Validated AWS-Certified-DevOps-Engineer-Professional Testing Software 2021

NEW QUESTION 1
When thinking of DynamoDB, what are true of Global Secondary Key properties?

• A. The partition key and sort key can be different from the table.
• B. Only the partition key can be different from the table.
• C. Either the partition key or the sort key can be different from the table, but not both.
• D. Only the sort key can be different from the tabl

Answer: A

Explanation:
Global secondary index — an index with a partition key and a sort key that can be different from those on the table. A global secondary index is considered "gIobaI" because queries on the index can span all of the data in a table, across all partitions.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Secondarylndexes.html

NEW QUESTION 2
You run operations for a company that processes digital wallet payments at a very high volume. One second of downtime, during which you drop payments or are otherwise unavailable, loses you on average USD 100. You balance the financials of the transaction system once per day. Which database setup is best suited to address this business risk?

• A. A multi-AZ RDS deployment with synchronous replication to multiple standbys and read-replicas for fast failover and ACID properties.
• B. A multi-region, multi-master, active-active RDS configuration using database-level ACID design principles with database trigger writes for replication.
• C. A multi-region, multi-master, active-active DynamoDB configuration using application control-level BASE design principles with change-stream write queue buffers for replication.
• D. A multi-AZ DynamoDB setup with changes streamed to S3 via AWS Kinesis, for highly durable storage and BASE properties.

Answer: C

Explanation:
Only the multi-master, multi-region DynamoDB answer makes sense. IV|u|ti-AZ deployments do not provide sufficient availability when a business loses USD 360,000 per hour of unavailability. As RDS does not natively support multi-region, and ACID does not perform well/at all over large distances between
regions, only the DynamoDB answer works. Reference:
http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.CrossRegionRepI.htmI

NEW QUESTION 3
What is the scope of an EC2 EIP?

• A. Placement Group
• B. Availability Zone
• C. Region
• D. VPC

Answer: C

Explanation:
An Elastic IP address is tied to a region and can be associated only with an instance in the same region. Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resources.htmI

NEW QUESTION 4
What is web identity federation?

• A. Use of an identity provider like Google or Facebook to become an AWS IAM User.
• B. Use of an identity provider like Google or Facebook to exchange for temporary AWS security credentials.
• C. Use of AWS IAM User tokens to log in as a Google or Facebook user.
• D. Use of AWS STS Tokens to log in as a Google or Facebook use

Answer: B

Explanation:
users of your app can sign in using a well-known identity provider (|dP) -such as Login with Amazon, Facebook, Google, or any other OpenID Connect (OIDC)-compatible IdP, receive an authentication token, and then exchange that token for temporary security credentials in AWS that map to an IAM role with permissions to use the resources in your AWS account.
Reference: http://docs.aws.amazon.com/IANI/latest/UserGuide/id_roIes_providers_oidc.html

NEW QUESTION 5
Which of the following tools does not directly support AWS OpsWorks, for monitoring your stacks?

• A. AWS Config
• B. Amazon CIoudWatch Nletrics
• C. AWS CloudTraiI
• D. Amazon CIoudWatch Logs

Answer: A

Explanation:
You can monitor your stacks in the following ways: AWS OpsWorks uses Amazon CIoudWatch to provide thirteen custom metrics with detailed monitoring for each instance in the stack; AWS OpsWorks integrates with AWS CIoudTraiI to log every AWS OpsWorks API call and store the data in an Amazon S3 bucket; You can use Amazon CIoudWatch Logs to monitor your stack's system, application, and custom logs. Reference: http://docs.aws.amazon.com/opsworks/latest/userguide/monitoring.htmI

NEW QUESTION 6
Which is not a restriction on AWS EBS Snapshots?

• A. Snapshots which are shared cannot be used as a basis for other snapshots.
• B. You cannot share a snapshot containing an AWS Access Key ID or AWS Secret Access Key.
• C. You cannot share unencrypted snapshots.
• D. Snapshot restorations are restricted to the region in which the snapshots are create

Answer: A

Explanation:
Snapshots shared with other users are usable in full by the recipient, including but limited to the ability to base modified volumes and snapshots.
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html

NEW QUESTION 7
You want to pass queue messages that are 1GB each. How should you achieve this?

• A. Use Kinesis as a buffer stream for message bodie
• B. Store the checkpoint id for the placement in the Kinesis Stream in SQS.
• C. Use the Amazon SQS Extended Client Library for Java and Amazon S3 as a storage mechanism for message bodies.
• D. Use SQS's support for message partitioning and multi-part uploads on Amazon S3.
• E. Use AWS EFS as a shared pool storage mediu
• F. Store filesystem pointers to the files on disk in the SQS message bodies.

Answer: B

Explanation:
You can manage Amazon SQS messages with Amazon S3. This is especially useful for storing and retrieving messages with a message size of up to 2 GB. To manage Amazon SQS messages with Amazon S3, use the Amazon SQS Extended Client Library for Java.
Reference:
http://docs.aws.amazon.com/AWSSimpIeQueueService/latest/SQSDeveIoperGuide/s3-messages.html

NEW QUESTION 8
For AWS Auto Scaling, what is the first transition state a new instance enters after leaving steady state when scaling out due to increased load?

• A. EnteringStandby
• B. Pending
• C. Terminating:Wait
• D. Detaching

Answer: B

Explanation:
When a scale out event occurs, the Auto Scaling group launches the required number of EC2 instances, using its assigned launch configuration. These instances start in the Pending state. If you add a lifecycle hook to your Auto Scaling group, you can perform a custom action here. For more information, see Lifecycle Hooks.
Reference: http://docs.aws.amazon.com/AutoScaling/latest/DeveIoperGuide/AutoScaIingGroupLifecycIe.html

NEW QUESTION 9
What is the maximum supported single-volume throughput on EBS?

• A. 320IV|iB/s
• B. 160MiB/s
• C. 40MiB/s
• D. 640MiB/s

Answer: A

Explanation:
The ceiling throughput for PIOPS on EBS is 320MiB/s.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVo|umeTypes.htm| IIIIIEZIIII HWS-IIEIIII|]S-EII§iII|}|}I‘-PI‘0I|}SSi0IIilI EIIEIII

NEW QUESTION 10
You need to run a very large batch data processing job one time per day. The source data exists entirely in S3, and the output of the processing job should also be written to S3 when finished. If you need to version control this processing job and all setup and teardown logic for the system, what approach should you use?

• A. Model an AWS EMR job in AWS Elastic Beanstalk.
• B. Model an AWS EMR job in AWS CloudFormation.
• C. Model an AWS EMR job in AWS OpsWorks.
• D. Model an AWS EMR job in AWS CLI Compose

Answer: B

Explanation:
To declaratively model build and destroy of a cluster, you need to use AWS CIoudFormation. OpsWorks and Elastic Beanstalk cannot directly model EMR Clusters. The CLI is not declarative, and CLI Composer does not exist.
Reference:
http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/aws-resource-emr-cluster.html

NEW QUESTION 11
Which of these is not an intrinsic function in AWS CIoudFormation?

• A. Fn::SpIit
• B. Fn::FindInMap
• C. Fn::SeIect
• D. Fn::GetAZs

Answer: A

Explanation:
This is the complete list of Intrinsic Functions...: Fn::Base64, Fn::And, Fn::EquaIs, Fn::If, Fn::Not, Fn::Or, Fn::FindInMap, Fn::GetAtt, Fn::GetAZs, Fn::Join, Fn::Se|ect, Ref
Reference:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference.html

NEW QUESTION 12
Which of these techniques enables the fastest possible rollback times in the event of a failed deployment?

• A. Rolling; Immutable
• B. Rolling; Mutable
• C. Canary or A/B
• D. Blue-Green

Answer: D

Explanation:
AWS specifically recommends Blue-Green for super-fast, zero-downtime deploys - and thus rollbacks, which are redeploying old code.
You use various strategies to migrate the traffic from your current application stack (blue) to a new version of the application (green). This is a popular technique for deploying applications with zero downtime. Reference: https://d0.awsstatic.com/whitepapers/overview-of-deployment-options-on-aws.pdf

NEW QUESTION 13
What is the scope of an EBS volume?

• A. VPC
• B. Region
• C. Placement Group
• D. Availability Zone

Answer: D

Explanation:
An Amazon EBS volume is tied to its Availability Zone and can be attached only to instances in the same Availability Zone.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resources.htmI

NEW QUESTION 14
For AWS CloudFormation, which is true?

• A. Custom resources using SNS have a default timeout of 3 minutes.
• B. Custom resources using SNS do not need a <code>ServiceToken</code> property.
• C. Custom resources using Lambda and <code>Code.ZipFiIe</code> allow inline nodejs resource composition.
• D. Custom resources using Lambda do not need a <code>ServiceToken</code>property

Answer: C

Explanation:
Code is a property of the AWS::Lambda::Function resource that enables to you specify the source code of an AWS Lambda (Lambda) function. You can point to a file in an Amazon Simple Storage Service (Amazon S3) bucket or specify your source code as inline text (for nodejs runtime environments only). Reference:
http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/template-custom-resources.html

NEW QUESTION 15
For AWS Auto Scaling, what is the first transition state an instance enters after leaving steady state when scaling in due to health check failure or decreased load?

• A. Terminating
• B. Detaching
• C. Terminating:Wait
• D. EnteringStandby

Answer: A

Explanation:
When Auto Scaling responds to a scale in event, it terminates one or more instances. These instances are detached from the Auto Scaling group and enter the Terminating state.
Reference: http://docs.aws.amazon.com/AutoScaling/latest/DeveIoperGuide/AutoScaIingGroupLifecycIe.html

NEW QUESTION 16
You need to scale an RDS deployment. You are operating at 10% writes and 90% reads, based on your logging. How best can you scale this in a simple way?

• A. Create a second master RDS instance and peer the RDS groups.
• B. Cache all the database responses on the read side with CIoudFront.
• C. Create read replicas for RDS since the load is mostly reads.
• D. Create a Multi-AZ RDS installs and route read traffic to standb

Answer: C

Explanation:
The high-availability feature is not a scaling solution for read-only scenarios; you cannot use a standby replica to serve read traffic. To service read-only traffic, you should use a Read Replica. For more information, see Working with PostgreSQL, MySQL, and NIariaDB Read Replicas.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.NIuItiAZ.htmI

NEW QUESTION 17
Your serverless architecture using AWS API Gateway, AWS Lambda, and AWS DynamoDB experienced a large increase in traffic to a sustained 400 requests per second, and dramatically increased in failure rates. Your requests, during normal operation, last 500 milliseconds on average. Your DynamoDB table did not exceed 50% of provisioned throughput, and Table primary keys are designed correctly. What is the most likely issue?

• A. Your API Gateway deployment is throttling your requests.
• B. Your AWS API Gateway Deployment is bottlenecking on request (de)seriaIization.
• C. You did not request a limit increase on concurrent Lambda function executions.
• D. You used Consistent Read requests on DynamoDB and are experiencing semaphore loc

Answer: C

Explanation:
AWS API Gateway by default throttles at 500 requests per second steady-state, and 1000 requests per second at spike. Lambda, by default, throttles at 100 concurrent requests for safety. At 500 milliseconds (half of a second) per request, you can expect to support 200 requests per second at 100 concurrency. This is less than the 400 requests per second your system now requires. Make a limit increase request via the AWS Support Console.
AWS Lambda: Concurrent requests safety throttle per account -> 100
Reference: http://docs.aws.amazon.com/generaI/latest/gr/aws_service_Iimits.htm|#|imits_|ambda

NEW QUESTION 18
You were just hired as a DevOps Engineer for a startup. Your startup uses AWS for 100% of their infrastructure. They currently have no automation at all for deployment, and they have had many failures while trying to deploy to production. The company has told you deployment process risk mitigation is the most important thing now, and you have a lot of budget fortools and AWS resources.
Their stack: 2-tier API
Data stored in DynamoDB or S3, depending on type Compute layer is EC2 in Auto Scaling Groups They use Route53 for DNS pointing to an ELB
An ELB balances load across the EC2 instances
The scaling group properly varies between 4 and 12 EC2 sewers.
Which of the following approaches, given this company's stack and their priorities, best meets the company's needs?

• A. Model the stack in AWS Elastic Beanstalk as a single Application with multiple Environment
• B. Use Elastic BeanstaIk's Rolling Deploy option to progressively roll out application code changes when promoting across environments.
• C. Model the stack in 3 CIoudFormation templates: Data layer, compute layer, and networking laye
• D. Write stack deployment and integration testing automation following Blue-Green methodologies.
• E. Model the stack in AWS OpsWorks as a single Stack, with 1 compute layer and its associated EL
• F. Use Chef and App Deployments to automate Rolling Deployment.
• G. Model the stack in 1 CIoudFormation template, to ensure consistency and dependency graph resolutio
• H. Write deployment and integration testing automation following Rolling Deployment methodologies.

Answer: B

Explanation:
AWS recommends Blue-Green for zero-downtime deploys. Since you use DynamoDB, and neither AWS OpsWorks nor AWS Elastic Beanstalk directly supports DynamoDB, the option selecting CloudFormation and Blue-Green is correct.
You use various strategies to migrate the traffic from your current application stack (blue) to a new version of the application (green). This is a popular technique for deploying applications with zero downtime. The deployment services like AWS Elastic Beanstalk, AWS CIoudFormation, or AWS OpsWorks are particularly useful as they provide a simple way to clone your running application stack. You can set up a
new version of your application (green) by simply cloning current version of the application (blue). Reference: https://d0.awsstatic.com/whitepapers/overview-of-deployment-options-on-aws.pdf

NEW QUESTION 19
To monitor API calls against our AWS account by different users and entities, we can use to create a history of calls in bulk for later review, and use for reacting to AWS API calls in real-time.

• A. AWS Config; AWS Inspector
• B. AWS CIoudTraiI; AWS Config
• C. AWS CIoudTraiI; CIoudWatch Events
• D. AWS Config; AWS Lambda

Answer: C

Explanation:
CIoudTraiI is a batch API call collection service, CIoudWatch Events enables real-time monitoring of calls through the Rules object interface.
Reference: https://aws.amazon.com/whitepapers/security-at-scaIe-governance-in-aws/

NEW QUESTION 20
You are getting a lot of empty receive requests when using Amazon SQS. This is making a lot of unnecessary network load on your instances. What can you do to reduce this load?

• A. Subscribe your queue to an SNS topic instead.
• B. Use as long of a poll as possible, instead of short polls.
• C. Alter your visibility timeout to be shorter.
• D. Use <code>sqsd</code> on your EC2 instance

Answer: B

Explanation:
One benefit of long polling with Amazon SQS is the reduction of the number of empty responses, when there are no messages available to return, in reply to a ReceiveMessage request sent to an Amazon SQS queue. Long polling allows the Amazon SQS service to wait until a message is available in the queue before sending a response.
Reference:
http://docs.aws.amazon.com/AWSSimpIeQueueService/latest/SQSDeveIoperGuide/sqs-long-polling.html

NEW QUESTION 21
You need your API backed by DynamoDB to stay online during a total regional AWS failure. You can tolerate a couple minutes of lag or slowness during a large failure event, but the system should recover with normal operation after those few minutes. What is a good approach?

• A. Set up DynamoDB cross-region replication in a master-standby configuration, with a single standby in another regio
• B. Create an Auto Scaling Group behind an ELB in each of the two regions DynamoDB is running i
• C. Add a Route53 Latency DNS Record with DNS Failover, using the ELBs in the two regions as the resource records.
• D. Set up a DynamoDB MuIti-Region tabl
• E. Create an Auto Scaling Group behind an ELB in each of the two regions DynamoDB is running i
• F. Add a Route53 Latency DNS Record with DNS Failover, using the ELBs in the two regions as the resource records.
• G. Set up a DynamoDB Mu|ti-Region tabl
• H. Create a cross-region ELB pointing to a cross-region Auto Scaling Group, and direct a Route53 Latency DNS Record with DNS Failover to the cross-region ELB.
• I. Set up DynamoDB cross-region replication in a master-standby configuration, with a single standby in another regio
• J. Create a cross-region ELB pointing to a cross-region Auto Scaling Group, and direct a Route53 Latency DNS Record with DNS Failover to the cross-region ELB.

Answer: A

Explanation:
There is no such thing as a cross-region ELB, nor such thing as a cross-region Auto Scaling Group, nor such thing as a DynamoDB Multi-Region Table. The only option that makes sense is the cross-regional replication version with two ELBs and ASGs with Route53 Failover and Latency DNS.
Reference: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.CrossRegionRepI.htmI

NEW QUESTION 22
There is a very serious outage at AWS. EC2 is not affected, but your EC2 instance deployment scripts stopped working in the region with the outage. What might be the issue?

• A. The AWS Console is down, so your CLI commands do not work.
• B. S3 is unavailable, so you can't create EBS volumes from a snapshot you use to deploy new volumes.
• C. AWS turns off the <code>DepIoyCode</code> API call when there are major outages, to protect from system floods.
• D. None of the other answers make sens
• E. If EC2 is not affected, it must be some other issu

Answer: B

Explanation:
S3 stores all snapshots. If S3 is unavailable, snapshots are unavailable.
Amazon EC2 also uses Amazon S3 to store snapshots (backup copies) of the data volumes. You can use snapshots for recovering data quickly and reliably in case of application or system failures. You can also use snapshots as a baseline to create multiple new data volumes, expand the size of an existing data volume, or move data volumes across multiple Availability Zones, thereby making your data usage highly scalable. For more information about using data volumes and snapshots, see Amazon Elastic Block Store.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonS3.htmI

NEW QUESTION 23
......