CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS-DEVOPS-ENGINEER-PROFESSIONAL

Free AWS-DEVOPS-ENGINEER-PROFESSIONAL Exam Braindumps (page: 10)

Page 10 of 53
PDF with 208 Questions

A company is building a solution for storing les containing Personally Identi able Information (PII) on AWS.
Requirements state:
All data must be encrypted at rest and in transit.
All data must be replicated in at least two locations that are at least 500 miles (805 kilometers) apart.
Which solution meets these requirements?

  1. Create primary and secondary Amazon S3 buckets in two separate Availability Zones that are at least 500 miles (805 kilometers) apart. Use a bucket policy to enforce access to the buckets only through HTTPS. Use a bucket policy to enforce Amazon S3 SSE-C on all objects uploaded to the bucket. Con gure cross- region replication between the two buckets.
  2. Create primary and secondary Amazon S3 buckets in two separate AWS Regions that are at least 500 miles (805 kilometers) apart. Use a bucket policy to enforce access to the buckets only through HTTPS. Use a bucket policy to enforce S3-Managed Keys (SSE-S3) on all objects uploaded to the bucket. Con gure cross-region replication between the two buckets.
  3. Create primary and secondary Amazon S3 buckets in two separate AWS Regions that are at least 500 miles (805 kilometers) apart. Use an IAM role to enforce access to the buckets only through HTTPS. Use a bucket policy to enforce Amazon S3-Managed Keys (SSE-S3) on all objects uploaded to the bucket. Con gure cross-region replication between the two buckets.
  4. Create primary and secondary Amazon S3 buckets in two separate Availability Zones that are at least 500 miles (805 kilometers) apart. Use a bucket policy to enforce access to the buckets only through HTTPS. Use a bucket policy to enforce AWS KMS encryption on all objects uploaded to the bucket. Con gure cross-region replication between the two buckets. Create a KMS Customer Master Key (CMK) in the primary region for encrypting objects.

Answer(s): B



A company is using an AWS CodeBuild project to build and package an application. The packages are copied to a shared Amazon S3 bucket before being deployed across multiple AWS accounts.
The buildspec.yml le contains the following:



The DevOps Engineer has noticed that anybody with an AWS account is able to download the artifacts.
What steps should the DevOps Engineer take to stop this?

  1. Modify the post_build to command to use "-acl public-read and con gure a bucket policy that grants read access to the relevant AWS accounts only.
  2. Con gure a default ACL for the S3 bucket that de nes the set of authenticated users as the relevant AWS accounts only and grants read- only access.
  3. Create an S3 bucket policy that grants read access to the relevant AWS accounts and denies read access to the principal *
  4. Modify the post_build command to remove "-acl authenticated-read and con gure a bucket policy that allows read access to the relevant AWS accounts only.

Answer(s): D



A DevOps engineer needs to grant several external contractors access to a legacy application that runs on an Amazon Linux Amazon EC2 instance. The application server is available only in a private subnet. The contractors are not authorized for VPN access. What should the DevOps engineer do to grant the contactors access to the application server?

  1. Create an IAM user and SSH keys for each contractor. Add the public SSH key to the application server's SSH authorized_keys le. Instruct the contractors to install the AWS CLI and AWS Systems Manager Session Manager plugin, update their AWS credentials les with their private keys, and use the aws ssm start-session command to gain access to the target application server instance ID.
  2. Ask each contractor to securely send their SSH public key. Add this public key to the application server's SSH authorized-keys le. Instruct the contractors to use their private key to connect to the application server through SSH.
  3. Ask each contractor to securely send their SSH public key. Use EC2 pairs to import their key. Update the application server's SSH authorized_keys le. Instruct the contractors to use their private key to connect to the application server through SSH.
  4. Create an IAM user for each contractor with programmatic access. Add each user to an IAM group that has a policy that allows the ssm:StartSession action. Instruct the contractors to install the AWS CLI and AWS Systems Manager Session Manager plugin, update their AWS credentials les with their access keys, and use the aws ssm start-session to gain access to the target application server instance I

Answer(s): D



A company hosts its staging website using an Amazon EC2 instance backed with Amazon EBS storage. The company wants to recover quickly with minimal data losses in the event of network connectivity issues or power failures on the EC2 instance.
Which solution will meet these requirements?

  1. Add the instance to an EC2 Auto Scaling group with the minimum, maximum, and desired capacity set to 1.
  2. Add the instance to an EC2 Auto Scaling group with a lifecycle hook to detach the EBS volume when the EC2 instance shuts down or terminates.
  3. Create an Amazon CloudWatch alarm for the StatusCheckFailed_System metric and select the EC2 action to recover the instance.
  4. Create an Amazon CloudWatch alarm for the StatusCheckFailed_Instance metric and select the EC2 action to reboot the instance.

Answer(s): C


Reference:

https://aws.amazon.com/ru/blogs/aws/ec2-instance-status-metrics/
https://docs.amazonaws.cn/en_us/AmazonCloudWatch/latest/monitoring/UsingAlarmActions.html



Page 10 of 53



Post your Comments and Discuss Amazon AWS-DEVOPS-ENGINEER-PROFESSIONAL exam with other Community members:

Devopsengineer commented on November 21, 2024
review my knowledge to take an exam
UNITED STATES
upvote

Steven commented on April 20, 2020
I have a suggestion for your Xengine Test Engine software. Can you provide the Mobiel version of it too?
CANADA
upvote

CertRunner commented on May 20, 2019
As promised to provide feedback on my previous post, I took the exam today and did well. These dumps really help.
UNITED STATES
upvote

Zion commented on March 27, 2019
Just Purchase this material, will be back to give my review!
UNITED STATES
upvote

explo commented on July 08, 2018
verry good
UNITED STATES
upvote

exploguy commented on June 28, 2018
this is pretty good
UNITED STATES
upvote

centos commented on June 12, 2018
Any one using this for 2019 exam yet? Legit? No response from the support team!?>?
UNITED STATES
upvote

muzammal commented on December 10, 2017
I need this in MS word format please
UNITED STATES
upvote

ncik commented on November 07, 2017
This dump is good, I wrote my exam last week and passed.
MALAYSIA
upvote

nick commented on November 07, 2017
Thanks, this is awesome. Good quality and good support.
UNITED STATES
upvote

Diego commented on September 06, 2017
Very good support and very fast. I recommend this to anyone willing to go for a quick pass.
SWITZERLAND
upvote

Rajesh commented on July 17, 2017
Nice to have it and got a good discount
UNITED STATES
upvote