AWS-Certified-DevOps-Engineer-Professional Exam - Amazon AWS Certified DevOps Engineer Professional

NEW QUESTION 1
Which status represents a failure state in AWS CIoudFormation?

• A. <code>UPDATE_COMPLETE_CLEANUP_IN_PROGRESS</code>
• B. <code>DELETE_COMPLETE_WITH_ARTIFACTS</code>
• C. <code>ROLLBACK_IN_PROGRESS</code>
• D. <code>ROLLBACK_FAILED</code>

Answer: C

Explanation:
ROLLBACK_IN_PROGRESS means an UpdateStack operation failed and the stack is in the process of trying to return to the valid, pre-update state. UPDATE_COMPLETE_CLEANUP_IN_PROGRESS means an update was successful, and CIoudFormation is deleting any replaced, no longer used resources. ROLLBACK_FA|LED is not a CloudFormation state (but UPDATE_ROLLBACK_FAILED is). DELETE_COMPLETE_W|TH_ART|FACTS does not exist at all.
Reference:
http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/using-cfn-updating-stacks.html

NEW QUESTION 2
You have an asynchronous processing application using an Auto Scaling Group and an SQS Queue. The Auto Scaling Group scales according to the depth of the job queue. The completion velocity of the jobs has gone down, the Auto Scaling Group size has maxed out, but the inbound job velocity did not increase. What is a possible issue?

• A. Some of the newjobs coming in are malformed and unprocessable.
• B. The routing tables changed and none of the workers can process events anymore.
• C. Someone changed the IAM Role Policy on the instances in the worker group and broke permissions to access the queue.
• D. The scaling metric is not functioning correctl

Answer: A

Explanation:
The IAM Role must be fine, as if it were broken, NO jobs would be processed since the system would never be able to get any queue messages. The same reasoning applies to the routing table change. The scaling metric is fine, as instance count increased when the queue depth increased due to more messages entering than exiting. Thus, the only reasonable option is that some of the recent messages must be malformed and unprocessable.
Reference:
https://github.com/andrew-templeton/cloudacademy/blob/fca920b45234bbe99cc0e8efb9c65134884dd48 9/questions/null

NEW QUESTION 3
What is the scope of an EBS snapshot?

• A. Availability Zone
• B. Placement Group
• C. Region
• D. VPC

Answer: C

Explanation:
An EBS snapshot is tied to its region and can only be used to create volumes in the same region. You can copy a snapshot from one region to another. For more information, see Copying an Amazon EBS Snapshot.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resources.htmI

NEW QUESTION 4
What does it mean if you have zero IOPS and a non-empty I/O queue for all EBS volumes attached to a running EC2 instance?

• A. The I/O queue is buffer flushing.
• B. Your EBS disk head(s) is/are seeking magnetic stripes.
• C. The EBS volume is unavailable.
• D. You need to re-mount the EBS volume in the O

Answer: C

Explanation:
This is the definition of Unavailable from the EC2 and EBS SLA.
"UnavaiIabIe" and "Unavai|abi|ity" mean... For Amazon EBS, when all of your attached volumes perform zero read write IO, with pending IO in the queue.
Reference: https://aws.amazon.com/ec2/s|a/

NEW QUESTION 5
For AWS CloudFormation, which is true?

• A. Custom resources using SNS have a default timeout of 3 minutes.
• B. Custom resources using SNS do not need a <code>ServiceToken</code> property.
• C. Custom resources using Lambda and <code>Code.ZipFiIe</code> allow inline nodejs resource composition.
• D. Custom resources using Lambda do not need a <code>ServiceToken</code>property

Answer: C

Explanation:
Code is a property of the AWS::Lambda::Function resource that enables to you specify the source code of an AWS Lambda (Lambda) function. You can point to a file in an Amazon Simple Storage Service (Amazon S3) bucket or specify your source code as inline text (for nodejs runtime environments only). Reference:
http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/template-custom-resources.html

NEW QUESTION 6
You need to perform ad-hoc analysis on log data, including searching quickly for specific error codes and reference numbers. Which should you evaluate first?

• A. AWS Elasticsearch Service
• B. AWS RedShift
• C. AWS EMR
• D. AWS DynamoDB

Answer: A

Explanation:
Amazon Elasticsearch Service (Amazon ES) is a managed service that makes it easy to deploy, operate, and scale Elasticsearch clusters in the AWS cloud. Elasticsearch is a popular open-source search and analytics engine for use cases such as log analytics, real-time application monitoring, and click stream analytics.
Reference:
http://docs.aws.amazon.com/elasticsearch-service/Iatest/developerguide/what-is-amazon-elasticsearch-s ervice.htmI

NEW QUESTION 7
You are creating a new API for video game scores. Reads are 100 times more common than writes, and the top 1% of scores are read 100 times more frequently than the rest of the scores. What's the best design for this system, using DynamoDB?

• A. DynamoDB table with 100x higher read than write throughput, with CloudFront caching.
• B. DynamoDB table with roughly equal read and write throughput, with CloudFront caching.
• C. DynamoDB table with 100x higher read than write throughput, with E|astiCache caching.
• D. DynamoDB table with roughly equal read and write throughput, with EIastiCache cachin

Answer: D

Explanation:
Because the 100x read ratio is mostly driven by a small subset, with caching, only a roughly equal number of reads to writes will miss the cache, since the supermajority will hit the top 1% scores. Knowing we need to set the values roughly equal when using caching, we select AWS EIastiCache, because CIoudFront cannot directly cache DynamoDB queries, and EIastiCache is an excellent in-memory cache for database queries, rather than a distributed proxy cache for content delivery.
One solution would be to cache these reads at the application layer. Caching is a technique that is used in many high-throughput applications, offloading read actMty on hot items to the cache rather than to the database. Your application can cache the most popular items in memory, or use a product such as EIastiCache to do the same.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/GuideIinesForTabIes.htmI#GuideIi nesForTabIes.CachePopuIarItem

NEW QUESTION 8
You are creating an application which stores extremely sensitive financial information. All information in
the system must be encrypted at rest and in transit. Which of these is a violation of this policy?

• A. ELB SSL termination.
• B. ELB Using Proxy Protocol v1.
• C. CIoudFront Viewer Protocol Policy set to HTTPS redirection.
• D. Telling S3 to use AES256 on the server-sid

Answer: A

Explanation:
Terminating SSL terminates the security of a connection over HTTP, removing the S for "Secure" in HTTPS. This violates the "encryption in transit" requirement in the scenario.
Reference:
http://docs.aws.amazon.com/E|asticLoadBaIancing/latest/DeveIoperGuide/elb-listener-config.htmI

NEW QUESTION 9
How does Amazon RDS multi Availability Zone model work?

• A. A second, standby database is deployed and maintained in a different availability zone from master, using synchronous replication.
• B. A second, standby database is deployed and maintained in a different availability zone from master using asynchronous replication.
• C. A second, standby database is deployed and maintained in a different region from master using asynchronous replication.
• D. A second, standby database is deployed and maintained in a different region from master using synchronous replication.

Answer: A

Explanation:
In a MuIti-AZ deployment, Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.Mu|tiAZ.htmI

NEW QUESTION 10
You need to perform ad-hoc business analytics queries on well-structured data. Data comes in constantly at a high velocity. Your business intelligence team can understand SQL. What AWS service(s) should you look to first?

• A. Kinesis Firehose + RDS
• B. Kinesis Firehose + RedShift
• C. EMR using Hive
• D. EMR running Apache Spark

Answer: B

Explanation:
Kinesis Firehose provides a managed service for aggregating streaming data and inserting it into RedShift. RedShift also supports ad-hoc queries over well-structured data using a SQL-compliant wire protocol, so the business team should be able to adopt this system easily.
Reference: https://aws.amazon.com/kinesis/firehose/detai|s/

NEW QUESTION 11
You are getting a lot of empty receive requests when using Amazon SQS. This is making a lot of unnecessary network load on your instances. What can you do to reduce this load?

• A. Subscribe your queue to an SNS topic instead.
• B. Use as long of a poll as possible, instead of short polls.
• C. Alter your visibility timeout to be shorter.
• D. Use <code>sqsd</code> on your EC2 instance

Answer: B

Explanation:
One benefit of long polling with Amazon SQS is the reduction of the number of empty responses, when there are no messages available to return, in reply to a ReceiveMessage request sent to an Amazon SQS queue. Long polling allows the Amazon SQS service to wait until a message is available in the queue before sending a response.
Reference:
http://docs.aws.amazon.com/AWSSimpIeQueueService/latest/SQSDeveIoperGuide/sqs-long-polling.html

NEW QUESTION 12
You have a high security requirement for your AWS accounts. What is the most rapid and sophisticated setup you can use to react to AWS API calls to your account?

• A. Subscription to AWS Config via an SNS Topi
• B. Use a Lambda Function to perform in-flight analysis and reactMty to changes as they occur.
• C. Global AWS CIoudTraiI setup delivering to S3 with an SNS subscription to the deliver notifications, pushing into a Lambda, which inserts records into an ELK stack for analysis.
• D. Use a CIoudWatch Rule ScheduIeExpression to periodically analyze IAM credential log
• E. Push the deltas for events into an ELK stack and perform ad-hoc analysis there.
• F. CIoudWatch Events Rules which trigger based on all AWS API calls, submitting all events to an AWS Kinesis Stream for arbitrary downstream analysis.

Answer: D

Explanation:
CloudWatch Events allow subscription to AWS API calls, and direction of these events into Kinesis Streams. This allows a unified, near real-time stream for all API calls, which can be analyzed with any tooI(s) of your choosing downstream.
Reference: http://docs.aws.amazon.com/AmazonCIoudWatch/latest/DeveloperGuide/EventTypes.htmI#api_event_ty pe

NEW QUESTION 13
Which deployment method, when using AWS Auto Scaling Groups and Auto Scaling Launch Configurations, enables the shortest time to live for indMdual sewers?

• A. Pre-baking AMIs with all code and configuration on deploys.
• B. Using a Dockerfile bootstrap on instance launch.
• C. Using UserData bootstrapping scripts.
• D. Using AWS EC2 Run Commands to dynamically SSH into fileet

Answer: A

Explanation:
Note that the bootstrapping process can be slower if you have a complex application or multiple applications to install. Managing a fileet of applications with several build tools and dependencies can be a challenging task during rollouts. Furthermore, your deployment service should be designed to do faster rollouts to take advantage of Auto Scaling. Prebaking is a process of embedding a significant portion of your application artifacts within your base AMI. During the deployment process you can customize application installations by using EC2 instance artifacts such as instance tags, instance metadata, and Auto Scaling groups.
Reference: https://d0.awsstatic.com/whitepapers/overview-of-deployment-options-on-aws.pdf

NEW QUESTION 14
You need your API backed by DynamoDB to stay online during a total regional AWS failure. You can tolerate a couple minutes of lag or slowness during a large failure event, but the system should recover with normal operation after those few minutes. What is a good approach?

• A. Set up DynamoDB cross-region replication in a master-standby configuration, with a single standby in another regio
• B. Create an Auto Scaling Group behind an ELB in each of the two regions DynamoDB is running i
• C. Add a Route53 Latency DNS Record with DNS Failover, using the ELBs in the two regions as the resource records.
• D. Set up a DynamoDB MuIti-Region tabl
• E. Create an Auto Scaling Group behind an ELB in each of the two regions DynamoDB is running i
• F. Add a Route53 Latency DNS Record with DNS Failover, using the ELBs in the two regions as the resource records.
• G. Set up a DynamoDB Mu|ti-Region tabl
• H. Create a cross-region ELB pointing to a cross-region Auto Scaling Group, and direct a Route53 Latency DNS Record with DNS Failover to the cross-region ELB.
• I. Set up DynamoDB cross-region replication in a master-standby configuration, with a single standby in another regio
• J. Create a cross-region ELB pointing to a cross-region Auto Scaling Group, and direct a Route53 Latency DNS Record with DNS Failover to the cross-region ELB.

Answer: A

Explanation:
There is no such thing as a cross-region ELB, nor such thing as a cross-region Auto Scaling Group, nor such thing as a DynamoDB Multi-Region Table. The only option that makes sense is the cross-regional replication version with two ELBs and ASGs with Route53 Failover and Latency DNS.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.CrossRegionRepI.htmI

NEW QUESTION 15
You need the absolute highest possible network performance for a cluster computing application. You already selected homogeneous instance types supporting 10 gigabit enhanced networking, made sure that your workload was network bound, and put the instances in a placement group. What is the last optimization you can make?

• A. Use 9001 MTU instead of 1500 for Jumbo Frames, to raise packet body to packet overhead ratios.
• B. Segregate the instances into different peered VPCs while keeping them all in a placement group, so each one has its own Internet Gateway.
• C. Bake an AMI for the instances and relaunch, so the instances are fresh in the placement group and donot have noisy neighbors.
• D. Turn off SYN/ACK on your TCP stack or begin using UDP for higher throughpu

Answer: A

Explanation:
For instances that are collocated inside a placement group, jumbo frames help to achieve the maximum network throughput possible, and they are recommended in this case. For more information, see Placement Groups.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/network_mtu.htm|#jumbo_frame_instances

NEW QUESTION 16
Your serverless architecture using AWS API Gateway, AWS Lambda, and AWS DynamoDB experienced a large increase in traffic to a sustained 400 requests per second, and dramatically increased in failure rates. Your requests, during normal operation, last 500 milliseconds on average. Your DynamoDB table did not exceed 50% of provisioned throughput, and Table primary keys are designed correctly. What is the most likely issue?

• A. Your API Gateway deployment is throttling your requests.
• B. Your AWS API Gateway Deployment is bottlenecking on request (de)seriaIization.
• C. You did not request a limit increase on concurrent Lambda function executions.
• D. You used Consistent Read requests on DynamoDB and are experiencing semaphore loc

Answer: C

Explanation:
AWS API Gateway by default throttles at 500 requests per second steady-state, and 1000 requests per second at spike. Lambda, by default, throttles at 100 concurrent requests for safety. At 500 milliseconds (half of a second) per request, you can expect to support 200 requests per second at 100 concurrency. This is less than the 400 requests per second your system now requires. Make a limit increase request via the AWS Support Console.
AWS Lambda: Concurrent requests safety throttle per account -> 100
Reference: http://docs.aws.amazon.com/generaI/latest/gr/aws_service_Iimits.htm|#|imits_|ambda

NEW QUESTION 17
Your CTO is very worried about the security of your AWS account. How best can you prevent hackers from completely hijacking your account?

• A. Use short but complex password on the root account and any administrators.
• B. Use AWS IAM Geo-Lock and disallow anyone from logging in except for in your city.
• C. Use MFA on all users and accounts, especially on the root account.
• D. Don't write down or remember the root account password after creating the AWS accoun

Answer: C

Explanation:
For increased security, we recommend that you configure multi-factor authentication (MFA) to help protect your AWS resources. MFA adds extra security because it requires users to enter a unique authentication code from an approved authentication device or SMS text message when they access AWS websites or services.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentiaIs_mfa.htmI

NEW QUESTION 18
For AWS Auto Scaling, what is the first transition state a new instance enters after leaving steady state when scaling out due to increased load?

• A. EnteringStandby
• B. Pending
• C. Terminating:Wait
• D. Detaching

Answer: B

Explanation:
When a scale out event occurs, the Auto Scaling group launches the required number of EC2 instances, using its assigned launch configuration. These instances start in the Pending state. If you add a lifecycle hook to your Auto Scaling group, you can perform a custom action here. For more information, see Lifecycle Hooks.
Reference: http://docs.aws.amazon.com/AutoScaling/latest/DeveIoperGuide/AutoScaIingGroupLifecycIe.html

NEW QUESTION 19
When thinking of DynamoDB, what are true of Local Secondary Key properties?

• A. Either the partition key or the sort key can be different from the table, but not both.
• B. Only the sort key can be different from the table.
• C. The partition key and sort key can be different from the table.
• D. Only the partition key can be different from the tabl

Answer: B

Explanation:
Global secondary index — an index with a partition key and a sort key that can be different from those on the table. A global secondary index is considered "gIobaI" because queries on the index can span all of the data in a table, across all partitions.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Secondarylndexes.htmI

NEW QUESTION 20
For AWS Auto Scaling, what is the first transition state an instance enters after leaving steady state when scaling in due to health check failure or decreased load?

• A. Terminating
• B. Detaching
• C. Terminating:Wait
• D. EnteringStandby

Answer: A

Explanation:
When Auto Scaling responds to a scale in event, it terminates one or more instances. These instances are detached from the Auto Scaling group and enter the Terminating state.
Reference: http://docs.aws.amazon.com/AutoScaling/latest/DeveIoperGuide/AutoScaIingGroupLifecycIe.html

NEW QUESTION 21
Your API requires the ability to stay online during AWS regional failures. Your API does not store any state, it only aggregates data from other sources - you do not have a database. What is a simple but effective way to achieve this uptime goal?

• A. Use a CloudFront distribution to serve up your AP
• B. Even if the region your API is in goes down, the edge locations CIoudFront uses will be fine.
• C. Use an ELB and a cross-zone ELB deployment to create redundancy across datacenter
• D. Even if a region fails, the other AZ will stay online.
• E. Create a Route53 Weighted Round Robin record, and if one region goes down, have that region redirect to the other region.
• F. Create a Route53 Latency Based Routing Record with Failover and point it to two identical deployments of your stateless API in two different region
• G. Make sure both regions use Auto Scaling Groups behind ELBs.

Answer: D

Explanation:
standard volumes, or Magnetic volumes, are best for: Cold workloads where data is infrequently accessed, or scenarios where the lowest storage cost is important.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVoIumeTypes.htmI

NEW QUESTION 22
Which of the following tools does not directly support AWS OpsWorks, for monitoring your stacks?

• A. AWS Config
• B. Amazon CIoudWatch Nletrics
• C. AWS CloudTraiI
• D. Amazon CIoudWatch Logs

Answer: A

Explanation:
You can monitor your stacks in the following ways: AWS OpsWorks uses Amazon CIoudWatch to provide thirteen custom metrics with detailed monitoring for each instance in the stack; AWS OpsWorks integrates with AWS CIoudTraiI to log every AWS OpsWorks API call and store the data in an Amazon S3 bucket; You can use Amazon CIoudWatch Logs to monitor your stack's system, application, and custom logs. Reference: http://docs.aws.amazon.com/opsworks/latest/userguide/monitoring.htmI

NEW QUESTION 23
......