AWS-Certified-DevOps-Engineer-Professional Free Practice Test

A DevOps Engineer is responsible for the deployment of a PHP application. The Engineer is working in a hybrid deployment, with the application running on both on-premises servers and Amazon EC2 instances. The application needs access to a database containing highly confidential information. Application instances need access to database credentials, which must be encrypted at rest and in transit before reaching the instances.
How should the Engineer automate the deployment process while also meeting the security requirements?

1. A. Use AWS Elastic Beanstalk with a PHP platform configuration to deploy application packages to theinstance
2. B. Store database credentials on AWS Systems Manager Parameter Store using the Secure String data typ
3. C. Define an IAM role for Amazon EC2 allowing access, and decrypt only the database credential
4. D. Associate this role to all the instances.
5. E. Use AWS CodeDeploy to deploy application packages to the instance
6. F. Store database credentials on AWS Systems Manager Parameter Store using the Secure String data typ
7. G. Define an IAM policy for allowing access, and decrypt only the database credential
8. H. Attach the IAM policy to the role associated to the instance profile for CodeDeploy-managed instances, and to the role used for on-premises instances registration on CodeDeploy.
9. I. Use AWS CodeDeploy to deploy application packages to the instance
10. J. Store database credentials on AWS Systems Manager Parameter Store using the Secure String data typ
11. K. Define an IAM role with an attached policy that allows decryption of the database credential
12. L. Associate this role to all the instances and on-premises servers.
13. M. Use AWS CodeDeploy to deploy application packages to the instance
14. N. Store database credentials in the AppSpec fil
15. O. Define an IAM policy for allowing access to only the database credential
16. P. Attach the IAM policy to the role associated to the instance profile for CodeDeploy-managed instances and the role used for on-premises instances registration on CodeDeploy

Correct Answer: B

An education company has a Docker-based application running on multiple Amazon EC2 instances in an Amazon ECS cluster. When deploying a new version of the application, the Developer, pushes a new image to a private Docker container registry, and then stops and starts all tasks to ensure that they all have the latest version of the application. The Developer discovers that the new tasks are occasionally running with an old image.
How can this issue be prevented?

1. A. After pushing the new image, restart ECS Agent, and then start the tasks.
2. B. Use "latest" for the Docker image tag in the task definition.
3. C. Update the digest on the task definition when pushing the new image.
4. D. Use Amazon ECR for a Docker container registry.

Correct Answer: C

A company is adopting AWS CodeDeploy to automate its application deployments for a Java-Apache Tomcat application with an Apache webserver. The
Development team started with a proof of concept, created a deployment group for a developer environment, and performed functional tests within the application.
After completion, the team will create additional deployment groups for staging and production
The current log level is configured within the Apache settings, but the team wants to change this configuration dynamically when the deployment occurs, so that they can set different log level configurations depending on the deployment group without having a different application revision for each group.
How can these requirements be met with the LEAST management overhead and without requiring different script versions for each deployment group?

1. A. Tag the Amazon EC2 instances depending on the deployment grou
2. B. Then place a script into the application revision that calls the metadata service and the EC2 API to identify which deployment group the instance is part o
3. C. Use this information to configure the log level setting
4. D. Reference the script as part of the Afterinstall lifecycle hook in the appspec.yml file.
5. E. Create a script that uses the CodeDeploy environment variable DEPLOYMENT_GROUP_NAME to identify which deployment group the instances is part o
6. F. Use this information to configure the log level setting
7. G. Reference this script as part of the BeforeInstall lifecycle hook in the appspec.yml file
8. H. Create a CodeDeploy custom environment variable for each environmen
9. I. Then place a script into the application revision that checks this environment variable to identify which deployment group the instance is part o
10. J. Use this information to configure the log level setting
11. K. Reference this script as part of the ValidateService lifecycle hook in the appspec.yml file.
12. L. Create a script that uses the CodeDeploy environment variable DEPLOYMENT_GROUP_ID to identify which deployment group the instance is part of to configure the log level setting
13. M. Reference this script as part of the Install lifecycle hook in the appspec.yml file.

Correct Answer: B
https://docs.aws.amazon.com/codedeploy/latest/userguide/reference-appspec-file-structure-hooks.html

A company develops and maintains a web application using Amazon EC2 instances and an Amazon RDS for SQL Server DB instance in a single Availability Zone The resources need to run only when new deployments are being tested using AWS CodePipeline. Testing occurs one or more times a week and each test takes 2-3 hours to run. A DovOps engineer wants a solution that does not change the architecture components.
Which solution will meet these requirements in the MOST cost-effective manner?

1. A. Convert the RDS database to an Amazon Aurora Serverless database Use an AWS Lambda function to start and stop the EC2 instances before and after tests
2. B. Put the EC2 instances into an Auto Scaling grou
3. C. Schedule scaling to run at the start of the deployment tests.
4. D. Replace the EC2 instances with EC2 Spot Instances and the RDS database with an RDS Reserved Instance.
5. E. Subscribe Amazon CloudWatch Events to CodePipeline to trigger AWS Systems Manager Automation documents that start and stop all EC2 and RDS instances before and after deployment tests.

Correct Answer: A

A company must ensure consistent behavior of an application running on Amazon Linux in its corporate
ecosystem before moving into AWS. The company has an existing automated server build system using VMware. The goal is to demonstrate the functionality of the application and its prerequisites on the new target operating system.
The DevOps Engineer needs to use the existing corporate server pipeline and virtualization software to create a server image. The server image will be tested on- premises to resemble the build on Amazon EC2 as closely as possible.
How can this be accomplished?

1. A. Download and integrate the latest ISO of CentOS 7 and execute the application deployment on the resulting server.
2. B. Launch an Amazon Linux AMI using an AWS OpsWorks deployment agent onto the on-premises infrastructure, then execute the application deployment.
3. C. Build an EC2 instance with the latest Amazon Linux operating system, and use the AWS Import/Export service to export the EC2 image to a VMware ISO in Amazon S3. Then import the resulting ISO onto the on-premises system.
4. D. Download and integrate the latest ISO of Amazon Linux 2 and execute the application deployment on the resulting serve
5. E. Confirm that operating system testing results are consistent with EC2 operating system behavior.

Correct Answer: D