AWS DevOps Engineer Professional Exam Practice Questions – 8

Posted on By DesiBanjara No Comments on AWS DevOps Engineer Professional Exam Practice Questions – 8

Amazon AWS DevOps Engineer Professional Exam Practice Questions

Below are some Free practice questions for Amazon AWS Certification Exam – AWS DevOps Engineer Professional Exam which can help you to prepare for exam and pass with good marks. These are not real exam questions but similar to the questions you can get in exam so practicing these question will boost your confidence.

Question -38

A company used AWS CloudFormation to deploy a three-tier web application that stores data in an Amazon RDS MySOL Multi-AZ DB instance. A DevOps
Engineer must upgrade the RDS instance to the latest major version of MySQL while incurring minimal downtime.

How should the Engineer upgrade the instance while minimizing downtime?

A. Update the EngineVersion property of the AWS::RDS::DBInstance resource type in the CloudFormation template to the latest desired version. Launch a second stack and make the new RDS instance a read replica.

B. Update the DBEngineVersion property of the AWS:: RDS::DBInstance resource type in the CloudFormation template to the latest desired version. Perform an Update Stack operation. Create a new RDS Read Replicas resource with the same properties as the instance to be upgraded. Perform a second Update Stack operation.

C. Update the DBEngineVersion property of the AWS::RDS::DBInstance resource type in the CloudFormation template to the latest desired version. Create a new RDS Read Replicas resource with the same properties as the instance to be upgraded. Perform an Update Stack operation.

D. Update the EngineVersion property of the AWS::RDS::DBInstance resource type in the CloudFormation template to the latest version, and perform an operation. Update Stack

Correct Answer: A

Reference:

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html


Question -39

A retail company has adopted AWS OpsWorks for managing its deployments. In the last three months, the company has discovered that some production instances have been restarting without reason. Upon inspection of the AWS CloudTrail logs, a DevOps Engineer determined that those instances were restarted by OpsWorks. The Engineer now wants automated email notifications whenever OpsWorks restarts an instance when the instance is deemed unhealthy or unable to communicate with the service endpoint.
How can the Engineer meet this requirement?

A. Create a Chef recipe to place a cron to run a custom script within the Amazon EC2 instances that sends an email to the team by using Amazon SES if the OpsWorks agent detects an instance failure.

B. Create an Amazon SNS topic and create a subscription for this topic that contains the destination email address. Create an Amazon CloudWatch rule: specify as a source and specify auto-healing in the initiated_by details. Use the SNS topic as a target. aws.opsworks

C. Create an Amazon SNS topic and create a subscription for this topic that contains the destination email address. Create an Amazon CloudWatch rule specify as a source and specify instance-replacement in the initiated_by details. Use the SNS topic as a target. aws.opsworks

D. Create a subscription for this topic that contains the email address. Enable instance restart notifications within the OpsWorks layer and indicate the destination email address for the notification.

Correct Answer: B

Reference:

https://aws.amazon.com/premiumsupport/knowledge-center/opsworks-unexpected-start-instance/



Question -40

A healthcare services company is concerned about the growing costs of software licensing for an application for monitoring patient wellness. The company wants to create an audit process to ensure that the application is running exclusively on Amazon EC2 Dedicated Hosts. A DevOps Engineer must create a workflow to audit the application to ensure compliance.
What steps should the Engineer take to meet this requirement with the LEAST administrative overhead?

A. Use AWS Systems Manager Configuration Compliance. Use calls to the put-compliance- items API action to scan and build a database of noncompliant EC2 instances based on their host placement configuration. Use an Amazon DynamoDB table to store these instance IDs for fast access. Generate a report through Systems Manager by calling the list-compliance- summaries API action.

B. Use custom Java code running on an EC2 instance. Set up EC2 Auto Scaling for the instance depending on the number of instances to be checked. Send the list of noncompliant EC2 instance IDs to an Amazon SQS queue. Set up another worker instance to process instance IDs from the SQS queue and write them to Amazon DynamoDB. Use an AWS Lambda function to terminate noncompliant instance IDs obtained from the queue, and send them to an Amazon SNS email topic for distribution.

C. Use AWS Config. Identify all EC2 instances to be audited by enabling Config Recording on all Amazon EC2 resources for the region. Create a custom AWS Config rule that triggers an AWS Lambda function by using the “config-rule-change-triggered” blueprint. Modify the Lambda evaluateCompliance () function to verify host placement to return a NON_COMPLIANT result if the instance is not running on an EC2 Dedicated Host. Use the AWS Config report to address noncompliant instances.

D. Use AWS CloudTrail. Identify all EC2 instances to be audited by analyzing all calls to the EC2 RunCommand API action. Invoke an AWS Lambda function that analyzes the host placement of the instance. Store the EC2 instance ID of noncompliant resources in an Amazon RDS MySOL DB instance. Generate a report by querying the RDS instance and exporting the query results to a CSV text file.

Correct Answer: C

Reference:

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-aws-config.html

https://aws.amazon.com/about-aws/whats-new/2015/11/use-aws-config-to-track-ec2-instances-on-dedicated-hosts-and-assess-license-compliance/



Question -41

According to Information Security Policy, changes to the contents of objects inside production Amazon S3 bucket that contain encrypted secrets should only be made by a trusted group of administrators.
How should a DevOps Engineer create real-time, automated checks to meet this requirement?

A. Create an AWS Lambda function that is triggered by Amazon S3 data events for object changes and that also checks the IAM user’s membership in an administrator’s IAM role.

B. Create a periodic AWS Config rule to query Amazon S3 Logs for changes and to check the IAM user’s membership in an administrator’s IAM role.

C. Create a metrics filter for Amazon CloudWatch logs to check for Amazon S3 bucket-level permission changes and to check the IAM user’s membership in an administrator’s IAM role.

D. Create a periodic AWS Config rule to query AWS CloudTrail logs for changes to the Amazon S3 bucket-level permissions and to check the IAM user’s membership in an administrator’s IAM role.

Correct Answer: A

You can send S3 events to lambda: https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html



Previous->AWS DevOps Engineer Professional Exam Practice Questions – 7

Next->AWS DevOps Engineer Professional Exam Practice Questions – 9



More Amazon AWS Certification Exam Questions:

Previous->AWS DevOps Engineer Professional Exam Practice Questions

Microsoft AZ-900 Certification Exam Practice Questions – Part 1

Microsoft AZ-220 Certification Exam Practice Questions – Part 1

Sample Exam Questions 6: AZ-300: Microsoft Azure Architect Technologies

Sample Exam Questions 5: AZ-300: Microsoft Azure Architect Technologies



AWS DevOps Engineer Professional Exam Tags:, , , , , , , , , , , , ,

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.