AWS-Certified-DevOps-Engineer-Professional Free Practice Test

A DevOps team is merging code revisions for an application that uses an Amazon RDS Multi-AZ DB cluster for its production database. The DevOps team uses continuous integration to periodically verify that the application works. The DevOps team needs to test the changes before the changes are deployed to the production database.
Which solution will meet these requirements'?

1. A. Use a buildspec file in AWS CodeBuild to restore the DB cluster from a snapshot of the production database run integration tests, and drop the restored database after verification.
2. B. Deploy the application to productio
3. C. Configure an audit log of data control language (DCL) operations to capture database activities to perform if verification fails.
4. D. Create a snapshot of the DB duster before deploying the application Use the Update requires Replacement property on the DB instance in AWS CloudFormation to deploy the application and apply the changes.
5. E. Ensure that the DB cluster is a Multi-AZ deploymen
6. F. Deploy the application with the update
7. G. Fail over to the standby instance if verification fails.

Correct Answer: A
This solution will meet the requirements because it will create a temporary copy of the production database using a snapshot, run the integration tests on the copy, and delete the copy after the tests are done. This way, the production database will not be affected by the code revisions, and the DevOps team can test the changes before deploying them to production. A buildspec file is a YAML file that contains the commands and settings that CodeBuild uses to run a build1. The buildspec file can specify the steps to restore the DB cluster from a snapshot, run the integration tests, and drop the restored database2

A company has enabled all features for its organization in AWS Organizations. The organization contains 10 AWS accounts. The company has turned on AWS CloudTrail in all the accounts. The company expects the number of AWS accounts in the organization to increase to 500 during the next year. The company plans to use multiple OUs for these accounts.
The company has enabled AWS Config in each existing AWS account in the organization.
A DevOps engineer must implement a solution that enables AWS Config automatically for all future AWS accounts that are created in the organization.
Which solution will meet this requirement?

1. A. In the organization's management account, create an Amazon EventBridge rule that reacts to a CreateAccount API cal
2. B. Configure the rule to invoke an AWS Lambda function that enables trusted access to AWS Config for the organization.
3. C. In the organization's management account, create an AWS CloudFormation stack set to enable AWS Confi
4. D. Configure the stack set to deploy automatically when an account is created through Organizations.
5. E. In the organization's management account, create an SCP that allows the appropriate AWS Config API calls to enable AWS Confi
6. F. Apply the SCP to the root-level OU.
7. G. In the organization's management account, create an Amazon EventBridge rule that reacts to a CreateAccount API cal
8. H. Configure the rule to invoke an AWS Systems Manager Automation runbook to enable AWS Config for the account.

Correct Answer: B
https://aws.amazon.com/about-aws/whats-new/2020/02/aws-cloudformation- stacksets-introduces-automatic-deployments-across-accounts-and-regions-through-aws- organizations/

A company uses Amazon S3 to store proprietary information. The development team creates buckets for new projects on a daily basis. The security team wants to ensure that all existing and future buckets have encryption logging and versioning enabled. Additionally, no buckets should ever be publicly read or write accessible.
What should a DevOps engineer do to meet these requirements?

1. A. Enable AWS CloudTrail and configure automatic remediation using AWS Lambda.
2. B. Enable AWS Conflg rules and configure automatic remediation using AWS Systems Manager documents.
3. C. Enable AWS Trusted Advisor and configure automatic remediation using Amazon EventBridge.
4. D. Enable AWS Systems Manager and configure automatic remediation using Systems Manager documents.

Correct Answer: B
https://aws.amazon.com/blogs/mt/aws-config-auto-remediation-s3- compliance/ https://aws.amazon.com/blogs/aws/aws-config-rules-dynamic-compliance- checking-for-cloud-resources/

A development team wants to use AWS CloudFormation stacks to deploy an application. However, the developer IAM role does not have the required permissions to provision the resources that are specified in the AWS CloudFormation template. A DevOps engineer needs to implement a solution that allows the developers to deploy the stacks. The solution must follow the principle of least privilege.
Which solution will meet these requirements?

1. A. Create an IAM policy that allows the developers to provision the required resource
2. B. Attach the policy to the developer IAM role.
3. C. Create an IAM policy that allows full access to AWS CloudFormatio
4. D. Attach the policy to the developer IAM role.
5. E. Create an AWS CloudFormation service role that has the required permission
6. F. Grant the developer IAM role a cloudformation:* actio
7. G. Use the new service role during stack deployments.
8. H. Create an AWS CloudFormation service role that has the required permission
9. I. Grant the developer IAM role the iam:PassRole permissio
10. J. Use the new service role during stack deployments.

Correct Answer: D
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-servicerole.html

A DevOps engineer is setting up a container-based architecture. The engineer has decided to use AWS CloudFormation to automatically provision an Amazon ECS cluster and an Amazon EC2 Auto Scaling group to launch the EC2 container instances. After successfully creating the CloudFormation stack, the engineer noticed that, even though the ECS cluster and the EC2 instances were created successfully and the stack finished the creation, the EC2 instances were associating with a different cluster.
How should the DevOps engineer update the CloudFormation template to resolve this issue?

1. A. Reference the EC2 instances in the AWS: ECS: Cluster resource and reference the ECS cluster in the AWS: ECS: Service resource.
2. B. Reference the ECS cluster in the AWS: AutoScaling: LaunchConfiguration resource of the UserData property.
3. C. Reference the ECS cluster in the AWS:EC2: lnstance resource of the UserData property.
4. D. Reference the ECS cluster in the AWS: CloudFormation: CustomResource resource to trigger an AWS Lambda function that registers the EC2 instances with the appropriate ECS cluster.

Correct Answer: B
The UserData property of the AWS: AutoScaling: LaunchConfiguration resource can be used to specify a script that runs when the EC2 instances are launched. This script can include the ECS cluster name as an environment variable for the ECS agent running on the EC2 instances. This way, the EC2 instances will register with the correct ECS cluster. Option A is incorrect because the AWS: ECS: Cluster resource does not have a property to reference the EC2 instances. Option C is incorrect because the EC2 instances are launched by the Auto Scaling group, not by the AWS: EC2: Instance resource. Option D is incorrect because using a custom resource and a Lambda function is unnecessary and overly complex for this
scenario. References: AWS::AutoScaling::LaunchConfiguration, Amazon ECS Container Agent Configuration