AWS-Certified-DevOps-Engineer-Professional Free Practice Test

A company has several AWS accounts. The accounts are shared and used across multiple teams globally, primarily for Amazon EC2 instances. Each EC2 instance has tags for team, environment, and cost center to ensure accurate cost allocations.
How should a DevOps Engineer help the teams audit their costs and automate infrastructure cost optimization across multiple shared environments and accounts?

1. A. Set up a scheduled script on the EC2 instances to report utilization and store the instances in an Amazon DynamoDB tabl
2. B. Create a dashboard in Amazon QuickSight with DynamoDB as the source data to find underutilized instance
3. C. Set up triggers from Amazon QuickSight in AWS Lambda to reduce underutilized instances.
4. D. Create a separate Amazon CloudWatch dashboard for EC2 instance tags based on cost center, environment, and team, and publish the instance tags out using unique links for each tea
5. E. For each team, set up a CloudWatch Events rule with the CloudWatch dashboard as the source, and set up a trigger to initiate an AWS Lambda function to reduce underutilized instances.
6. F. Create an Amazon CloudWatch Events rule with AWS Trusted Advisor as the source for low utilization EC2 instance
7. G. Trigger an AWS Lambda function that filters out reported data based on tags for each team, environment, and cost center, and store the Lambda function in Amazon S3. Set up a second trigger to initiate a Lambda function to reduce underutilized instances.
8. H. Use AWS Systems Manager to track instance utilization and report underutilized instances to Amazon CloudWatc
9. I. Filter data in CloudWatch based on tags for team, environment, and cost cente
10. J. Set up triggers from CloudWatch into AWS Lambda to reduce underutilized instances

Correct Answer: C
https://github.com/aws/Trusted-Advisor-Tools/tree/master/LowUtilizationEC2Instances https://docs.aws.amazon.com/quicksight/latest/user/supported-data-sources.html

A company runs a production application workload in a single AWS account that uses Amazon Route 53, AWS Elastic Beanstalk, and Amazon RDS. In the event of a security incident, the Security team wants the application workload to fail over to a new AWS account. The Security team also wants to block all access to the original account immediately, with no access to any AWS resources in the original AWS account, during forensic analysis.
What is the most cost-effective way to prepare to fail over to the second account prior to a security incident?

1. A. Migrate the Amazon Route 53 configuration to a dedicated AWS accoun
2. B. Mirror the Elastic Beanstalk configuration in a different accoun
3. C. Enable RDS Database Read Replicas in a different account.
4. D. Migrate the Amazon Route 53 configuration to a dedicated AWS accoun
5. E. Save/copy the Elastic Beanstalk configuration files in a different AWS accoun
6. F. Copy snapshots of the RDS Database to a different account.
7. G. Save/copy the Amazon Route 53 configurations for use in a different AWS account after an incident.Save/copy Elastic Beanstalk configuration files to a different accoun
8. H. Enable the RDS database read replica in a different account.
9. I. Save/copy the Amazon Route 53 configurations for use in a different AWS account after an incident.Mirror the configuration of Elastic Beanstalk in a different accoun
10. J. Copy snapshots of the RDS database to a different account.

Correct Answer: B

A DevOps Engineer is reviewing a system that uses Amazon EC2 instances in an Auto Scaling group. This system uses a configuration management tool that runs locally on each EC2 instance. Because of the volatility of the application load, new instances must be fully functional within 3 minutes of entering a running state. Current setup tasks include:
* Installing the configuration management agent – 2 minutes
* Installing the application framework – 15 minutes
* Copying configuration data from Amazon S3 – 2 minutes
* Running the configuration management agent to configure instances – 1 minute
* Deploying the application code from Amazon S3 – 2 minutes
How should the Engineer set up system so it meets the launch time requirement?

1. A. Trigger an AWS Lambda function from an Amazon CloudWatch Events rule when a new EC2 instance launche
2. B. Have the function install the configuration management agent and the application framework, pull configuration data from Amazon S3, run the agent to configure the instance, and deploy the application from S3.
3. C. Write a bootstrap script to install the configuration management agent, install and the application framework, pull configuration data from Amazon S3, run the agent to configure the instance, and deploy the application from S3.
4. D. Build a custom AMI that includes the configuration management agent and application framework.Write a bootstrap script to pull configuration data from Amazon S3, run the agent to configure the instance, and deploy the application from S3.
5. E. Build a custom AMI that includes the configuration management agent, application framework, and configuration dat
6. F. Write a bootstrap script to run the agent to configure the instance and deploy the application from Amazon S3.

Correct Answer: D

A company has deployed several applications globally. Recently, Security Auditors found that few Amazon EC2 instances were launched without Amazon EBS disk encryption. The Auditors have requested a report detailing all EBS volumes that were not encrypted in multiple AWS accounts and regions. They also want to be notified whenever this occurs in future.
How can this be automated with the LEAST amount of operational overhead?

1. A. Create an AWS Lambda function to set up an AWS Config rule on all the target account
2. B. Use AWS Config aggregators to collect data from multiple accounts and region
3. C. Export the aggregated report to an Amazon S3 bucket and use Amazon SNS to deliver the notifications.
4. D. Set up AWS CloudTrail to deliver all events to an Amazon S3 bucket in a centralized accoun
5. E. Use the S3 event notification feature to invoke an AWS Lambda function to parse AWS CloudTrail logs whenever logs are delivered to the S3 bucke
6. F. Publish the output to an Amazon SNS topic using the same Lambda function.
7. G. Create an AWS CloudFormation template that adds an AWS Config managed rule for EBS encryption.Use a CloudFormation stack set to deploy the template across all accounts and region
8. H. Store consolidated evaluation results from config rules in Amazon S3. Send a notification using Amazon SNS when non- compliant resources are detected.
9. I. Using AWS CLI, run a script periodically that invokes the aws ec2 describe-volumes query with a JMESPATH query filte
10. J. Then, write the output to an Amazon S3 bucke
11. K. Set up an S3 event notification to send events using Amazon SNS when new data is written to the S3 bucket.

Correct Answer: C
https://aws.amazon.com/blogs/aws/aws-config-update-aggregate-compliance-data-across-accounts-regions/ https://docs.aws.amazon.com/config/latest/developerguide/aws-config-managed-rules-cloudformation-templates

A legacy web application stores access logs in a proprietary text format. One of the security requirements is to search application access events and correlate them with access data from many different systems. These searches should be near-real time.
Which solution offloads the processing load on the application server and provides a mechanism to search the data in near-real time?

1. A. Install the Amazon CloudWatch Logs agent on the application server and use CloudWatch Events rules to search logs for access event
2. B. Use Amazon CloudSearch as an interface to search for events.
3. C. Use the third-party file-input plugin Logstash to monitor the application log file, then use a custom dissect filter on the agent to parse the log entries into the JSON forma
4. D. Output the events to Amazon ES to be searche
5. E. Use the Elasticsearch API for querying the data.
6. F. Upload the log files to Amazon S3 by using the S3 sync comman
7. G. Use Amazon Athena to define the structure of the data as a table, with Athena SQL queries to search for access events.
8. H. Install the Amazon Kinesis Agent on the application server, configure it to monitor the log files, and send it to a Kinesis strea
9. I. Configure Kinesis to transform the data by using an AWS Lambda function, and forward events to Amazon ES for analysi
10. J. Use the Elasticsearch API for querying the data.

Correct Answer: D
https://docs.aws.amazon.com/zh_cn/streams/latest/dev/writing-with-agents.html