AWS-Certified-DevOps-Engineer-Professional Free Practice Test

A company uses Amazon S3 to store proprietary information. The development team creates buckets for new projects on a daily basis. The security team wants to ensure that all existing and future buckets have encryption, logging, and versioning enabled. Additionally, no buckets should ever be publicly read or write accessible.
What should a DevOps engineer do to meet these requirements?

1. A. Enable AWS CloudTrail and configure automatic remediation using AWS Lambda.
2. B. Enable AWS Config rules and configure automatic remediation using AWS Systems Manager documents.
3. C. Enable AWS Trusted Advisor and configure automatic remediation using Amazon CloudWatch Events.
4. D. Enable AWS Systems Manager and configure automatic remediation using Systems Manager documents.

Correct Answer: B

A Development team creates a build project in AWS CodeBuild. The build project invokes automated tests of modules that access AWS services.
Which of the following will enable the tests to run the MOST securely?

1. A. Generate credentials for an IAM user with a policy attached to allow the actions on AWS service
2. B. Store credentials as encrypted environment variables for the build projec
3. C. As part of the build script, obtain the credentials to run the integration tests.
4. D. Have CodeBuild run only the integration tests as a build job on a Jenkins serve
5. E. Create a role that has a policy attached to allow the actions on AWS service
6. F. Generate credentials for an IAM user that is allowed to assume the rol
7. G. Configure the credentials as secrets in Jenkins, and allow the build job to use them to run the integration tests.
8. H. Create a service role in IAM to be assumed by CodeBuild with a policy attached to allow the actions on AWS service
9. I. Configure the build project to use the role created.
10. J. Use AWS managed credential
11. K. Encrypt the credentials with AWS KM
12. L. As part of the build script, decrypt with AWS KMS and use these credentials to run the integration tests.

Correct Answer: B

After presenting a working proof of concept for a new application that uses AWS API Gateway, a Developer must set up a team development environment for the project. Due to a tight timeline, the Developer wants to minimize time spent on infrastructure setup, and would like to reuse the code repository created for the proof of concept. Currently, all source code is stored in AWS CodeCommit.
Company policy mandates having alpha, beta, and production stages with separate Jenkins servers to build code and run tests for every stage. The Development Manager must have the ability to block code propagation between admins at any time. The Security team wants to make sure that users will not be able to modify the environment without permission.
How can this be accomplished?

1. A. Create API Gateway alpha, beta, and production stage
2. B. Create a CodeCommit trigger to deploy code to the different stages using an AWS Lambda function.
3. C. Create API Gateway alpha, beta, and production stage
4. D. Create an AWS CodePipeline that pulls code from the CodeCommit repositor
5. E. Create CodePipeline actions to deploy code to the API Gateway stages.
6. F. Create Jenkins servers for the alpha, beta, and production stages on Amazon EC2 instance
7. G. Create multiple CodeCommit triggers to deploy code to different stages using an AWS Lambda function.
8. H. Create an AWS CodePipeline pipeline that pulls code from the CodeCommit repositor
9. I. Create alpha, beta, and production stages with Jenkins servers on CodePipeline.

Correct Answer: D

A company uses AWS CodePipeline to manage and deploy infrastructure as code. The infrastructure is defined in AWS CloudFormation templates and is primarily comprised of multiple Amazon EC2 instances and Amazon RDS databases. The Security team has observed many operators creating inbound security group rules with a source CIDR of 0 0 0 0/0 and would like to proactively stop the deployment of rules with open CIDRs
The DevOps Engineer will implement a predeptoyment step that runs some security checks over the CloudFormation template before the pipeline processes it. This check should allow only inbound security group rules with a source CIDR of 0.0.0.0/0 if the rule has the description "Security Approval Ref XXXXX (where XXXXX is a preallocated reference). The pipeline step should fail if this condition is not met and the deployment should be blocked
How should this be accomplished?

1. A. Enable a SCP in AWS Organization
2. B. The policy should deny access to the API call Create Security GroupRule if the rule specifies 0.0.0.0/0 without a description referencing a security approval
3. C. Add an initial stage to CodePipeline called Security Chec
4. D. This stage should call an AWS Lambda function that scans the CloudFormation template and fails the pipeline if it finds 0.0.0.0/0 in a security group without a description referencing a security approval
5. E. Create an AWS Config rule that is triggered on creation or edit of resource type EC2 SecurityGroup.This rule should call an AWS Lambda function to send a failure notification if the security group has any rules with a source CIDR of 0.0.0.0/0 without a description referencing a security approval.
6. F. Modify the IAM role used by CodePipelin
7. G. The IAM policy should deny access.

Correct Answer: B

A DevOps Engineer needs to design and implement a backup mechanism for Amazon EFS. The Engineer is given the following requirements:
*The backup should run on schedule.
*The backup should be stopped if the backup window expires.
*The backup should be stopped if the backup completes before the backup window.
*The backup logs should be retained for further analysis.
The design should support highly available and fault-tolerant paradigms.
*Administrators should be notified with backup metadata. Which design will meet these requirements?

1. A. Use AWS Lambda with an Amazon CloudWatch Events rule for scheduling the start/stop of backup activit
2. B. Run backup scripts on Amazon EC2 in an Auto Scaling grou
3. C. Use Auto Scaling lifecycle hooks and the SSM Run Command on EC2 for uploading backup logs to Amazon S3. Use Amazon SNS to notify administrators with backup activity metadata.
4. D. Use Amazon SWF with an Amazon CloudWatch Events rule for scheduling the start/stop of backup activit
5. E. Run backup scripts on Amazon EC2 in an Auto Scaling grou
6. F. Use Auto Scaling lifecycle hooks and the SSM Run Command on EC2 for uploading backup logs to Amazon Redshif
7. G. Use CloudWatch Alarms to notify administrators with backup activity metadata.
8. H. Use AWS Data Pipeline with an Amazon CloudWatch Events rule for scheduling the start/stop of backup activit
9. I. Run backup scripts on Amazon EC2 in a single Availability Zon
10. J. Use Auto Scaling lifecycle hooks and the SSM Run Command on EC2 for uploading the backup logs to Amazon RD
11. K. Use Amazon SNS to notify administrators with backup activity metadata.
12. L. Use AWS CodePipeline with an Amazon CloudWatch Events rule for scheduling the start/stop of backup activit
13. M. Run backup scripts on Amazon EC2 in a single Availability Zon
14. N. Use Auto Scaling lifecycle hooks and the SSM Run Command on Amazon EC2 for uploading backup logs to Amazon S3. Use Amazon SES to notify admins with backup activity metadata.

Correct Answer: A
https://docs.aws.amazon.com/efs/latest/ug/alternative-efs-backup.html