[Q60-Q82] Best Quality AWS-DevOps Exam Questions Amazon Test To Gain Brilliante Result!

Best Quality AWS-DevOps Exam Questions Amazon Test To Gain Brilliante Result!

Preparations of AWS-DevOps Exam 2025 AWS Certified DevOps Engineer Unlimited 575 Questions

The AWS Certified DevOps Engineer - Professional certification exam covers a wide range of topics related to DevOps practices and AWS services. These topics include infrastructure as code, monitoring and logging, security and compliance, automation and optimization, and deployment and provisioning. AWS-DevOps exam also covers various AWS services, such as AWS CloudFormation, AWS Elastic Beanstalk, AWS CodeDeploy, AWS CodePipeline, and AWS CloudWatch.

The Amazon AWS-DevOps exam covers a wide range of topics, including continuous delivery and deployment, monitoring and logging, security and compliance, and infrastructure as code. Candidates should have a solid understanding of AWS services such as AWS CloudFormation, AWS Elastic Beanstalk, AWS CodePipeline, AWS CodeDeploy, and AWS CloudWatch. In addition, candidates should have experience with DevOps tools such as Docker, Jenkins, and Chef.

The DOP-C01 certification exam is intended for professionals who have at least two years of experience in implementing and managing AWS environments, as well as experience working with DevOps tools and technologies. Candidates for this certification exam should have a deep understanding of AWS services, including AWS Elastic Beanstalk, AWS CodeDeploy, AWS CloudFormation, AWS OpsWorks, and AWS CodePipeline, among others. Successful completion of this certification exam demonstrates to employers and clients that the candidate has the knowledge and skills to design, deploy, and manage DevOps solutions on the AWS platform.

 

NEW QUESTION # 60
A DevOps engineer is researching the least expensive way to implement an image batch processing cluster on AWS. The application cannot run in Docker containers and must run on Amazon EC2. The batch job stores checkpoint data on an NFS and can tolerate interruptions. Configuring the cluster software from a generic EC2 Linux image takes 30 minutes.
What is the MOST cost-effective solution?

• A. Use Amazon EFS for checkpoint data. Use EC2 Fleet to launch EC2 Spot Instances, and utilize user data to configure the EC2 Linux instance on startup.
• B. Use Amazon EFS for checkpoint data. Use EC2 Fleet to launch EC2 Spot Instances. Create a custom AMI for the cluster and use the latest AMI when creating instances.
• C. Use Amazon EFS for checkpoint data. To complete the job. use an EC2 Auto Scaling group and an On-Demand pricing model to provision EC2 instances temporarily.
• D. Use GlusterFS on EC2 instances for checkpoint data. To run the batch job. configure EC2 instances manually. When the job completes, shut down the instances manually.

Answer: C

NEW QUESTION # 61
A DevOps team wants to be able to work on the same source code repository. The team has the following requirements for their development workflow and repository access controls:
- Only team members can clone the repository and create new branches.
- A production-ready code state should be isolated from any untested code changes.
- Code changes should be approved by another team member before merging to the production- ready master branch.
- All code change approvals must have an audit record.
- New team members can quickly modify code.
Which combination of actions will these requirements? (Choose three.)

• A. Create an AWS CodeCommit repository and an IAM group with permissions to read/write changes to the repository.
  Add new team members to this group.
• B. Create a pull request so other team members can review the code changes.
  Implement any suggestions, pull any additional changes from the master branch, and push to the feature branch again.
  Merge the master branch with the feature branch.
• C. Create a local feature branch from the master branch for new features.
  Commit the new code and push the changes to the feature branch in the repository.
• D. Check out the master branch and develop new features locally on a feature branch to keep the production-ready code isolated.
  Ask team members to review the changes before committing the changes locally.
• E. Create a pull request so other team members can review the code changes.
  Implement any suggestions, pull any additional changes from the master branch, resolve any conflicts, and push to the feature branch again.
  Merge the feature branch with the master branch.
• F. Create an AWS CodeCommit repository and an IAM role with permissions to read/write changes to the repository.
  Attach this IAM role to a single IAM user.
  Ensure each member of the team uses this IAM user.
  Provide new team members the credentials to this IAM user.

Answer: A,D,F

NEW QUESTION # 62
When storing sensitive data on the cloud which of the below options should be carried out on AWS. Choose 3 answers from the options given below.

• A. WithAWS you do not need to worry about encryption
• B. EnableS3 Encryption
• C. EnableEBS Encryption
• D. Encryptthe file system on an EBS volume using Linux tools

Answer: B,C,D

Explanation:
Explanation
Amazon CBS encryption offers you a simple encryption solution for your CBS volumes without the need for you to build, maintain, and secure your own key management infrastructure. When you create an encrypted CBS volume and attach it to a supported instance type, the following types of data are encrypted:
Data at rest inside the volume
All data moving between the volume and the instance
All snapshots created from the volume For more information on CBS encryption, please refer to the below link:
* http://docs.aws.amazon.com/AWSCC2/latest/UserGuide/CBSCncryption.htrril Data protection refers to protecting data while in-transit (as it travels to and from Amazon S3) and at rest (while it is stored on disks in Amazon S3 data centers). You can protect data in transit by using SSL or by using client-side encryption. For more information on S3 encryption, please refer to the below link:
* http://docs-aws.amazon.com/AmazonS3/latest/dev/UsingCncryption.html

NEW QUESTION # 63
An application is being deployed with two Amazon EC2 Auto Scaling groups, each configured with an Application Load Balancer. The application is deployed to one of the Auto Scaling groups and an Amazon Route 53 alias record is pointed to the Application Load Balancer of the last deployed Auto Scaling group. Deployments alternate between the two Auto Scaling groups.
Home security devices are making requests into the application. The Development team notes that new requests are coming into the old stack days after the deployment. The issue is caused by devices that are not observing the Time to Live (TTL) setting on the Amazon Route 53 alias record. What steps should the DevOps Engineer take to address the issue with requests coming to the old stacks, while creating minimal additional resources?

• A. Move the application to an AWS Elastic Beanstalk application with two environments. Perform new deployments on the non-live environment. After a deployment, perform an Elastic Beanstalk CNAME swap to make the newly deployed environment the live environment.
• B. Create a fleet of Amazon EC2 instances running HAProxy behind an Application Load Balancer.
  The HAProxy instances will proxy the requests to one of the existing Auto Scaling groups. After a deployment the HAProxy instances are updated to send requests to the newly deployed Auto Scaling group.
• C. Create an Amazon CloudFront distribution. Set the two existing Application Load Balancers as origins on the distribution. After a deployment, update the CloudFront distribution behavior to send requests to the newly deployed Auto Scaling group.
• D. Reduce the application to one Application Load Balancer. Create two target groups named Blue and Green. Create a rule on the Application Load Balancer pointed to a single target group. Add logic to the deployment to update the Application Load Balancer rule to the target group of the newly deployed Auto Scaling group.

Answer: D

NEW QUESTION # 64
A company wants to implement a Cl/CD pipeline for an application that is deployed on AWS. The company also has a source-code analysis tool hosted on premises that checks for security flaws.
The tool has not yet been migrated to AWS and can be accessed only on premises. The company wants to run checks against the source code as part of the pipeline before the code is compiled. The checks take anywhere from minutes to an hour to complete.
How can a DevOps Engineer meet these requirements'?

• A. Use AWS CodePipeline to create a pipeline. Add a step after the source stage to make an HTTPS request to the on-premises hosted web service that invokes a test with the source code analysis tool.
  When the analysis is complete, the web service sends the results back by putting the results in an Amazon S3 output location provided by CodePipeline.
• B. Use AWS CodePipeline to create a pipeline. Add an action to the pipeline to invoke an AWS Lambda function after the source stage. Have the Lambda function invoke the source-code analysis tool on premises against the source input from CodePipeline. The function then waits for the execution to complete and places the output in a specified Amazon S3 location.
• C. Use AWS CodePipeline to create a pipeline, then create a custom action type. Create a job worker for the custom action that runs on hardware hosted on premises. The job worker handles running security checks with the on-premises code analysis tool and then returns the job results to CodePipeline. Have the pipeline invoke the custom action after the source stage.
• D. Use AWS CodePipeline to create a pipeline. Create a shell script that copies the input source code to a location on premises. Invoke the source code analysis tool and return the results to CodePipeline.
  Invoke the shell script by adding a custom script action after the source stage.

Answer: C

NEW QUESTION # 65
A healthcare services company is concerned about the growing costs of software licensing for an application for monitoring patient wellness. The company wants to create an audit process to ensure that the application is running exclusively on Amazon EC2 Dedicated Hosts. A DevOps Engineer must create a workflow to audit the application to ensure compliance.
What steps should the Engineer take to meet this requirement with the LEAST administrative overhead?

• A. Use AWS Systems Manager Configuration Compliance. Use calls to the put-compliance- items API action to scan and build a database of noncompliant EC2 instances based on their host placement configuration. Use an Amazon DynamoDB table to store these instance IDs for fast access. Generate a report through Systems Manager by calling the list-compliance- summaries API action.
• B. Use custom Java code running on an EC2 instance. Set up EC2 Auto Scaling for the instance depending on the number of instances to be checked. Send the list of noncompliant EC2 instance IDs to an Amazon SQS queue. Set up another worker instance to process instance IDs from the SQS queue and write them to Amazon DynamoDB. Use an AWS Lambda function to terminate noncompliant instance IDs obtained from the queue, and send them to an Amazon SNS email topic for distribution.
• C. Use AWS Config. Identify all EC2 instances to be audited by enabling Config Recording on all Amazon EC2 resources for the region. Create a custom AWS Config rule that triggers an AWS Lambda function by using the "config-rule-change-triggered" blueprint. Modify the Lambda evaluateCompliance () function to verify host placement to return a NON_COMPLIANT result if the instance is not running on an EC2 Dedicated Host. Use the AWS Config report to address noncompliant instances.
• D. Use AWS CloudTrail. Identify all EC2 instances to be audited by analyzing all calls to the EC2 RunCommand API action. Invoke an AWS Lambda function that analyzes the host placement of the instance. Store the EC2 instance ID of noncompliant resources in an Amazon RDS MySOL DB instance. Generate a report by querying the RDS instance and exporting the query results to a CSV text file.

Answer: C

NEW QUESTION # 66
Which Auto Scaling process would be helpful when testing new instances before sending traffic to them, while
still keeping them in your Auto Scaling Group?

• A. Suspend the process Replace Unhealthy
• B. Suspend the process Health Check
• C. Suspend the process AddToLoadBalancer
• D. Suspend the process AZ Rebalance

Answer: C

Explanation:
Explanation
If you suspend Ad dTo Load Balancer, Auto Scaling launches the instances but does not add them to the load
balancer or target group. If you resume
the AddTo Load Balancer process. Auto Scaling resumes adding instances to the load balancer or target group
when they are launched. However, Auto Scaling does
not add the instances that were launched while this process was suspended. You must register those instances
manually.
Option A is invalid because this just balances the number of CC2 instances in the group across the Availability
Zones in the region
Option B is invalid because this just checks the health of the instances. Auto Scaling marks an instance as
unhealthy if Amazon CC2 or Clastic Load Balancing tells
Auto Scaling that the instance is unhealthy.
Option C is invalid because this process just terminates instances that are marked as unhealthy and later
creates new instances to replace them.
For more information on process suspension, please refer to the below document link: from AWS
* http://docs.aws.amazon.com/autoscaling/latest/userguide/as-suspend-resume-processes.html

NEW QUESTION # 67
A company runs a three-tier web application in its production environment, which is built on a single AWS CloudFormation template made up of Amazon EC2 instances behind an ELB Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. Data is stored in an Amazon RDS Multi-AZ DB instance with read replicas. Amazon Route 53 manages the application's public DNS record. A DevOps Engineer must create a workflow to mitigate a failed software deployment by rolling back changes in the production environment when a software cutover occurs for new application software. What steps should the Engineer perform to meet these requirements with the LEAST amount of downtime?

• A. Use AWS CloudFormation to deploy an additional staging environment, and configure the Route 53 DNS with weighted records. During cutover, increase the weight distribution to have more traffic directed to the new staging environment as workloads are successfully validated. Keep the old production environment in place until the new staging environment handles all traffic.
• B. Use a single AWS Elastic Beanstalk environment and an AWS OpsWorks environment to deploy the staging and production environments. Update the environment by uploading the ZIP file with the new application code into the Elastic Beanstalk environment deployed with the OpsWorks stack. Validate the traffic in the new environment and immediately terminate the old environment if tests are successful.
• C. Use a single AWS Elastic Beanstalk environment to deploy the staging and production environments. Update the environment by uploading the ZIP file with the new application code. Swap the Elastic Beanstalk environment CNAME. Validate the traffic in the new environment and immediately terminate the old environment if tests are successful.
• D. Use CloudFormation to deploy an additional staging environment and configure the Route 53 DNS with weighted records. During cutover, change the Route 53 A record weights to achieve an even traffic distribution between the two environments. Validate the traffic in the new environment and immediately terminate the old environment if tests are successful.

Answer: A

NEW QUESTION # 68
A DevOps Engineer needs to deploy a scalable three-tier Node.js application in AWS. The application must have zero downtime during deployments and be able to roll back to previous versions. Other applications will also connect to the same MySQL backend database.
The CIO has provided the following guidance for logging:
* Centrally view all current web access server logs.
* Search and filter web and application logs in near-real time.
* Retain log data for three months.
How should these requirements be met?

• A. Deploy the application on Amazon EC2. Configure Elastic Load Balancing and Auto Scaling. Use an Amazon RDS MySQL instance for the database tier. Configure the application to load streaming log data using Amazon Kinesis Data Firehouse into Amazon ES. Delete and create a new Amazon ES domain every 90 days.
• B. Deploy the application using AWS Elastic Beanstalk. Configure the environment type for Elastic Load Balancing and Auto Scaling. Create an Amazon RDS MySQL instance inside the Elastic Beanstalk stack. Configure the Elastic Beanstalk log options to stream logs to Amazon CloudWatch Logs. Set retention to 90 days.
• C. Deploy the application on Amazon EC2. Configure Elastic Load Balancing and Auto Scaling. Use an Amazon RDS MySQL instance for the database tier. Configure the application to store log files in Amazon S3. Use Amazon EMR to search and filter the data. Set an Amazon S3 lifecycle rule to expire objects after 90 days.
• D. Deploy the application using AWS Elastic Beanstalk. Configure the environment type for Elastic Load Balancing and Auto Scaling. Create the Amazon RDS MySQL instance outside the Elastic Beanstalk stack. Configure the Elastic Beanstalk log options to stream logs to Amazon CloudWatch Logs. Set retention to 90 days.

Answer: B

NEW QUESTION # 69
A company is adopting serverless computing and is migrating some of its existing applications to AWS Lambda A DevOps engineer must come up with an automated deployment strategy using AWS CodePipeline that should include proper version controls, branching strategies, and rollback methods Which combination of steps should the DevOps engineer follow when setting up the pipeline? (Select THREE )

• A. Use AWS CodeDeploy to deploy the application.
• B. Use AWS CodeCommit as the source code repository
• C. Use AWS CloudFormation to create an AWS Serverless Application Model (AWS SAM) template for deployment.
• D. Use AWS CloudFormation to deploy the application
• E. Use AWS CodeBuild to create an AWS Serverless Application Model (AWS SAM) template for deployment
• F. Use Amazon S3 as the source code repository

Answer: B,C,F

NEW QUESTION # 70
What is the scope of an EC2 security group?

• A. Placement Group
• B. Availability Zone
• C. Region
• D. VPC

Answer: C

Explanation:
A security group is tied to a region and can be assigned only to instances in the same region. You can't
enable an instance to communicate with an instance outside its region using security group rules. Traffic
from an instance in another region is seen as WAN bandwidth.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resources.html

NEW QUESTION # 71
You are a DevOps engineer for a company. You have been requested to create a rolling deployment solution that is cost-effective with minimal downtime. How should you achieve this? Choose two answers from the options below

• A. Use UpdatePolicy attribute to specify how CloudFormation handles updates to Auto Scaling Group resource.
• B. Re-deploy with a CloudFormation template, define update policies on Auto Scalinggroups in your CloudFormation template
• C. After each stack is deployed, tear down the old stack
• D. Re-deploy your application using a CloudFormation template to deploy Elastic Beanstalk

Answer: A,B

Explanation:
Explanation
The AWS::AutoScaling::AutoScalingGroup resource supports an UpdatePolicy attribute. This is used to define how an Auto Scalinggroup resource is updated when an update to the Cloud Formation stack occurs. A common approach to updating an Auto Scaling group is to perform a rolling update, which is done by specifying the AutoScalingRollingUpdate policy. This retains the same Auto Scalinggroup and replaces old instances with new ones, according to the parameters specified.
Option A is invalid because it is not efficient to use Cloudformation to use Clastic Beanstalk.
Option D is invalid because this is an inefficient process to tear down stacks when there are stack policies available For more information on Autoscaling Rolling Updates please refer to the below link:
* https://aws.amazon.com/premiumsupport/knowledge-center/auto-scaling-group-rolling-updates/

NEW QUESTION # 72
A company uses AWS CodePipeline to manage and deploy infrastructure as code. The infrastructure is defined in AWS CloudFormation templates and is primarily comprised of multiple Amazon EC2 instances and Amazon RDS databases. The Security team has observed many operators creating inbound security group rules with a source CIDR of 0 0 0 0/0 and would like to proactively stop the deployment of rules with open CIDRs The DevOps Engineer will implement a predeptoyment step that runs some security checks over the CloudFormation template before the pipeline processes it. This check should allow only inbound security group rules with a source CIDR of 0.0.0.0/0 if the rule has the description
"Security Approval Ref XXXXX (where XXXXX is a preallocated reference). The pipeline step should fail if this condition is not met and the deployment should be blocked How should this be accomplished?

• A. Modify the IAM role used by CodePipeline. The IAM policy should deny access.
• B. Create an AWS Config rule that is triggered on creation or edit of resource type EC2 SecurityGroup.
  This rule should call an AWS Lambda function to send a failure notification if the security group has any rules with a source CIDR of 0.0.0.0/0 without a description referencing a security approval.
• C. Enable a SCP in AWS Organizations. The policy should deny access to the API call Create Security GroupRule if the rule specifies 0.0.0.0/0 without a description referencing a security approval
• D. Add an initial stage to CodePipeline called Security Check. This stage should call an AWS Lambda function that scans the CloudFormation template and fails the pipeline if it finds
  0.0.0.0/0 in a security group without a description referencing a security approval

Answer: D

NEW QUESTION # 73
You are using CloudFormation to launch an EC2 instance and then configure an application after the instance is launched. You need the stack creation of the ELB and Auto Scaling to wait until the EC2 instance is launched and configured properly. How do you do this?

• A. Use the HoldCondition resource to hold the creation of the other dependent resources
• B. It is not possible for the stack creation to wait until one service is created and launched
• C. Use the WaitCondition resource to hold the creation of the other dependent resources
• D. Use a CreationPolicy to wait for the creation of the other dependent resources >/

Answer: D

Explanation:
Explanation
When you provision an Amazon EC2 instance in an AWS Cloud Formation stack, you might specify additional actions to configure the instance, such as install software packages or bootstrap applications. Normally, CloudFormation proceeds with stack creation after the instance has been successfully created. However, you can use a Creation Pol icy so that CloudFormation proceeds with stack creation only after your configuration actions are done. That way you'll know your applications are ready to go after stack creation succeeds.
A Creation Policy instructs CloudFormation to wait on an instance until CloudFormation receives the specified number of signals Option A is invalid because this is possible Option B is invalid because this is used make AWS CloudFormation pause the creation of a stack and wait for a signal before it continues to create the stack For more information on this, please visit the below URL:
* https://aws.amazon.com/blogs/devops/use-a-creationpolicy-to-wait-for-on-instance-configurations/

NEW QUESTION # 74
When writing plays, tasks and playbooks, Ansible fully supports which high level language to describe these?

• A. YAML
• B. Python
• C. JSON
• D. XML

Answer: A

Explanation:
This can be bit of a trick question. While Ansible Playbooks in this course are written in YAML, Ansible will accept plays, tasks and playbooks in JSON, as JSON a subset of YAML. However, the prefered and fully supported method is YAML.
Reference: http://docs.ansible.com/ansible/YAMLSyntax.html

NEW QUESTION # 75
A developer has written an application that writes data to Amazon DynamoDB. The DynamoDB table has been configured to use conditional writes. During peak usage times, writes are failing due to a ConditionalCheckFailedException error.
How can the developer increase the application's reliability when multiple clients are attempting to write to the same record?

• A. Implement error retries and exponential backoff with jitter.
• B. Implement a caching solution, such as DynamoDB Accelerator or Amazon ElastiCache.
• C. Write the data to an Amazon SNS topic.
• D. Increase the amount of write capacity for the table to anticipate short-term spikes or bursts in write operations.

Answer: A

Explanation:
https://aws.amazon.com/premiumsupport/knowledge-center/dynamodb-table-throttled/

NEW QUESTION # 76
You have a complex system that involves networking, IAM policies, and multiple, three-tier applications.
You are still receiving requirements for the new system, so you don't yet know how many AWS components will be present in the final design.
You want to start using AWS CloudFormation to define these AWS resources so that you can automate and version-control your infrastructure.
How would you use AWS CloudFormation to provide agile new environments for your customers in a cost-effective, reliable manner?

• A. Manually construct the networking layer using Amazon Virtual Private Cloud (VPC) because this does not change often, and then use AWS CloudFormation to define all other ephemeral resources.
• B. Create multiple separate templates for each logical part of the system, and provide the outputs from one to the next using an Amazon Elastic Compute Cloud (EC2) instance running the SDK for finer granularity of control.
• C. Manually create one template to encompass all the resources that you need for the system, so you only have a single template to version-control.
• D. Create multiple separate templates for each logical part of the system, create nested stacks in AWS CloudFormation, and maintain several templates to version-control.

Answer: D

NEW QUESTION # 77
An enterprise wants to use a third-party SaaS application running on AWS.. The SaaS application needs to have access to issue several API commands to discover Amazon EC2 resources running within the enterprise's account. The enterprise has internal security policies that require any outside access to their environment must conform to the principles of least privilege and there must be controls in place to ensure that the credentials used by the SaaS vendor cannot be used by any other third party. Which of the following would meet all of these conditions?

• A. Create an 1AM user within the enterprise account assign a user policy to the 1AM user that allows only the actions required by the SaaS application. Create a new access and secret key for the user and provide these credentials to the SaaS provider.
• B. Create an 1AM role for EC2 instances, assign it a policy that allows only the actions required tor the Saas application to work, provide the role ARN to the SaaS provider to use when launching their application instances.
• C. Create an 1AM role for cross-account access allows the SaaS provider's account to assume the role and assign it a policy that allows only the actions required by the SaaS application.
• D. From the AWS Management Console, navigate to the Security Credentials page and retrieve the access and secret key for your account.

Answer: C

Explanation:
Explanation
Many SaaS platforms can access aws resources via a Cross account access created in aws. If you go to Roles in your identity management, you will see the ability to add a cross account role.

For more information on cross account role, please visit the below URL:
* http://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.htmI

NEW QUESTION # 78
You are a Devops Engineer for your company. You are responsible for creating Cloudformation templates for
your company. There is a requirement to ensure that an S3 bucket is created for all resources in development
for logging purposes. How would you achieve this?

• A. Createa parameter in the Cloudformation template and then use the Condition clause inthe template to
  create an S3 bucket if the parameter has a value of development
• B. Createseparate Cloudformation templates for Development and production.
• C. Createan S3 bucket from before and then just provide access based on the tag valuementioned in the
  Cloudformation template
• D. Usethe metadata section in the Cloudformation template to decide on whether tocreate the S3 bucket or
  not.

Answer: A

Explanation:
Explanation
The AWS Documentation mentions the following
You might use conditions when you want to reuse a template that can create resources in different contexts,
such as a test environment versus a production environment In your template, you can add an
CnvironmentType input parameter, which accepts either prod or test as inputs. For the production
environment, you
might include Amazon CC2 instances with certain capabilities; however, for the test environment, you want to
use reduced capabilities to save money. With conditions, you can define which resources are created and how
they're configured for each environment type.
For more information on Cloudformation conditions please visit the below url
* http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/cond
itions-section-structure.htm I

NEW QUESTION # 79
An online company uses Amazon EC2 Auto Scaling extensively to provide an excellent customer experience while minimizing the number of running EC2 instances. The company's self-hosted Puppet environment in the application layer manages the configuration of the instances. The IT manager wants the lowest licensing costs and wants to ensure that whenever the EC2 Auto Scaling group scales down, removed EC2 instances are deregistered from the Puppet master as soon as possible.
How can the requirement be met?

• A. At instance launch time, use EC2 user data to deploy the AWS CodeDeploy agent. Use CodeDeploy to install the Puppet agent. When the Auto Scaling group scales out, run a script to register the newly deployed instances to the Puppet master. When the Auto Scaling group scales in, use the EC2 Auto Scaling EC2_INSTANCE_TERMINATING lifecycle hook to trigger de- registration from the Puppet master.
• B. Bake the AWS Systems Manager agent into the base AMI. When the Auto Scaling group scales out, use the AWS Systems Manager to install the Puppet agent, and run a script to register the newly deployed instances to the Puppet master. When the Auto Scaling group scales in, use the Systems Manager instance stop lifecycle hook to run a script to de-register the instance from the Puppet master.
• C. Bake the AWS CodeDeploy agent into the base AMI. When the Auto Scaling group scales out, use CodeDeploy to install the Puppet agent, and execute a script to register the newly deployed instances to the Puppet master. When the Auto Scaling group scales in, use the CodeDeploy lifecycle hook to run a script to de-register the instance from the Puppet master.
  ApplicationStop
• D. At instance launch time, use EC2 user data to deploy the AWS CodeDeploy agent. When the Auto Scaling group scales out, use CodeDeploy to install the Puppet agent, and run a script to register the newly deployed instances to the Puppet master. When the Auto Scaling group scales in, use the EC2 user data instance stop script to run a script to de-register the instance from the Puppet master.

Answer: A

Explanation:
codedeploy agent is a software package that, when installed and configured on an instance, makes it possible for that instance to be used in CodeDeploy deployments.

NEW QUESTION # 80
A rapidly growing company wants to scale for Developer demand for AWS development environments.
Development environments are created manually in the AWS Management Console. The Networking team uses AWS CloudFormation to manage the networking infrastructure, exporting stack output values for the Amazon VPC and all subnets. The development environments have common standards, such as Application Load Balancers, Amazon EC2 Auto Scaling groups, security groups, and Amazon DynamoDB tables.
To keep up with the demand, the DevOps Engineer wants to automate the creation of development environments. Because the infrastructure required to support the application is expected to grow, there must be a way to easily update the deployed infrastructure. CloudFormation will be used to create a template for the development environments.
Which approach will meet these requirements and quickly provide consistent AWS environments for Developers?

• A. Use nested stacks to define common infrastructure components. To access the exported values, use TemplateURLto reference the Networking team's template. To retrieve Virtual Private Cloud (VPC) and subnet values, use Fn::ImportValueintrinsic functions in the Parameters section of the master template. Use the CreateChangeSetand ExecuteChangeSetcommands to update existing development environments.
• B. Use Fn:ImportValueintrinsic functions in the Parameters section of the master template to retrieve Virtual Private Cloud (VPC) and subnet values. Define the development resources in the order they need to be created in the CloudFormation nested stacks. Use the CreateChangeSetand ExecuteChangeSet commands to update existing development environments.
• C. Use nested stacks to define common infrastructure components. Use Fn::ImportValueintrinsic functions with the resources of the nested stack to retrieve Virtual Private Cloud (VPC) and subnet values.
  Use the CreateChangeSetand ExecuteChangeSetcommands to update existing development environments.
• D. Use Fn:ImportValueintrinsic functions in the Resources section of the template to retrieve Virtual Private Cloud (VPC) and subnet values. Use CloudFormation StackSets for the development environments, using the Count inputparameter to indicate the number of environments needed. use the UpdateStackSetcommand to update existing development environments.

Answer: D

Explanation:
Explanation/Reference:

NEW QUESTION # 81
You have a code repository that uses Amazon S3 as a data store. During a recent audit of your security controls, some concerns were raised about maintaining the integrity of the data in the Amazon S3 bucket. Another concern was raised around securely deploying code from Amazon S3 to applications running on Amazon EC2 in a virtual private cloud.
What are some measures that you can implement to mitigate these concerns? Choose 2 answers.

• A. Use AWS Data Pipeline with multi-factor authentication to securely deploy code from the Amazon .5.3 bucket to your Amazon EC2 instances.
• B. Use a configuration management service to deploy AWS Identity and Access Management user credentials to the Amazon EC2 instances.
  Use these credentials to securely access the Amazon S3 bucket when deploying code.
• C. Add an Amazon S3 bucket policy with a condition statement that requires multi-factor authentication in order to delete objects and enable bucket versioning.
• D. Use AWS Data Pipeline to lifecycle the data in your Amazon S3 bucket to Amazon Glacier on a weekly basis.
• E. Create an Amazon Identity and Access Management role with authorization to access the Amazon 53 bucket, and launch all of your application's Amazon EC2 instances with this role.
• F. Add an Amazon S3 bucket policy with a condition statement to allow access only from Amazon EC2 instances with RFC 1918 IP addresses and enable bucket versioning.

Answer: C,E

NEW QUESTION # 82
......

Focus on AWS-DevOps All-in-One Exam Guide For Quick Preparation: https://pdfpractice.actual4dumps.com/AWS-DevOps-study-material.html