Amazon AWS DevOps Engineer Professional Exam Practice Questions (P. 1)
- Full Access (208 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #1
A company wants to migrate its content sharing web application hosted on Amazon EC2 to a serverless architecture. The company currently deploys changes to its application by creating a new Auto Scaling group of EC2 instances and a new Elastic Load Balancer, and then shifting the traffic away using an Amazon Route
53 weighted routing policy.
For its new serverless application, the company is planning to use Amazon API Gateway and AWS Lambda. The company will need to update its deployment processes to work with the new application. It will also need to retain the ability to test new features on a small number of users before rolling the features out to the entire user base.
Which deployment strategy will meet these requirements?
53 weighted routing policy.
For its new serverless application, the company is planning to use Amazon API Gateway and AWS Lambda. The company will need to update its deployment processes to work with the new application. It will also need to retain the ability to test new features on a small number of users before rolling the features out to the entire user base.
Which deployment strategy will meet these requirements?
- AUse AWS CDK to deploy API Gateway and Lambda functions. When code needs to be changed, update the AWS CloudFormation stack and deploy the new version of the APIs and Lambda functions. Use a Route 53 failover routing policy for the canary release strategy.
- BUse AWS CloudFormation to deploy API Gateway and Lambda functions using Lambda function versions. When code needs to be changed, update the CloudFormation stack with the new Lambda code and update the API versions using a canary release strategy. Promote the new version when testing is complete.Most Voted
- CUse AWS Elastic Beanstalk to deploy API Gateway and Lambda functions. When code needs to be changed, deploy a new version of the API and Lambda functions. Shift traffic gradually using an Elastic Beanstalk blue/green deployment.
- DUse AWS OpsWorks to deploy API Gateway in the service layer and Lambda functions in a custom layer. When code needs to be changed, use OpsWorks to perform a blue/green deployment and shift traffic gradually.
Correct Answer:
B
B

For migrating a content sharing web application to a serverless architecture with the need for a phased feature rollout, AWS CloudFormation combined with Lambda function versions and a canary release strategy is optimal. This setup allows for controlled and gradual updates, enabling testing on a subset of users before full deployment. Other methods like blue/green might seem similar but differ subtly in deployment automation and traffic shifting strategy, making the CloudFormation method more aligned with requirements for incremental and reversible updates in a serverless environment.
send
light_mode
delete
Question #2
A company's application is currently deployed to a single AWS Region. Recently, the company opened a new office on a different continent. The users in the new office are experiencing high latency. The company's application runs on Amazon EC2 instances behind an Application Load Balancer (ALB) and uses Amazon
DynamoDB as the database layer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. A DevOps Engineer is tasked with minimizing application response times and improving availability for users in both Regions.
Which combination of actions should be taken to address the latency issues? (Choose three.)
DynamoDB as the database layer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. A DevOps Engineer is tasked with minimizing application response times and improving availability for users in both Regions.
Which combination of actions should be taken to address the latency issues? (Choose three.)
- ACreate a new DynamoDB table in the new Region with cross-Region replication enabled.
- BCreate new ALB and Auto Scaling group global resources and configure the new ALB to direct traffic to the new Auto Scaling group.
- CCreate new ALB and Auto Scaling group resources in the new Region and configure the new ALB to direct traffic to the new Auto Scaling group.Most Voted
- DCreate Amazon Route 53 records, health checks, and latency-based routing policies to route to the ALB.Most Voted
- ECreate Amazon Route 53 aliases, health checks, and failover routing policies to route to the ALB.
- FConvert the DynamoDB table to a global table.Most Voted
Correct Answer:
CDF
CDF

Creating a new Application Load Balancer and EC2 Auto Scaling group exclusively in the new region ensures application deployment closer to the users, decreasing latency significantly due to geographical proximity. Enabling Amazon Route 53's latency-based routing helps in routing user requests to the nearest ALB, enhancing response times based on geographical conditions. Lastly, transforming the existing DynamoDB table into a global table allows for data replication across multiple regions, ensuring faster access to the database from any location, and thus supporting a consistent, low-latency experience for users across different continents.
send
light_mode
delete
Question #3
A DevOps engineer used an AWS CloudFormation custom resource to set up AD Connector. The AWS Lambda function executed and created AD Connector, but
CloudFormation is not transitioning from CREATE_IN_PROGRESS to CREATE_COMPLETE.
Which action should the engineer take to resolve this issue?
CloudFormation is not transitioning from CREATE_IN_PROGRESS to CREATE_COMPLETE.
Which action should the engineer take to resolve this issue?
- AEnsure the Lambda function code has exited successfully.
- BEnsure the Lambda function code returns a response to the pre-signed URL.Most Voted
- CEnsure the Lambda function IAM role has cloudformation:UpdateStack permissions for the stack ARN.
- DEnsure the Lambda function IAM role has ds:ConnectDirectory permissions for the AWS account.
Correct Answer:
B
B

To resolve the issue where AWS CloudFormation is stuck in the CREATE_IN_PROGRESS state after executing a Lambda function for AD Connector setup, it's essential that the Lambda function sends a response back to the pre-signed URL provided by CloudFormation. This step signals CloudFormation that the custom resource creation either succeeded or failed, allowing the stack operation to proceed to completion. Not returning a response will indefinitely halt the transition to CREATE_COMPLETE. This is crucial for any Lambda function utilized as a custom resource in CloudFormation to manage stack state transitions effectively.
send
light_mode
delete
Question #4
A company plans to stop using Amazon EC2 key pairs for SSH access, and instead plans to use AWS Systems Manager Session Manager. To further enhance security, access to Session Manager must take place over a private network only.
Which combinations of actions will accomplish this? (Choose two.)
Which combinations of actions will accomplish this? (Choose two.)
- AAllow inbound access to TCP port 22 in all associated EC2 security groups from the VPC CIDR range.
- BAttach an IAM policy with the necessary Systems Manager permissions to the existing IAM instance profile.Most Voted
- CCreate a VPC endpoint for Systems Manager in the desired Region.Most Voted
- DDeploy a new EC2 instance that will act as a bastion host to the rest of the EC2 instance fleet.
- ERemove any default routes in the associated route tables.
Correct Answer:
BC
BC

When transitioning from using Amazon EC2 key pairs to AWS Systems Manager Session Manager for SSH access, it is critical to ensure secure and private connections. Attaching an IAM policy with the necessary Systems Manager permissions to the IAM instance profile associated with EC2 instances (Option B) and creating a VPC endpoint for Systems Manager in the desired region (Option C) are effective measures. The IAM policy enables proper authorization for Session Manager, while the VPC endpoint facilitates private network connectivity to AWS services without the need for an internet gateway, ensuring that the access remains confined to the private network.
send
light_mode
delete
Question #5
A company runs an application with an Amazon EC2 and on-premises configuration. A DevOps Engineer needs to standardize patching across both environments. Company policy dictates that patching only happens during non-business hours.
Which combination of actions will meet these requirements? (Choose three.)
Which combination of actions will meet these requirements? (Choose three.)
- AAdd the physical machines into AWS Systems Manager using Systems Manager Hybrid Activations.Most Voted
- BAttach an IAM role to the EC2 instances, allowing them to be managed by AWS Systems Manager.Most Voted
- CCreate IAM access keys for the on-premises machines to interact with AWS Systems Manager.
- DExecute an AWS Systems Manager Automation document to patch the systems every hour.
- EUse Amazon CloudWatch Events scheduled events to schedule a patch window.
- FUse AWS Systems Manager Maintenance Windows to schedule a patch window.Most Voted
Correct Answer:
ABF
ABF

The correct setup for standardized patch management across both EC2 and on-premises systems within the stipulated non-business hour policy involves using AWS Systems Manager. For EC2 instances, attaching an IAM role is essential for management permission. On-premises machines must be integrated into Systems Manager through Hybrid Activations. To adhere to the company's patching policy, scheduling should utilize Maintenance Windows in Systems Manager, which allows specifying non-business hours for operations. This combination ensures seamless, uniform patch management aligned with best security practices.
send
light_mode
delete
All Pages