CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS-DEVOPS-ENGINEER-PROFESSIONAL

Free AWS-DEVOPS-ENGINEER-PROFESSIONAL Exam Braindumps (page: 21)

Page 20 of 53
PDF with 208 Questions

A development team is building a full-stack serverless web application. The serverless application will consist of a backend REST API and a front end that is built with a single-page application (SPA) framework.
The team wants to use a Git-based work ow to develop and deploy the application. The team has created an AWS CodeCommit repository to store the application code. The team wants to use multiple development branches to test new features. In addition, the team wants to ensure that code changes on the development branches are deployed to the different development environments. Code changes to the main branches must be released automatically to production.
The development deployments must be available as a subdomain of the main application website, which is hosted in an Amazon Route 53 public hosted zone.
What should a DevOps engineer do to meet these requirements?

  1. Create an application in the AWS Amplify console, and connect the CodeCommit repository. Create a feature branch deployment for each of the environments. Connect the Route 53 domain to the application. Activate the automatic creation of subdomains.
  2. Create a single AWS CodePipeline pipeline that uses the CodeCommit repository as a source. Con gure the pipeline so that it deploys to different environments based on the changed branch. Create an AWS Lambda function that creates a new subdomain based on the source branch name. Invoke the Lambda function in the deployment work ow.
  3. Create an application in AWS Elastic Beanstalk that uses the CodeCommit repository as a source. Con gure Elastic Beanstalk so that it creates a new application environment based on the changed branch. Connect the Route 53 domain to the application. Activate the automatic creation of subdomains.
  4. Create multiple AWS CodePipeline pipelines that use the CodeCommit repository as a source. Con gure each pipeline so that it deploys to a speci c environment based on the con gured branch. Con gure an AWS CodeDeploy step in the pipeline to deploy the application components and to create the Route 53 public hosted zone.

Answer(s): A



A company is using AWS CodePipeline to deploy an application. According to a new guideline, a member of the company's security team must sign off on any application changes before the changes are deployed into production. The approval must be recorded and retained.
Which combination of actions will meet these requirements? (Choose two.)

  1. Con gure CodePipeline to write actions to Amazon CloudWatch Logs.
  2. Con gure CodePipeline to write actions to an Amazon S3 bucket at the end of each pipeline stage.
  3. Create an AWS CloudTrail trail to deliver logs to Amazon S3.
  4. Create a CodePipeline custom action to invoke an AWS Lambda function for approval. Create a policy that gives the security team access to manage CodePipeline custom actions.
  5. Create a CodePipeline manual approval action before the deployment step. Create a policy that grants the security team access to approve manual approval stages.

Answer(s): C,E



A company manages a web application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The EC2 instances run in an Auto
Scaling group across multiple Availability Zones. The application uses an Amazon RDS for MySQL DB instance to store the data. The company has con gured
Amazon Route 53 with an alias record that points to the ALB.
Anew company guideline requires a geographically isolated disaster recovery (DR) site with an RTO of 4 hours and an RPO of 15 minutes. Which DR strategy will meet these requirements with the LEAST change to the application stack?

  1. Launch a replica environment of everything except Amazon RDS in a different Availability Zone. Create an RDS read replica in the new Availability Zone, and con gure the new stack to point to the local RDS DB instance. Add the new stack to the Route 53 record set by using a health check to con gure a failover routing policy.
  2. Launch a replica environment of everything except Amazon RDS in a different AWS Region. Create an RDS read replica in the new Region, and con gure the new stack to point to the local RDS DB instance. Add the new stack to the Route 53 record set by using a health check to con gure a latency routing policy.
  3. Launch a replica environment of everything except Amazon RDS in a different AWS Region. In the event of an outage, copy and restore the latest RDS snapshot from the primary Region to the DR Region. Adjust the Route 53 record set to point to the ALB in the DR Region.
  4. Launch a replica environment of everything except Amazon RDS in a different AWS Region. Create an RDS read replica in the new Region, and con gure the new environment to point to the local RDS DB instance. Add the new stack to the Route 53 record set by using a health check to con gure a failover routing policy. In the event of an outage, promote the read replica to primary.

Answer(s): D



A DevOps engineer wants to implement an automated response that will occur if AWS Trusted Advisor detects an IAM access key in a public source code repository. The automated response must delete the exposed access key and must notify the security team.
Which solution will meet these requirements?

  1. Create an AWS Lambda function to delete the 1AM access key. Con gure AWS CloudTrail logs to stream to Amazon CloudWatch Logs.
    Create a CloudWatch Logs metric lter for the AWS_RISK_CREDENTIALS_EXPOSED event with two actions. First, run the Lambda function.
    Second, use Amazon Simple Noti cation Service (Amazon SNS) to send a noti cation to the security team.
  2. Create an AWS Lambda function to delete the IAM access key. Create an AWS Con g rule for changes to "aws.trustedadvisor" and the "Exposed Access Keys" status with two actions. First, run the Lambda function. Second, use Amazon Simple Noti cation Service (Amazon SNS) to send a noti cation to the security team.
  3. Create an AWS Lambda function that deletes the IAM access key and then uses Amazon Simple Noti cation Service (Amazon SNS) to notify the security team. Create an AWS Personal Health Dashboard rule for the AWS_RISK_CREDENTIALS_EXPOSED event. Set the target of the Personal Health Dashboard rule to the ARN of the Lambda function.
  4. Create an AWS Lambda function that deletes the IAM access key. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with an "aws.trustedadvisor" event source and the "Exposed Access Keys" status. Set the EventBridge (CloudWatch Events) rule to target the Lambda function and an Amazon Simple Noti cation Service (Amazon SNS) topic that noti es the security team.

Answer(s): D






Post your Comments and Discuss Amazon AWS-DEVOPS-ENGINEER-PROFESSIONAL exam with other Community members:

AWS-DEVOPS-ENGINEER-PROFESSIONAL Discussions & Posts