AWS-Certified-DevOps-Engineer-Professional Free Practice Test

A company has an application that runs on AWS Lambda and sends logs to Amazon CloudWatch Logs. An Amazon Kinesis data stream is subscribed to the log groups in CloudWatch Logs. A single consumer Lambda function processes the logs from the data stream and stores the logs in an Amazon S3 bucket.
The company's DevOps team has noticed high latency during the processing and ingestion of some logs.
Which combination of steps will reduce the latency? (Select THREE.)

1. A. Create a data stream consumer with enhanced fan-ou
2. B. Set the Lambda function that processes the logs as the consumer.
3. C. Increase the ParallelizationFactor setting in the Lambda event source mapping.
4. D. Configure reserved concurrency for the Lambda function that processes the logs.
5. E. Increase the batch size in the Kinesis data stream.
6. F. Turn off the ReportBatchltemFailures setting in the Lambda event source mapping.
7. G. Increase the number of shards in the Kinesis data stream.

Correct Answer: ABC
The latency in processing and ingesting logs can be caused by several factors, such as the throughput of the Kinesis data stream, the concurrency of the Lambda function, and the configuration of the event source mapping. To reduce the latency, the following steps can be taken:
✑ Create a data stream consumer with enhanced fan-out. Set the Lambda function that processes the logs as the consumer. This will allow the Lambda function to receive records from the data stream with dedicated throughput of up to 2 MB per second per shard, independent of other consumers1. This will reduce the contention and delay in accessing the data stream.
✑ Increase the ParallelizationFactor setting in the Lambda event source mapping. This will allow the Lambda service to invoke more instances of the function concurrently to process the records from the data stream2. This will increase the processing capacity and reduce the backlog of records in the data stream.
✑ Configure reserved concurrency for the Lambda function that processes the logs. This will ensure that the function has enough concurrency available to handle the increased load from the data stream3. This will prevent the function from being throttled by the account-level concurrency limit.
The other options are not effective or may have negative impacts on the latency. Option D is not suitable because increasing the batch size in the Kinesis data stream will increase the amount of data that the Lambda function has to process in each invocation, which may increase the execution time and latency4. Option E is not advisable because turning off the ReportBatchItemFailures setting in the Lambda event source mapping will prevent the Lambda service from retrying the failed records, which may result in data loss. Option F is not necessary because increasing the number of shards in the Kinesis data stream will increase the throughput of the data stream, but it will not affect the processing speed of the Lambda function, which is the bottleneck in this scenario.
References:
✑ 1: Using AWS Lambda with Amazon Kinesis Data Streams - AWS Lambda
✑ 2: AWS Lambda event source mappings - AWS Lambda
✑ 3: Managing concurrency for a Lambda function - AWS Lambda
✑ 4: AWS Lambda function scaling - AWS Lambda
✑ : AWS Lambda event source mappings - AWS Lambda
✑ : Scaling Amazon Kinesis Data Streams with AWS CloudFormation - Amazon Kinesis Data Streams

A company is migrating its on-premises Windows applications and Linux applications to AWS. The company will use automation to launch Amazon EC2 instances to mirror the on- premises configurations. The migrated applications require access to shared storage that uses SMB for Windows and NFS for Linux.
The company is also creating a pilot light disaster recovery (DR) environment in another AWS Region. The company will use automation to launch and configure the EC2 instances in the DR Region. The company needs to replicate the storage to the DR Region.
Which storage solution will meet these requirements?

1. A. Use Amazon S3 for the application storag
2. B. Create an S3 bucket in the primary Region and an S3 bucket in the DR Regio
3. C. Configure S3 Cross-Region Replication (CRR) from the primary Region to the DR Region.
4. D. Use Amazon Elastic Block Store (Amazon EBS) for the application storag
5. E. Create a backup plan in AWS Backup that creates snapshots of the EBS volumes that are in the primary Region and replicates the snapshots to the DR Region.
6. F. Use a Volume Gateway in AWS Storage Gateway for the application storag
7. G. Configure Cross-Region Replication (CRR) of the Volume Gateway from the primary Region to the DR Region.
8. H. Use Amazon FSx for NetApp ONTAP for the application storag
9. I. Create an FSx for ONTAP instance in the DR Regio
10. J. Configure NetApp SnapMirror replication from the primary Region to the DR Region.

Correct Answer: D
To meet the requirements of migrating its on-premises Windows and Linux applications to AWS and creating a pilot light DR environment in another AWS Region, the company should use Amazon FSx for NetApp ONTAP for the application storage. Amazon FSx for NetApp ONTAP is a fully managed service that provides highly reliable, scalable, high- performing, and feature-rich file storage built on NetApp’s popular ONTAP file system. FSx for ONTAP supports multiple protocols, including SMB for Windows and NFS for Linux, so the company can access the shared storage from both types of applications. FSx for ONTAP also supports NetApp SnapMirror replication, which enables the company to replicate the storage to the DR Region. NetApp SnapMirror replication is efficient, secure, and incremental, and it preserves the data deduplication and compression benefits of FSx for ONTAP. The company can use automation to launch and configure the EC2 instances in the DR Region and then use NetApp SnapMirror to restore the data from the primary Region.
The other options are not correct because they do not meet the requirements or follow best practices. Using Amazon S3 for the application storage is not a good option because S3 is an object storage service that does not support SMB or NFS protocols natively. The company would need to use additional services or software to mount S3 buckets as file systems, which would add complexity and cost. Using Amazon EBS for the application storage is also not a good option because EBS is a block storage service that does not support SMB or NFS protocols natively. The company would need to set up and manage file servers on EC2 instances to provide shared access to the EBS volumes, which would add overhead and maintenance. Using a Volume Gateway in AWS Storage Gateway for the application storage is not a valid option because Volume Gateway does not support SMB protocol. Volume Gateway only supports iSCSI protocol, which means that only Linux applications can access the shared storage.
References:
✑ 1: What is Amazon FSx for NetApp ONTAP? - FSx for ONTAP
✑ 2: Amazon FSx for NetApp ONTAP
✑ 3: Amazon FSx for NetApp ONTAP | NetApp
✑ 4: AWS Announces General Availability of Amazon FSx for NetApp ONTAP
✑ : Replicating Data with NetApp SnapMirror - FSx for ONTAP
✑ : What Is Amazon S3? - Amazon Simple Storage Service
✑ : What Is Amazon Elastic Block Store (Amazon EBS)? - Amazon Elastic Compute Cloud
✑ : What Is AWS Storage Gateway? - AWS Storage Gateway

A company manages multiple AWS accounts in AWS Organizations. The company's security policy states that AWS account root user credentials for member accounts must not be used. The company monitors access to the root user credentials.
A recent alert shows that the root user in a member account launched an Amazon EC2 instance. A DevOps engineer must create an SCP at the organization's root level that will prevent the root user in member accounts from making any AWS service API calls.
Which SCP will meet these requirements?
A)

B)

C)

D)

1. A. Option A
2. B. Option B
3. C. Option C
4. D. Option D

Correct Answer: D

A company’s security team requires that all external Application Load Balancers (ALBs) and Amazon API Gateway APIs are associated with AWS WAF web ACLs. The company
has hundreds of AWS accounts, all of which are included in a single organization in AWS Organizations. The company has configured AWS Config for the organization. During an audit, the company finds some externally facing ALBs that are not associated with AWS WAF web ACLs.
Which combination of steps should a DevOps engineer take to prevent future violations? (Choose two.)

1. A. Delegate AWS Firewall Manager to a security account.
2. B. Delegate Amazon GuardDuty to a security account.
3. C. Create an AWS Firewall Manager policy to attach AWS WAF web ACLs to any newly created ALBs and API Gateway APIs.
4. D. Create an Amazon GuardDuty policy to attach AWS WAF web ACLs to any newly created ALBs and API Gateway APIs.
5. E. Configure an AWS Config managed rule to attach AWS WAF web ACLs to any newly created ALBs and API Gateway APIs.

Correct Answer: AC
If instead you want to automatically apply the policy to existing in-scope resources, choose Auto remediate any noncompliant resources. This option creates a web ACL in each applicable account within the AWS organization and associates the web ACL with the resources in the accounts. When you choose Auto remediate any noncompliant resources, you can also choose to remove existing web ACL associations from in-scope resources, for the web ACLs that aren't managed by another active Firewall Manager policy. If you choose this option, Firewall Manager first associates the policy's web ACL with the resources, and then removes the prior associations. If a resource has an association with another web ACL that's managed by a different active Firewall Manager policy, this choice doesn't affect that association.

A company has an application that includes AWS Lambda functions. The Lambda functions run Python code that is stored in an AWS CodeCommit repository. The company has recently experienced failures in the production environment because of an error in the Python code. An engineer has written unit tests for the Lambda functions to help avoid releasing any future defects into the production environment.
The company's DevOps team needs to implement a solution to integrate the unit tests into an existing AWS CodePipeline pipeline. The solution must produce reports about the unit tests for the company to view.
Which solution will meet these requirements?

1. A. Associate the CodeCommit repository with Amazon CodeGuru Reviewe
2. B. Create a new AWS CodeBuild projec
3. C. In the CodePipeline pipeline, configure a test stage that uses the new CodeBuild projec
4. D. Create a buildspec.yml file in the CodeCommit repositor
5. E. In the buildspec.yml file, define the actions to run a CodeGuru review.
6. F. Create a new AWS CodeBuild projec
7. G. In the CodePipeline pipeline, configure a test stage that uses the new CodeBuild projec
8. H. Create a CodeBuild report grou
9. I. Create a buildspec.yml file in the CodeCommit repositor
10. J. In the buildspec.yml file, define the actions to run the unit tests with an output of JUNITXML in the build phase section.Configure the test reports to be uploaded to the new CodeBuild report group.
11. K. Create a new AWS CodeArtifact repositor
12. L. Create a new AWS CodeBuild projec
13. M. In the CodePipeline pipeline, configure a test stage that uses the new CodeBuild projec
14. N. Create an appspec.yml file in the original CodeCommit repositor
15. O. In the appspec.yml file, define the actions to run the unit tests with an output of CUCUMBERJSON in the build phase sectio
16. P. Configure the tests reports to be sent to the new CodeArtifact repository.
17. Q. Create a new AWS CodeBuild projec
18. R. In the CodePipeline pipeline, configure a test stage that uses the new CodeBuild projec
19. S. Create a new Amazon S3 bucke
20. T. Create a buildspec.yml file in the CodeCommit repositor
21. . In the buildspec.yml file, define the actions to run the unit tests with an output of HTML in the phases sectio
22. . In the reports section, upload the test reports to the S3 bucket.

Correct Answer: B
The correct answer is B. Creating a new AWS CodeBuild project and configuring a test stage in the AWS CodePipeline pipeline that uses the new CodeBuild project is the best way to integrate the unit tests into the existing pipeline. Creating a CodeBuild report group and uploading the test reports to the new CodeBuild report group will produce reports about the unit tests for the company to view. Using JUNITXML as the output format for the unit tests is supported by CodeBuild and will generate a valid report. Option A is incorrect because Amazon CodeGuru Reviewer is a service that provides automated code reviews and recommendations for improving code quality and performance. It is not a tool for running unit tests or producing test reports. Therefore, option A will not meet the requirements.
Option C is incorrect because AWS CodeArtifact is a service that provides secure, scalable, and cost-effective artifact management for software development. It is not a tool for running unit tests or producing test reports. Moreover, option C uses CUCUMBERJSON as the output format for the unit tests, which is not supported by CodeBuild and will not generate a valid report.
Option D is incorrect because uploading the test reports to an Amazon S3 bucket is not the best way to produce reports about the unit tests for the company to view. CodeBuild has a built-in feature to create and manage test reports, which is more convenient and efficient than using S3. Furthermore, option D uses HTML as the output format for the unit tests, which is not supported by CodeBuild and will not generate a valid report.