS Systems Manager Parameter Store using the Secure String data type. Define an IAM policy for allowing access, and decrypt only the database credentials. Attach the IAM policy to the role associated to the instance profile for CodeDeploy-managed instances, and to the role used for on-premises instances registration on CodeDeploy.

Answer: C

 

NEW QUESTION 157
Your API requires the ability to stay online during AWS regional failures. Your API does not store any
state, it only aggregates data from other sources - you do not have a database. What is a simple but
effective way to achieve this uptime goal?

• A. Use an ELB and a cross-zone ELB deployment to create redundancy across datacenters. Even if a
  region fails, the other AZ will stay online.
• B. Create a Route53 Latency Based Routing Record with Failover and point it to two identical
  deployments of your stateless API in two different regions. Make sure both regions use Auto Scaling
  Groups behind ELBs.
• C. Create a Route53 Weighted Round Robin record, and if one region goes down, have that region
  redirect to the other region.
• D. Use a CloudFront distribution to serve up your API. Even if the region your API is in goes down, the
  edge locations CloudFront uses will be fine.

Answer: B

Explanation:
Latency Based Records allow request distribution when all is well with both regions, and the Failover
component enables fallbacks between regions. By adding in the ELB and ASG, your system in the
surviving region can expand to meet 100% of demand instead of the original fraction, whenever failover
occurs.
Reference: http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html

 

NEW QUESTION 158
You need to perform ad-hoc business analytics queries on well-structured data. Data comes in constantly at a high velocity. Your business intelligence team can understand SQL. What AWS service(s) should you look to first?

• A. EMR using Hive
• B. EMR running Apache Spark
• C. Kinesis Firehose + RedShift
• D. Kinesis Firehose + RDS

Answer: C

Explanation:
Kinesis Firehose provides a managed service for aggregating streaming data and inserting it into RedShift. RedShift also supports ad-hoc queries over well-structured data using a SQL-compliant wire protocol, so the business team should be able to adopt this system easily.
https://aws.amazon.com/kinesis/firehose/details/

 

NEW QUESTION 159
You currently have the following setup in AWS:
1) An Elastic Load Balancer
2) Auto Scaling Group which launches EC2 Instances
3) AMIs with your code pre-installed
You want to deploy the updates of your app to only a certain number of users. You want to have a cost-effective solution. You should also be able to revert back quickly. Which of the below solutions is the most feasible one?

• A. Redeploy with AWS Elastic Beanstalk and Elastic Beanstalk versions. Use Route 53 Weighted Round Robin records to adjust the proportion of traffic hitting the two ELBs
• B. Create new AM Is with the new app. Then use the new EC2 instances in half proportion to the older instances.
• C. Create a second ELB, and a new Auto Scaling Group assigned a new Launch Configuration.
  Create a new AMI with the updated app. Use Route53 Weighted Round Robin records to adjust the proportion of traffic hitting the two ELBs.
• D. Create a full second stack of instances, cut the DNS over to the new stack of instances, and change the DNS back if a rollback is needed.

Answer: C

Explanation:
The Weighted Routing policy of Route53 can be used to direct a proportion of traffic to your application. The best option is to create a second CLB, attach the new Autoscaling Group and then use Route53 to divert the traffic.
Option B is wrong because just having EC2 instances running with the new code will not help.
Option C is wrong because Clastic beanstalk is good for development environments, and also there is no mention of having 2 environments where environment url's can be swapped.
Option D is wrong because you still need Route53 to split the traffic.
For more information on Route53 routing policies, please refer to the below link:
http://docs.aws.a mazon.com/Route53/latest/DeveloperGuide/routing-policy. html

 

NEW QUESTION 160
For AWS CloudFormation, which is true?

• A. Custom resources using Lambda and <code>Code.ZipFile</code> allow inline nodejs resource composition.
• B. Custom resources using SNS have a default timeout of 3 minutes.
• C. Custom resources using Lambda do not need a <code>ServiceToken</code>property
• D. Custom resources using SNS do not need a <code>ServiceToken</code> property.

Answer: A

Explanation:
Code is a property of the AWS::Lambda::Function resource that enables to you specify the source code of an AWS Lambda (Lambda) function. You can point to a file in an Amazon Simple Storage Service (Amazon S3) bucket or specify your source code as inline text (for nodejs runtime environments only).
Reference:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-customresources.html

 

NEW QUESTION 161
If you're trying to configure an AWS Elastic Beanstalk worker tier for easy debugging if there are problems
finishing queue jobs, what should you configure?

• A. ConfigureEnhanced Health Reporting.
• B. Configure a Dead Letter Queue.
• C. ConfigureRolling Deployments.
• D. ConfigureBlue-Green Deployments.

Answer: B

Explanation:
Explanation
The AWS documentation mentions the following on dead-letter queues
Amazon SQS supports dead-letter queues. A dead-letter queue is a queue that other (source) queues can target
for messages that can't be processed (consumed)
successfully. You can set aside and isolate these messages in the dead-letter queue to determine why their
processing doesn't succeed.
For more information on dead letter queues please visit the below link
http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.
html

 

NEW QUESTION 162
A DevOps Engineer is deploying a new web application. The company chooses AWS Elastic Beanstalk for deploying and managing the web application, and Amazon RDS MySQL to handle persistent data. The company requires that new deployments have minimal impact if they fail. The application resources must be at full capacity during deployment, and rolling back a deployment must also be possible.
Which deployment sequence will meet these requirements?

• A. Deploy the application using Elastic Beanstalk, and include RDS MySQL as part of the environment. Use Elastic Beanstalk immutable updates for application deployments.
• B. Deploy the application using Elastic Beanstalk, and connect to an external RDS MySQL instance using Elastic Beanstalk environment properties. Use Elastic Beanstalk immutable updates for application deployments.
• C. Deploy the application using Elastic Beanstalk and connect to an external RDS MySQL instance using Elastic Beanstalk environment properties. Use Elastic Beanstalk features for a blue/green deployment to deploy the new release to a separate environment, and then swap the CNAME in the two environments to redirect traffic to the new version.
• D. Deploy the application using Elastic Beanstalk, and include RDS MySQL as part of the environment. Use default Elastic Beanstalk behavior to deploy changes to the application, and let rolling updates deploy changes to the application.

Answer: B

 

NEW QUESTION 163
A company runs several applications across multiple AWS accounts in an organization in AWS Organizations.
Some of the resources are not tagged properly, and the company's finance team cannot determine which costs are associated with which applications. A DevOps engineer must remediate this issue and prevent this issue from happening in the future.
Which combination of actions should the DevOps engineer take to meet these requirements? (Select TWO.)

• A. Create and attach an SCP that requires a specific tag.
• B. Define each line of business (LOB) in AWS Budgets. Assign the required tag to each resource.
• C. Activate the user-defined cost allocation tags in each AWS account.
• D. Scan all accounts with Tag Editor. Assign the required tag to each resource.
• E. Use the budget report to find untagged resources. Assign the required tag to each resource.

Answer: B,D

 

NEW QUESTION 164
Your application stores sensitive information on an EBS volume attached to your EC2 instance.
How can you protect your information? Choose two answers from the options given below

• A. Copy the unencrypted snapshot and check the box to encrypt the new snapshot. Volumes restored from this encrypted snapshot will also be encrypted.
• B. Create and mount a new, encrypted Amazon EBS volume. Move the data to the new volume. Delete the old Amazon EBS volume.
• C. Unmount the EBS volume, take a snapshot and encrypt the snapshot. Re-mount the Amazon EBS volume
• D. It is not possible to encrypt an EBS volume, you must use a lifecycle policy to transfer data to S3 for encryption.

Answer: A,B

Explanation:
These steps are given in the AWS documentation
To migrate data between encrypted and unencrypted volumes
1) Create your destination volume (encrypted or unencrypted, depending on your need).
2) Attach the destination volume to the instance that hosts the data to migrate.
3) Make the destination volume available by following the procedures in Making an Amazon EBS Volume Available for Use. For Linux instances, you can create a mount point at /mnt/destination and mount the destination volume there.
4) Copy the data from your source directory to the destination volume. It may be most convenient to use a bulk-copy utility for this.
To encrypt a volume's data by means of snapshot copying
1) Create a snapshot of your unencrypted CBS volume. This snapshot is also unencrypted.
2) Copy the snapshot while applying encryption parameters. The resulting target snapshot is encrypted.
3) Restore the encrypted snapshot to a new volume, which is also encrypted.
For more information on EBS Encryption, please refer to the below document link: from AWS
http://docs.aws.a mazon.com/AWSEC2/latest/UserGuide/ EBSEncryption.html

 

NEW QUESTION 165
A company using AWS CodeCommit for source control wants to automate its continuous integration and continuous deployment pipeline on AWS in its development environment. The company has three requirements:
1. There must be a legal and a security review of any code change to make sure sensitive information is not leaked through the source code.
2. Every change must go through unit testing.
3. Every change must go through a suite of functional testing to ensure functionality.
In addition, the company has the following requirements for automation:
1. Code changes should automatically trigger the CI/CD pipellline.
2. Any failure in the pipeline should notify [email protected].
3. There must be an approval to stage the assets to Amazon S3 after tests have been performed.
What should a DevOps Engineer do to meet all of these requirements while following CI/CD best practices?

• A. Commit to the development branch and trigger AWS CodePipeline from the development branch. Make an individual stage in CodePipeline for security review, unit tests, functional tests, and manual approval.
  Use Amazon CloudWatch metrics to detect changes in pipeline stages and Amazon SES for emailing devops- [email protected].
• B. Commit to mainline and trigger AWS CodePipeline from mainline. Make an individual stage in CodePipeline for security review, unit tests, functional tests, and manual approval. Use Amazon CloudWatch Events to detect changes in pipeline stages and Amazon SES for emailing [email protected].
• C. Commit to mainline and trigge r AWS CodePipeline from mainline. Make an individual stage in CodePipeline for security review, unit tests, functional tests, and manual approval. Use AWS CloudTrail logs to detect changes in pipeline stages and Amazon SNS for emailing [email protected].
• D. Commit to the development branch and trigger AWS CodePipeline from the development branch. Make an individual stage in CodePipeline for security review, unit tests, functional tests, and manual approval.
  Use Amazon CloudWatch Events to detect changes in pipeline stages and Amazon SNS for emailing devops- [email protected].

Answer: D

 

NEW QUESTION 166
When building a Docker image, you are searching through a persistent data volume's logs to provide parameters for the next build. You execute the following command. Which of the operations will cause a failure of the Docker RUNcommand? RUN cat ./data/log/*.error | grep service_status | grep ERROR

• A. the cat command
• B. the second grep command
• C. the first grep command
• D. any one of them

Answer: B

Explanation:
Some RUN commands depend on the ability to pipe the output of one command into another, using the pipe character (|), as in the following example:
RUN wget -O - https://some.site | wc -l > /number
Docker executes these commands using the /bin/sh -c interpreter, which only evaluates the exit code of the last operation in the pipe to determine success. In the example above this build step succeeds and produces a new image so long as the wc -lcommand succeeds, even if the wget command fails.
Reference:
https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#run

 

NEW QUESTION 167
An application is running on Amazon EC2. It has an attached IAM role that is receiving an AccessDenied error while trying to access a SecureString parameter resource in the AWS Systems Manager Parameter Store. The SecureString parameter is encrypted with a customer- managed Customer Master Key (CMK), What steps should the DevOps Engineer take to grant access to the role while granting least privilege? (Select three.)

• A. Set kms:Decrypt for the customer-managed CMK resource in the role's IAM policy.
• B. Set kms:Decrypt for the parameter resource in the customer-managed CMK policy.
• C. Set ssm:DecryptParameter for the parameter resource in the instance role IAM policy.
• D. Set kms:GenerateDataKey for the user on the AWS managed SSM KMS key.
• E. Set kms:Decrypt for the instance role in the customer-managed CMK policy.
• F. Set ssm:GetParamter for the parameter resource in the instance role's IAM policy.

Answer: A,E,F

Explanation:
F is not right, no need to give access to the parameter resource.
Here we need below access:
1. Instance profile can get parameter from SSM, A provide
2. Instance profile can use CMK to decrypt the parameter, C provide
3. CMK policy allow instance to use CMK decrypt action, B provide

 

NEW QUESTION 168
According to Information Security Policy, changes to the contents of objects inside production Amazon S3 bucket that contain encrypted secrets should only be made by a trusted group of administrators. How should a DevOps Engineer create real-time, automated checks to meet this requirement?

• A. Create a periodic AWS Config rule to query Amazon S3 Logs for changes and to check the IAM user's membership in an administrator's IAM role.
• B. Create an AWS Lambda function that is triggered by Amazon S3 data events for object changes and that also checks the IAM user's membership in an administrator's IAM role.
• C. Create a periodic AWS Config rule to query AWS CloudTrail logs for changes to the Amazon S3 bucket-level permissions and to check the IAM user's membership in an administrator's IAM role.
• D. Create a metrics filter for Amazon CloudWatch logs to check for Amazon S3 bucket-level permission changes and to check the IAM user's membership in an administrator's IAM role.

Answer: B

 

NEW QUESTION 169
......

Updated Verified AWS-DevOps-Engineer-Professional Q&As - Pass Guarantee: https://officialdumps.realvalidexam.com/AWS-DevOps-Engineer-Professional-real-exam-dumps.html