Tips to Pass AWS-Certified-DevOps-Engineer-Professional Exam (21 to 30)

Ucertify AWS-Certified-DevOps-Engineer-Professional Questions are updated and all AWS-Certified-DevOps-Engineer-Professional answers are verified by experts. Once you have completely prepared with our AWS-Certified-DevOps-Engineer-Professional exam prep kits you will be ready for the real AWS-Certified-DevOps-Engineer-Professional exam without a problem. We have Most recent Amazon AWS-Certified-DevOps-Engineer-Professional dumps study guide. PASSED AWS-Certified-DevOps-Engineer-Professional First attempt! Here What I Did.

2017 NEW RECOMMEND

Free VCE & PDF File for Amazon AWS-Certified-DevOps-Engineer-Professional Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW AWS-Certified-DevOps-Engineer-Professional Exam Dumps (PDF & VCE):
Available on:
http://www.certleader.com/AWS-Certified-DevOps-Engineer-Professional-dumps.html

Q21. For AWS CIoudFormation, which stack state refuses UpdateStack calls?

A. <code>UPDATE_ROLLBACK_FAILED</code>

B. <code>UPDATE_ROLLBACK_COMPLETE</code>

C. <code>UPDATE_CONIPLETE</code>

D. <code>CREATE_COMPLETE</code> 

Answer: A

Explanation:

When a stack is in the UPDATE_ROLLBACK_FA|LED state, you can continue rolling it back to return it to a working state (to UPDATE_ROLLBACK_COMPLETE). You cannot update a stack that is in the UPDATE_ROLLBACK_FA|LED state. However, if you can continue to roll it back, you can return the  stack to its original settings and try to update it again.

Reference:

http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/using-cfn-updating-stacks-continueu pdateroIIback.htmI

Q22. You run accounting software in the AWS cloud. This software needs to be online continuously during the day every day of the week, and has a very static requirement for compute resources. You also have other, unrelated batch jobs that need to run once per day at any time of your choosing. How should you minimize cost?

A. Purchase a Heavy Utilization Reserved Instance to run the accounting software. Turn it off after hours. Run the batch jobs with the same instance class, so the Reserved Instance credits are also applied to the batch jobs.

B. Purchase a Medium Utilization Reserved Instance to run the accounting software. Turn it off after hours. Run the batch jobs with the same instance class, so the Reserved Instance credits are also applied to the batch jobs.

C. Purchase a Light Utilization Reserved Instance to run the accounting software. Turn it off after hours. Run the batch jobs with the same instance class, so the Reserved Instance credits are also applied to the batch jobs.

D. Purchase a Full Utilization Reserved Instance to run the accounting software. Turn it off after hours. Run the batch jobs with the same instance class, so the Reserved Instance credits are also applied to the batch jobs.

Answer:

Explanation:

Because the instance will always be online during the day, in a predictable manner, and there are a sequence of batch jobs to perform at any time, we should run the batch jobs when the account software is off. We can achieve Heavy Utilization by alternating these times, so we should purchase the reservation as such, as this represents the lowest cost. There is no such thing a "FuII" level utilization purchases on EC2.

Reference:       https://d0.awsstatic.com/whitepapers/Cost_Optimization_with_AWS.pdf

Q23. Your CTO thinks your AWS account was hacked. What is the only way to know for certain if there was unauthorized access and what they did, assuming your hackers are very sophisticated AWS engineers and doing everything they can to cover their tracks?

A. Use CloudTrai| Log File Integrity Validation.

B. Use AWS Config SNS Subscriptions and process events in real time.

C. Use CIoudTraiI backed up to AWS S3 and Glacier.

D. Use AWS Config Timeline forensics. 

Answer: A

Explanation:

You must use CloudTraiI Log File Validation (default or custom implementation), as any other tracking method is subject to forgery in the event of a full account compromise by sophisticated enough hackers. Validated log files are invaluable in security and forensic investigations. For example, a validated log file enables you to assert positively that the log file itself has not changed, or that particular user credentials performed specific API actMty. The CIoudTraiI log file integrity validation process also lets you know if a log file has been deleted or changed, or assert positively that no log files were delivered to your account during a given period of time.

Reference:

http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-fiIe-validation-intro.html

Q24. From a compliance and security perspective, which of these statements is true?

A. You do not ever need to rotate access keys for AWS IAM Users.

B. You do not ever need to rotate access keys for AWS IAM Roles, nor AWS IAM Users.

C. None of the other statements are true.

D. You do not ever need to rotate access keys for AWS IAM Roles. 

Answer: D

Explanation:

IAM Role Access Keys are auto-rotated by AWS on your behalf; you do not need to rotate them.

The application is granted the permissions for the actions and resources that you've defined for the role through the security credentials associated with the role. These security credentials are temporary and we

rotate them automatically. We make new credentials available at least five minutes prior to the expiration of the old credentials.

Reference:        http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

Q25. You are building out a layer in a software stack on AWS that needs to be able to scale out to react to increased demand as fast as possible. You are running the code on EC2 instances in an Auto Scaling Group behind an ELB. Which application code deployment method should you use?

A. SSH into new instances that come online, and deploy new code onto the system by pulling it from an S3 bucket, which is populated by code that you refresh from source control on new pushes.

B. Bake an AMI when deploying new versions of code, and use that AMI for the Auto Scaling Launch Configuration.

C. Create a Dockerfile when preparing to deploy a new version to production and publish it to S3. Use UserData in the Auto Scaling Launch configuration to pull down the Dockerfile from S3 and run it when new instances launch.

D. Create a new Auto Scaling Launch Configuration with UserData scripts configured to pull the latest code at all times.

Answer:

Explanation:

the bootstrapping process can be slower if you have a complex application or multiple applications to install. Managing a fileet of applications with several build tools and dependencies can be a challenging task during rollouts. Furthermore, your deployment service should be designed to do faster rollouts to take advantage of Auto Scaling.

Reference:        https://d0.awsstatic.com/whitepapers/overview-of-deployment-options-on-aws.pdf

Q26. Your application consists of 10% writes and 90% reads. You currently service all requests through a Route53 Alias Record directed towards an AWS ELB, which sits in front of an EC2 Auto Scaling Group. Your system is getting very expensive when there are large traffic spikes during certain news events, during which many more people request to read similar data all at the same time. What is the simplest  and cheapest way to reduce costs and scale with spikes like this?

A. Create an S3 bucket and asynchronously replicate common requests responses into S3 objects. When a request comes in for a precomputed response, redirect to AWS S3.

B. Create another ELB and Auto Scaling Group layer mounted on top of the other system, adding a tier to the system. Serve most read requests out of the top layer.

C. Create a CloudFront Distribution and direct Route53 to the Distribution. Use the ELB as an Origin and specify Cache Behaviours to proxy cache requests which can be served late.

D. Create a Memcached cluster in AWS EIastiCache. Create cache logic to serve requests which can be served late from the in-memory cache for increased performance.

Answer: C

Explanation:

CIoudFront is ideal for scenarios in which entire requests can be served out of a cache and usage patterns involve heavy reads and spikiness in demand.

A cache behavior is the set of rules you configure for a given URL pattern based on file extensions, file names, or any portion of a URL path on your website (e.g., *.jpg). You can configure multiple cache behaviors for your web distribution. Amazon CIoudFront will match incoming viewer requests with your list of URL patterns, and if there is a match, the service will honor the cache behavior you configure for that URL pattern. Each cache behavior can include the following Amazon CIoudFront configuration values: origin server name, viewer connection protocol, minimum expiration period, query string parameters, cookies, and trusted signers for private content.

Reference:     https://aws.amazon.com/Cloudfront/dynamic-content/

Q27. To monitor API calls against our AWS account by different users and entities, we can use to create a history of calls in bulk for later review, and use for reacting to AWS API calls in real-time.

A. AWS Config; AWS Inspector

B. AWS CIoudTraiI; AWS Config

C. AWS CIoudTraiI; CIoudWatch Events

D. AWS Config; AWS Lambda 

Answer: C

Explanation:

CIoudTraiI is a batch API call collection service, CIoudWatch Events enables real-time monitoring of calls through the Rules object interface.

Reference:       https://aws.amazon.com/whitepapers/security-at-scaIe-governance-in-aws/

Q28. You are building a mobile app for consumers to post cat pictures online. You will be storing the images in AWS S3. You want to run the system very cheaply and simply. Which one of these options allows you to build a photo sharing application without needing to worry about scaling expensive uploads processes,

authentication/authorization and so forth?

A. Build the application out using AWS Cognito and web identity federation to allow users to log in using Facebook or Google Accounts. Once they are logged in, the secret token passed to that user is used to directly access resources on AWS, like AWS S3.

B. Use JWT or SANIL compliant systems to build authorization policies. Users log in with a username and password, and are given a token they can use indefinitely to make calls against the photo infrastructure.

C. Use AWS API Gateway with a constantly rotating API Key to allow access from the client-side. Construct a custom build of the SDK and include S3 access in it.

D. Create an AWS oAuth Service Domain ad grant public signup and access to the domain. During setup, add at least one major social media site as a trusted Identity Provider for users.

Answer:

Explanation:

The short answer is that Amazon Cognito is a superset of the functionality provided by web identity federation. It supports the same providers, and you configure your app and authenticate with those providers in the same way. But Amazon Cognito includes a variety of additional features. For example, it enables your users to start using the app as a guest user and later sign in using one of the supported identity providers.

Reference:

https://bIogs.aws.amazon.com/security/post/Tx3SYCORF5EKRCO/How-Does-Amazon-Cognito-Relate-to

-Existing-Web-Identity-Federatio

Q29. If I want CIoudFormation stack status updates to show up in a continuous delivery system in as close to real time as possible, how should I achieve this?

A. Use a long-poll on the Resources object in your CIoudFormation stack and display those state changes

in the UI for the system.

B. Use a long-poll on the <code>ListStacks</code>API call for your CIoudFormation stack and display those state changes in the UI for the system.

C. Subscribe your continuous delivery system to an SNS topic that you also tell your CIoudFormation stack to publish events into.

D. Subscribe your continuous delivery system to an SQS queue that you also tell your CIoudFormation stack to publish events into.

Answer:

Explanation:

Use NotificationARNs.member.N when making a CreateStack call to push stack events into SNS in nearly real-time.

Reference:

http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/using-cfn-updating-stacks-monitor-s tack.htmI

Q30. You need to scale an RDS deployment. You are operating at 10% writes and 90% reads, based on your logging. How best can you scale this in a simple way?

A. Create a second master RDS instance and peer the RDS groups.

B. Cache all the database responses on the read side with CIoudFront.

C. Create read replicas for RDS since the load is mostly reads.

D. Create a Multi-AZ RDS installs and route read traffic to standby. 

Answer: C

Explanation:

The high-availability feature is not a scaling solution for read-only scenarios; you cannot use a standby replica to serve read traffic. To service read-only traffic, you should use a Read Replica. For more information, see Working with PostgreSQL, MySQL, and NIariaDB Read Replicas.

Reference:        http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.NIuItiAZ.htmI

Certleader Dumps
Certleader is a company specialized on providing high quality IT exam materials and fully committed to assist our respected clients crack any IT certification tests on their 1st efforts.