CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS-DEVOPS-ENGINEER-PROFESSIONAL

Free AWS-DEVOPS-ENGINEER-PROFESSIONAL Exam Braindumps (page: 22)

Page 21 of 53
PDF with 208 Questions

A DevOps engineer wants to implement an automated response that will occur if AWS Trusted Advisor detects an IAM access key in a public source code repository. The automated response must delete the exposed access key and must notify the security team.
Which solution will meet these requirements?

  1. Create an AWS Lambda function to delete the IAM access key. Con gure AWS CloudTrail logs to stream to Amazon CloudWatch Logs.
    Create a CloudWatch Logs metric lter for the AWS_RISK_CREDENTIALS_EXPOSED event with two actions. First, run the Lambda function.
    Second, use Amazon Simple Noti cation Service (Amazon SNS) to send a noti cation to the security team.
  2. Create an AWS Lambda function to delete the IAM access key. Create an AWS Con g rule for changes to "aws.trustedadvisor" and the "Exposed Access Keys" status with two actions. First, run the Lambda function. Second, use Amazon Simple Noti cation Service (Amazon SNS) to send a noti cation to the security team.
  3. Create an AWS Lambda function that deletes the IAM access key and then uses Amazon Simple Noti cation Service (Amazon SNS) to notify the security team. Create an AWS Personal Health Dashboard rule for the AWS_RISK_CREDENTIALS_EXPOSED event. Set the target of the Personal Health Dashboard rule to the ARN of the Lambda function.
  4. Create an AWS Lambda function that deletes the IAM access key. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with an "aws.trustedadvisor" event source and the "Exposed Access Keys" status. Set the EventBridge (CloudWatch Events) rule to target the Lambda function and an Amazon Simple Noti cation Service (Amazon SNS) topic that noti es the security team.

Answer(s): D



A company hosts an application in North America. The application uses an Amazon Aurora PostgreSQL DB cluster. A team of analysts in Europe generates real- time reports by using the DB cluster. The analysts must have access to the most up-to-date data. A DevOps engineer discovers that the generation of reports is much slower for users in Europe than for users in North America.
What should the DevOps engineer do to resolve this issue?

  1. Create an Amazon DynamoDB table in Europe. Use DynamoDB Accelerator (DAX) to con gure replication between the DB cluster and the DynamoDB table. Con gure the users' machines to point to the DynamoDB table in Europe.
  2. Create cross-Region Aurora Replicas in North America, and activate synchronous replication. Con gure the users' machines to point to the Aurora reader endpoint in North America.
  3. Create an Aurora global database. Use the existing DB cluster as the primary cluster, and add a secondary cluster in an AWS Region in Europe. Con gure the users' machines to point to the Aurora reader endpoint in Europe.
  4. Use Amazon DynamoDB global tables in an AWS Region in Europe. Set up continuous replication between the DB cluster and the DynamoDB table by using AWS Database Migration Service (AWS DMS). Con gure the users' machines to point to the DynamoDB table in Europe.

Answer(s): C



A consulting company was hired to assess security vulnerabilities within a client company's application and propose a plan to remediate all identi ed issues. The architecture is identi ed as follows: Amazon S3 storage for content, an Auto Scaling group of Amazon EC2 instances behind an Elastic Load Balancer with attached Amazon EBS storage, and an Amazon RDS MySQL database. There are also several AWS Lambda functions that communicate directly with the RDS database using connection string statements in the code.

The consultants identi ed the top security threat as follows: the application is not meeting its requirement to have encryption at rest.

What solution will address this issue with the LEAST operational overhead and will provide monitoring for potential future violations?

  1. Enable SSE encryption on the S3 buckets and RDS database. Enable OS-based encryption of data on EBS volumes. Con gure Amazon Inspector agents on EC2 instances to report on insecure encryption ciphers. Set up AWS Con g rules to periodically check for non-encrypted S3 objects.
  2. Con gure the application to encrypt each le prior to storing on Amazon S3. Enable OS-based encryption of data on EBS volumes. Encrypt data on write to RDS. Run cron jobs on each instance to check for unencrypted data and notify via Amazon SNS. Use S3 Events to call an AWS Lambda function and verify if the le is encrypted.
  3. Enable Secure Sockets Layer (SSL) on the load balancer, ensure that AWS Lambda is using SSL to communicate to the RDS database, and enable S3encryption. Con gure the application to force SSL for incoming connections and con gure RDS to only grant access if the session is encrypted. Con gure Amazon Inspector agents on EC2 instances to report on insecure encryption ciphers.
  4. Enable SSE encryption on the S3 buckets, EBS volumes, and the RDS database. Store RDS credentials in EC2 Parameter Store. Enable a policy on the S3 bucket to deny unencrypted puts. Set up AWS Con g rules to periodically check for non-encrypted S3 objects and EBS volumes, and to ensure that RDS storage is encrypted.

Answer(s): D



A DevOps engineer is planning to deploy a Ruby-based application to production. The application needs to interact with an Amazon RDS for MySQL database and should have automatic scaling and high availability. The stored data in the database is critical and should persist regardless of the state of the application stack.

The DevOps engineer needs to set up an automated deployment strategy for the application with automatic rollbacks. The solution also must alert the application team when a deployment fails.

Which combination of steps will meet these requirements? (Choose three.)

  1. Deploy the application on AWS Elastic Beanstalk. Deploy an Amazon RDS for MySQL DB instance as part of the Elastic Beanstalk con guration.
  2. Deploy the application on AWS Elastic Beanstalk. Deploy a separate Amazon RDS for MySQL DB instance outside of Elastic Beanstalk.
  3. Con gure a noti cation email address that alerts the application team in the AWS Elastic Beanstalk con guration.
  4. Con gure an Amazon EventBridge (Amazon CloudWatch Events) rule to monitor AWS Health events. Use an Amazon Simple Noti cation Service (Amazon SNS) topic as a target to alert the application team.
  5. Use the immutable deployment method to deploy new application versions.
  6. Use the rolling deployment method to deploy new application versions.

Answer(s): A,C,D






Post your Comments and Discuss Amazon AWS-DEVOPS-ENGINEER-PROFESSIONAL exam with other Community members:

AWS-DEVOPS-ENGINEER-PROFESSIONAL Discussions & Posts