CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS-DEVOPS-ENGINEER-PROFESSIONAL

Free AWS-DEVOPS-ENGINEER-PROFESSIONAL Exam Braindumps (page: 27)

Page 26 of 53
PDF with 208 Questions

A company uses Amazon S3 to store proprietary information. The development team creates buckets for new projects on a daily basis. The security team wants to ensure that all existing and future buckets have encryption, logging, and versioning enabled. Additionally, no buckets should ever be publicly read or write accessible.

What should a DevOps engineer do to meet these requirements?

  1. Enable AWS CloudTrail and con gure automatic remediation using AWS Lambda.
  2. Enable AWS Con g rules and con gure automatic remediation using AWS Systems Manager documents.
  3. Enable AWS Trusted Advisor and con gure automatic remediation using Amazon CloudWatch Events.
  4. Enable AWS Systems Manager and con gure automatic remediation using Systems Manager documents.

Answer(s): B



A company runs an application on one Amazon EC2 instance. Application metadata is stored in Amazon S3 and must be retrieved if the instance is restarted. The instance must restart or relaunch automatically if the instance becomes unresponsive.

Which solution will meet these requirements?

  1. Create an Amazon CloudWatch alarm for the StatusCheckFailed metric. Use the recover action to stop and start the instance. Use an S3 event noti cation to push the metadata to the instance when the instance is back up and running.
  2. Con gure AWS OpsWorks, and use the auto healing feature to stop and start the instance. Use a lifecycle event in OpsWorks to pull the metadata from Amazon S3 and update it on the instance.
  3. Use EC2 Auto Recovery to automatically stop and start the instance in case of a failure. Use an S3 event noti cation to push the metadata to the instance when the instance is back up and running.
  4. Use AWS CloudFormation to create an EC2 instance that includes the UserData property for the EC2 resource. Add a command in UserData to retrieve the application metadata from Amazon S3.

Answer(s): B



A devops team uses AWS CloudFormation to build their infrastructure. The security team is concerned about sensitive parameters, such as passwords, being exposed.

Which combination of steps will enhance the security of AWS CloudFormation? (Choose three.)

  1. Create a secure string with AWS KMS and choose a KMS encryption key. Reference the ARN of the secure string, and give AWS CloudFormation permission to the KMS key for decryption.
  2. Create secrets using the AWS Secrets Manager AWS::SecretsManager::Secret resource type. Reference the secret resource return attributes in resources that need a password, such as an Amazon RDS database.
  3. Store sensitive static data as secure strings in the AWS Systems Manager Parameter Store. Use dynamic references in the resources that need access to the data.
  4. Store sensitive static data in the AWS Systems Manager Parameter Store as strings. Reference the stored value using types of Systems Manager parameters.
  5. Use AWS KMS to encrypt the CloudFormation template.
  6. Use the CloudFormation NoEcho parameter property to mask the parameter value.

Answer(s): B,C,F



A company has a mission-critical application on AWS that uses automatic scaling. The company wants the deployment lifecycle to meet the following parameters:

· The application must be deployed one instance at a time to ensure the remaining eet continues to serve tra c.
· The application is CPU intensive and must be closely monitored.
· The deployment must automatically roll back if the CPU utilization of the deployment instance exceeds 85%.

Which solution will meet these requirements?

  1. Use AWS CloudFormation to create an AWS Step Functions state machine and Auto Scaling lifecycle hooks to move to one instance at a time into a wait state. Use AWS Systems Manager automation to deploy the update to each instance and move it back into the Auto Scaling group using the heartbeat timeout.
  2. Use AWS CodeDeploy with Amazon EC2 Auto Scaling. Con gure an alarm tied to the CPU utilization metric. Use the CodeDeployDefault.OneAtAtime con guration as a deployment strategy. Con gure automatic rollbacks within the deployment group to roll back the deployment if the alarm thresholds are breached.
  3. Use AWS Elastic Beanstalk for load balancing and AWS Auto Scaling. Con gure an alarm tied to the CPU utilization metric. Con gure rolling deployments with a xed batch size of one instance. Enable enhanced health to monitor the status of the deployment and roll back based on the alarm previously created.
  4. Use AWS Systems Manager to perform a blue/green deployment with Amazon EC2 Auto Scaling. Con gure an alarm tied to the CPU utilization metric. Deploy updates one at a time. Con gure automatic rollbacks within the Auto Scaling group to roll back the deployment if the alarm thresholds are breached.

Answer(s): B






Post your Comments and Discuss Amazon AWS-DEVOPS-ENGINEER-PROFESSIONAL exam with other Community members:

AWS-DEVOPS-ENGINEER-PROFESSIONAL Discussions & Posts