AWS-Certified-DevOps-Engineer-Professional | Exact AWS-Certified-DevOps-Engineer-Professional Dumps 2021

NEW QUESTION 1
Your appIication's Auto Scaling Group scales up too quickly, too much, and stays scaled when traffic decreases. What should you do to fix this?

• A. Set a longer cooldown period on the Group, so the system stops overshooting the target capacit
• B. The issue is that the scaling system doesn't allow enough time for new instances to begin servicing requests before measuring aggregate load again.
• C. Calculate the bottleneck or constraint on the compute layer, then select that as the new metric, and set the metric thresholds to the bounding values that begin to affect response latency.
• D. Raise the CIoudWatch Alarms threshold associated with your autoscaling group, so the scaling takes more of an increase in demand before beginning.
• E. Use larger instances instead of lots of smaller ones, so the Group stops scaling out so much and wasting resources as the OS level, since the OS uses a higher proportion of resources on smaller instances.

Answer: B

Explanation: Systems will always over-scale unless you choose the metric that runs out first and becomes constrained first. You also need to set the thresholds of the metric based on whether or not latency is affected by the change, tojustify adding capacity instead of wasting money.
Reference: http://docs.aws.amazon.com/AutoSca|ing/latest/DeveIoperGuide/poIicy_creating.htmI

NEW QUESTION 2
Which of these is not a reason a Mu|ti-AZ RDS instance will failover?

• A. An Availability Zone outage
• B. A manual failover of the DB instance was initiated using Reboot with failover
• C. To autoscale to a higher instance class
• D. The primary DB instance fails

Answer: C

Explanation: The primary DB instance switches over automatically to the standby replica if any of the > following conditions occur: An Availability Zone outage, the primary DB instance fails, the DB instance's server type is changed, the operating system of the DB instance is, undergoing software patching, a manual failover
of the DB instance was initiated using Reboot with failover
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.Mu|tiAZ.htmI

NEW QUESTION 3
For AWS CloudFormation, which is true?

• A. Custom resources using SNS have a default timeout of 3 minutes.
• B. Custom resources using SNS do not need a <code>ServiceToken</code> property.
• C. Custom resources using Lambda and <code>Code.ZipFiIe</code> allow inline nodejs resource composition.
• D. Custom resources using Lambda do not need a <code>ServiceToken</code>property

Answer: C

Explanation: Code is a property of the AWS::Lambda::Function resource that enables to you specify the source code of an AWS Lambda (Lambda) function. You can point to a file in an Amazon Simple Storage Service (Amazon S3) bucket or specify your source code as inline text (for nodejs runtime environments only). Reference:
http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/template-custom-resources.html

NEW QUESTION 4
You are building a game high score table in DynamoDB. You will store each user's highest score for each game, with many games, all of which have relatively similar usage levels and numbers of players. You need to be able to look up the highest score for any game. What's the best DynamoDB key structure?

• A. HighestScore as the hash / only key.
• B. GameID as the hash key, HighestScore as the range key.
• C. GameID as the hash / only key.
• D. GameID as the range / only ke

Answer: B

Explanation: Since access and storage for games is uniform, and you need to have ordering within each game for the scores (to access the highest value), your hash (partition) key should be the GameID, and there should be a range key for HighestScore.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/GuideIinesForTabIes.htmI#GuideIi nesForTabIes.Partitions

NEW QUESTION 5
You are building a deployment system on AWS. You will deploy new code by bootstrapping instances in a private subnet in a VPC at runtime using UserData scripts pointing to an S3 zip file object, where your code is stored. An ELB in a public subnet has network interfaces and connectMty to the instances. Requests from users of the system are routed to the ELB via a Route53 A Record Alias. You do not use any VPC endpoints. Which is a risk of using this approach?

• A. Route53 Alias records do not always update dynamically with ELB network changes after deploys.
• B. If the NAT routing for the private subnet fails, deployments fail.
• C. Kernel changes to the base AMI may render the code inoperable.
• D. The instances cannot be in a private subnet if the ELB is in a public on

Answer: B

Explanation: Since you are not using VPC endpoints, outbound requests for the code sitting in S3 are routed though the NAT for the VPC's private subnets. If this networking fails, runtime bootstrapping through code
download will fail due to network unavailability and lack of access to the Internet, and thus Amazon S3. Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html

NEW QUESTION 6
Which of these techniques enables the fastest possible rollback times in the event of a failed deployment?

• A. Rolling; Immutable
• B. Rolling; Mutable
• C. Canary or A/B
• D. Blue-Green

Answer: D

Explanation: AWS specifically recommends Blue-Green for super-fast, zero-downtime deploys - and thus rollbacks, which are redeploying old code.
You use various strategies to migrate the traffic from your current application stack (blue) to a new version of the application (green). This is a popular technique for deploying applications with zero downtime. Reference: https://d0.awsstatic.com/whitepapers/overview-of-deployment-options-on-aws.pdf

NEW QUESTION 7
You were just hired as a DevOps Engineer for a startup. Your startup uses AWS for 100% of their infrastructure. They currently have no automation at all for deployment, and they have had many failures while trying to deploy to production. The company has told you deployment process risk mitigation is the most important thing now, and you have a lot of budget fortools and AWS resources.
Their stack: 2-tier API
Data stored in DynamoDB or S3, depending on type Compute layer is EC2 in Auto Scaling Groups They use Route53 for DNS pointing to an ELB
An ELB balances load across the EC2 instances
The scaling group properly varies between 4 and 12 EC2 sewers.
Which of the following approaches, given this company's stack and their priorities, best meets the company's needs?

• A. Model the stack in AWS Elastic Beanstalk as a single Application with multiple Environment
• B. Use Elastic BeanstaIk's Rolling Deploy option to progressively roll out application code changes when promoting across environments.
• C. Model the stack in 3 CIoudFormation templates: Data layer, compute layer, and networking laye
• D. Write stack deployment and integration testing automation following Blue-Green methodologies.
• E. Model the stack in AWS OpsWorks as a single Stack, with 1 compute layer and its associated EL
• F. Use Chef and App Deployments to automate Rolling Deployment.
• G. Model the stack in 1 CIoudFormation template, to ensure consistency and dependency graph resolutio
• H. Write deployment and integration testing automation following Rolling Deployment methodologies.

Answer: B

Explanation: AWS recommends Blue-Green for zero-downtime deploys. Since you use DynamoDB, and neither AWS OpsWorks nor AWS Elastic Beanstalk directly supports DynamoDB, the option selecting CloudFormation and Blue-Green is correct.
You use various strategies to migrate the traffic from your current application stack (blue) to a new version of the application (green). This is a popular technique for deploying applications with zero downtime. The deployment services like AWS Elastic Beanstalk, AWS CIoudFormation, or AWS OpsWorks are particularly useful as they provide a simple way to clone your running application stack. You can set up a
new version of your application (green) by simply cloning current version of the application (blue). Reference: https://d0.awsstatic.com/whitepapers/overview-of-deployment-options-on-aws.pdf

NEW QUESTION 8
What is the maximum supported single-volume throughput on EBS?

• A. 320IV|iB/s
• B. 160MiB/s
• C. 40MiB/s
• D. 640MiB/s

Answer: A

Explanation: The ceiling throughput for PIOPS on EBS is 320MiB/s.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVo|umeTypes.htm| IIIIIEZIIII HWS-IIEIIII|]S-EII§iII|}|}I‘-PI‘0I|}SSi0IIilI EIIEIII

NEW QUESTION 9
You run a 2000-engineer organization. You are about to begin using AWS at a large scale for the first time. You want to integrate with your existing identity management system running on Microsoft Active Directory, because your organization is a power-user of Active Directory. How should you manage your AWS identities in the most simple manner?

• A. Use a large AWS Directory Service Simple AD.
• B. Use a large AWS Directory Service AD Connector.
• C. Use an Sync Domain running on AWS Directory Service.
• D. Use an AWS Directory Sync Domain running on AWS Lambda

Answer: B

Explanation: You must use AD Connector as a power-user of Microsoft Active Directory. Simple AD only works with a subset of AD functionality. Sync Domains do not exist; they are made up answers.
AD Connector is a directory gateway that allows you to proxy directory requests to your on-premises Nlicrosoft Active Directory, without caching any information in the cloud. AD Connector comes in 2 sizes; small and large. A small AD Connector is designed for smaller organizations of up to 500 users. A large AD Connector is designed for larger organizations of up to 5,000 users.
Reference: https://aws.amazon.com/directoryservice/detaiIs/

NEW QUESTION 10
Why are more frequent snapshots or EBS Volumes faster?

• A. Blocks in EBS Volumes are allocated lazily, since while logically separated from other EBS Volumes, Volumes often share the same physical hardwar
• B. Snapshotting the first time forces full block range allocation, so the second snapshot doesn't need to perform the allocation phase and is faster.
• C. The snapshots are incremental so that only the blocks on the device that have changed after your last snapshot are saved in the new snapshot.
• D. AWS provisions more disk throughput for burst capacity during snapshots if the drive has been pre-warmed by snapshotting and reading all blocks.
• E. The drive is pre-warmed, so block access is more rapid for volumes when every block on the device has already been read at least one time.

Answer: B

Explanation: After writing data to an EBS volume, you can periodically create a snapshot of the volume to use as a baseline for new volumes or for data backup. If you make periodic snapshots of a volume, the snapshots are incremental so that only the blocks on the device that have changed after your last snapshot are saved in the new snapshot. Even though snapshots are saved incrementally, the snapshot deletion process is designed so that you need to retain only the most recent snapshot in order to restore the volume.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-creating-snapshot.html

NEW QUESTION 11
What is the scope of AWS IAM?

• A. Global
• B. Availability Zone
• C. Region
• D. Placement Group

Answer: A

Explanation: IAM resources are all global; there is not regional constraint. Reference: https://aws.amazon.com/iam/faqs/

NEW QUESTION 12
For AWS Auto Scaling, what is the first transition state an instance enters after leaving steady state when scaling in due to health check failure or decreased load?

• A. Terminating
• B. Detaching
• C. Terminating:Wait
• D. EnteringStandby

Answer: A

Explanation: When Auto Scaling responds to a scale in event, it terminates one or more instances. These instances are detached from the Auto Scaling group and enter the Terminating state.
Reference: http://docs.aws.amazon.com/AutoScaling/latest/DeveIoperGuide/AutoScaIingGroupLifecycIe.html

NEW QUESTION 13
Your team wants to begin practicing continuous delivery using CIoudFormation, to enable automated builds and deploys of whole, versioned stacks or stack layers. You have a 3-tier, mission-critical system. Which of the following is NOT a best practice for using CIoudFormation in a continuous delivery environment?

• A. Use the AWS CIoudFormation <code>VaIidateTempIate</code> call before publishing changes to AWS.
• B. ModeI your stack in one template, so you can leverage CIoudFormation's state management and dependency resolution to propagate all changes.
• C. Use CIoudFormation to create brand new infrastructure for all stateless resources on each push, and run integration tests on that set of infrastructure.
• D. Parametrize the template and use <code>Mappings</code> to ensure your template works in multiple Regions.

Answer: B

Explanation: Putting all resources in one stack is a bad idea, since different tiers have different life cycles and frequencies of change. For additional guidance about organizing your stacks, you can use two common frameworks: a multi-layered architecture and service-oriented architecture (SOA).
Reference:
http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/best-practices.htmI#organizingstack

NEW QUESTION 14
Which of the following tools does not directly support AWS OpsWorks, for monitoring your stacks?

• A. AWS Config
• B. Amazon CIoudWatch Nletrics
• C. AWS CloudTraiI
• D. Amazon CIoudWatch Logs

Answer: A

Explanation: You can monitor your stacks in the following ways: AWS OpsWorks uses Amazon CIoudWatch to provide thirteen custom metrics with detailed monitoring for each instance in the stack; AWS OpsWorks integrates with AWS CIoudTraiI to log every AWS OpsWorks API call and store the data in an Amazon S3 bucket; You can use Amazon CIoudWatch Logs to monitor your stack's system, application, and custom logs. Reference: http://docs.aws.amazon.com/opsworks/latest/userguide/monitoring.htmI

NEW QUESTION 15
When thinking of AWS Elastic BeanstaIk's model, which is true?

• A. Applications have many deployments, deployments have many environments.
• B. Environments have many applications, applications have many deployments.
• C. Applications have many environments, environments have many deployments.
• D. Deployments have many environments, environments have many application

Answer: C

Explanation: Applications group logical services. Environments belong to Applications, and typically represent different deployment levels (dev, stage, prod, fo forth). Deployments belong to environments, and are pushes of bundles of code for the environments to run.
Reference: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/NeIcome.html

NEW QUESTION 16
When thinking of DynamoDB, what are true of Local Secondary Key properties?

• A. Either the partition key or the sort key can be different from the table, but not both.
• B. Only the sort key can be different from the table.
• C. The partition key and sort key can be different from the table.
• D. Only the partition key can be different from the tabl

Answer: B

Explanation: Global secondary index — an index with a partition key and a sort key that can be different from those on the table. A global secondary index is considered "gIobaI" because queries on the index can span all of the data in a table, across all partitions.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Secondarylndexes.htmI

NEW QUESTION 17
When thinking of DynamoDB, what are true of Global Secondary Key properties?

• A. The partition key and sort key can be different from the table.
• B. Only the partition key can be different from the table.
• C. Either the partition key or the sort key can be different from the table, but not both.
• D. Only the sort key can be different from the tabl

Answer: A

Explanation: Global secondary index — an index with a partition key and a sort key that can be different from those on the table. A global secondary index is considered "gIobaI" because queries on the index can span all of the data in a table, across all partitions.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Secondarylndexes.html

NEW QUESTION 18
You need your CI to build AMIs with code pre-installed on the images on every new code push. You need to do this as cheaply as possible. How do you do this?

• A. Bid on spot instances just above the asking price as soon as new commits come in, perform all instance configuration and setup, then create an AMI based on the spot instance.
• B. Have the CI launch a new on-demand EC2 instance when new commits come in, perform all instance configuration and setup, then create an AMI based on the on-demand instance.
• C. Purchase a Light Utilization Reserved Instance to save money on the continuous integration machin
• D. Use these credits whenever your create AMIs on instances.
• E. When the CI instance receives commits, attach a new EBS volume to the CI machin
• F. Perform all setup on this EBS volume so you don't need a new EC2 instance to create the AMI.

Answer: A

Explanation: Spot instances are the cheapest option, and you can use minimum run duration if your AMI takes more than a few minutes to create.
Spot instances are also available to run for a predefined duration — in hourly increments up to six hours in length — at a significant discount (30-45%) compared to On-Demand pricing plus an additional 5% during off-peak timesl for a total of up to 50% savings.
Reference: https://aws.amazon.com/ec2/spot/pricing/