AWS Certified DevOps Engineer Professional Exam Notes and Practice Tests – Practice Test #1

An ECS-hosted application is experiencing sporadic latency and unavailability issues. You need to instrument the application to capture latency and performance data. What should you do to accomplish this? (Select TWO.)

A company with a hybrid cloud architecture wants to automate application deployments to both on-premises servers and Amazon EC2 instances. What AWS service should be used to implement this CI/CD pipeline?

A DevOps team is implementing a blue/green deployment strategy for their application running on Amazon EC2 instances behind an Application Load Balancer. They need to ensure that traffic can gradually shift between the old and new versions. Which option will allow them to achieve this?

A development company has an application hosted in AWS Lambda. They want to ensure that if a Lambda function experiences an error, it automatically retries the execution without requiring manual intervention. Which AWS feature will fulfill this requirement?

Your organization uses AWS CodeBuild to compile and test applications. To enhance security, you have been asked to prevent sensitive credentials from being stored in plaintext in the buildspec.yaml file. What steps should you take to improve security? (Select TWO.)

A team is using Amazon RDS MySQL in a Multi-AZ configuration. They are planning to upgrade the database engine to a new major version. What is the most appropriate approach to minimize downtime?

A large organization wants to enforce consistent security settings across all of its AWS accounts using AWS Organizations. They need to ensure CloudTrail is enabled in every account automatically and that any manual modifications are reverted. Which solution meets this requirement?

A company has an Auto Scaling group of EC2 instances running behind an Application Load Balancer. The team wants to deploy new versions of the application gradually with minimal impact on users. Which deployment strategy should be used?

A mobile application uses AWS Lambda for backend processing. The development team wants to ensure that API Gateway canary deployments are supported so that they can route a small portion of traffic to the new version before a full release. What steps should be taken to achieve this?

A financial institution needs to ensure that a backup database can be used automatically if the primary database becomes unavailable. They are using Amazon RDS in a Multi-AZ deployment. Which solution ensures that failover occurs automatically?

A pharmaceutical company has a private EC2 instance with no Internet access that needs to upload an object to a private Amazon S3 bucket. However, they are receiving an HTTP 403: Access Denied error when attempting to fetch the object. What are the possible causes for this issue? (Select TWO.)

A company needs to implement an automated daily check of their golden AMIs for Common Vulnerabilities and Exposures (CVE) using Amazon Inspector. Which solution should they implement?

A cryptocurrency trading company uses Auto Scaling with Elastic Load Balancing health checks to scale its EC2 instances. Several instances were terminated due to failed health checks, causing the loss of log data needed for root cause analysis. How can the DevOps Engineer automate log collection from EC2 instances before termination?

A fast-growing company with multiple AWS accounts consolidated under AWS Organizations wants to centralize their VPC Flow Logs and CloudWatch Logs in a dedicated Audit account for compliance purposes. What is the most suitable centralized logging solution?

A company runs a web application across multiple Availability Zones in an Auto Scaling group behind an Application Load Balancer, using Amazon RDS MySQL for its database. The management wants a geographically isolated disaster recovery (DR) site with an RPO of 5 minutes and an RTO of 2 hours. Which solution requires the least amount of changes to the application stack?

A Node.js-based photo-sharing app is hosted on EC2 instances with DynamoDB for session management and S3 for media storage. Due to recent growth, the company manually added six EC2 instances, but each took over 30 minutes to configure. Which solution improves availability and reduces deployment time?

A company using Lambda functions and DynamoDB for its microservices architecture wants to automate testing and code deployments while gradually shifting traffic to new versions. Which solution best fits their needs?

An e-commerce website is expanding internationally, requiring new features for shipping and VAT calculations. They also have features specific to local users. Each feature takes about three months to develop and test. How should the DevOps Engineer manage feature deployments efficiently?

A government-sponsored health service uses Lambda functions and DynamoDB for its APIs, with an Elasticsearch domain supporting searches. They need a deployment process that ensures no downtime and full capacity during deployments. How should the DevOps Engineer achieve this?

You developed a web portal that uses an Amazon EMR cluster for processing clickstream data. Trusted Advisor recommended terminating underutilized instances after you forgot to define scale-down parameters. You want frequent notifications about Trusted Advisor recommendations. Which of the following solutions will help? (Select THREE.)

A multi-tier enterprise web application is hosted in an Auto Scaling group of On-Demand Amazon EC2 instances across multiple Availability Zones behind an Application Load Balancer. For its database tier, Amazon Aurora is used to store thousands of transactions and user data. A DevOps Engineer was instructed to implement a secure and manageable method to obtain the database password credentials and provide access to AWS resources during deployment. Which among the following options is the MOST suitable setup that the Engineer should use?

You are instructed to set up configuration management for all of your infrastructure in AWS. To comply with the company’s strict security policies, the solution should provide a near real-time dashboard of the compliance posture of your systems with a feature to detect violations. Which solution would be able to meet the above requirements?

A global IT consulting company has a multi-tier enterprise resource planning application hosted in AWS. It runs on an Auto Scaling group of EC2 instances across multiple Availability Zones behind an Application Load Balancer. The database tier uses an Amazon RDS MySQL database with Multi-AZ deployments. The company recently failed an IT audit due to excessive data loss in a simulated disaster recovery drill. How should the DevOps Engineer implement a multi-region disaster recovery plan with the LOWEST recovery time and the LEAST data loss?

A company has an application hosted in an Auto Scaling group of EC2 instances that calls an external API. After a recent change from HTTP to HTTPS, the application stopped functioning. The DevOps engineer verified the API works, but the application still faces issues. What is the MOST appropriate course of action to determine the root cause of the problem?

A company wants to set up an audit process to ensure its enterprise application is exclusively running on Amazon EC2 Dedicated Hosts and wants to reduce software licensing costs. A DevOps Engineer must create a workflow to audit the enterprise applications hosted in their VPC. Which of the following options should the Engineer implement?

A company is developing a custom online forum using AWS Fargate to host a containerized application and DynamoDB as the data store. The DynamoDB schema should support searches by ForumName and Subject, while fetching items within a given LastPostDateTime time frame. Which DynamoDB schema configuration meets the above requirements?

A software development company is using AWS CodeCommit, CodeBuild, and CodePipeline for CI/CD. The IAM role used by developers was updated to include the AWS-managed AWSCodeCommitPowerUser policy, allowing direct pushes to the master branch, which was previously restricted. This resulted in an untested code push. What should the DevOps engineer do to restrict this specific action?

A company uses AMIs for different applications. Currently, AMIs are manually created. The DevOps engineer is instructed to automate the process of generating AMIs, and the AMI IDs must be stored in a centralized location for programmatic access. Which is the MOST cost-effective solution with the LEAST overhead?

A financial company provides GraphQL APIs and hosts its service in an Auto Scaling group of EC2 instances. During deployment, a DevOps engineer must track the service's health and stop the deployment if latency exceeds a defined threshold. Which solution provides the FASTEST detection time for deployment issues?

An online data analytics application uses 12 On-Demand EC2 instances across three Availability Zones. During peak hours, CPU utilization increases, but it decreases after business hours. The DevOps Engineer is tasked with reducing costs while maintaining reliability. Which solution is the MOST suitable?

A leading food and beverage company is migrating its Docker-based application to AWS. The application will be hosted in an Amazon ECS cluster with multiple services. The cluster uses an Application Load Balancer to distribute traffic evenly across tasks. A DevOps Engineer was asked to configure the cluster to automatically collect logs from all services and upload them to an S3 bucket for near-real-time analysis. How should the Engineer configure the ECS setup to satisfy these requirements? (Select THREE.)

You are a DevOps engineer for a company with hundreds of Amazon EC2 instances running enterprise web applications. The company uses Slack for system alerts and notifications. There is a new requirement to automatically send all AWS-scheduled maintenance notifications to a Slack channel. Which of the following is the EASIEST method to meet this requirement?

A company wants to implement a continuous deployment workflow for source code promotion between development, staging, and production environments in AWS. They also need the ability to roll back recent deployments in the event of failure. Which of the following CI/CD designs is the MOST suitable and incurs the LEAST downtime?

You have created a mobile app hosted on Docker containers deployed on Amazon ECS. You need to run validation scripts for new deployments to ensure the app works as expected before allowing production traffic and configure automatic rollbacks if the validation fails. Which option will you choose to implement this validation?

A CTO has decided to migrate an online customer portal to AWS. The application will be hosted in an Auto Scaling group of On-Demand EC2 instances using a custom AMI. The same architecture will be used for non-production environments. The CTO requests a design that securely stores environment credentials, expedites instance startup time, and allows the same AMI to work in all environments. As a DevOps Engineer, how should you set up the deployment configuration?

An enterprise resource planning application is hosted in an Auto Scaling group of EC2 instances behind an Application Load Balancer, using DynamoDB as its data store. Several Lambda functions read DynamoDB Streams to count products, monitor inventory, and generate reports. During peak times, the Lambda functions encounter stream throttling errors, affecting application performance. Which is the MOST scalable and cost-effective solution that requires the LEAST operational overhead?

A company is using AWS OpsWorks to manage the deployments of EC2 instances in an Auto Scaling group. The DevOps team has discovered that some instances in production are restarting unexpectedly. CloudTrail logs reveal that AWS OpsWorks is restarting instances considered unhealthy. The DevOps team needs to receive email notifications whenever this occurs. How should the DevOps team set up the notifications?

A company is migrating on-premises resources to AWS, including over a thousand VMware servers and EC2 instances. The Operations team needs to collect information such as OS details, MAC addresses, and IP addresses, and analyze the data in a visual format. Which is the MOST appropriate solution with the LEAST operational effort?

A government agency has a VMware-based server build system on-premises and wants to test server images using their on-premises pipeline to mimic behavior on Amazon EC2. Which solution should the DevOps Engineer implement?

You are working as a DevOps Engineer in a company with a hybrid cloud architecture using Direct Connect Gateway. There is a requirement to automate OS patching for all Windows servers hosted both on-premises and in AWS using AWS Systems Manager. Which combination of steps should you take? (Select TWO.)

A leading IT consultancy firm wants to automate remediation actions for issues relating to the health of its AWS resources using the AWS Health Dashboard and the AWS Health API. They need to automatically detect exposed IAM access keys on public GitHub repositories, delete the key, and notify the DevOps team. What steps should you take to meet these requirements?

A government tax portal is hosted in AWS using a MEAN stack with DynamoDB for storage and custom Chef recipes from a private Git repository. The company wants to scale the application during peak times and deploy updates with minimal management overhead. What is the MOST cost-effective solution?

An insurance firm stores financial data on-premises and backs up to an S3 bucket. A mandate requires that only specific administrators can change object permissions. The DevOps Engineer needs to implement near real-time, automated checks for monitoring this data. What should the Engineer implement?

Your API servers are hosted on an Elastic Beanstalk environment, and you want to change the instance type during deployment without increasing the workload on the current instances. What deployment policy should you implement to incur the LEAST cost?

A company needs to manage and update its Windows and Linux servers in both AWS and on-premises environments. The patches must be consistent and compliant with security policies with minimal management overhead. Which solution should the DevOps Engineer implement?

A smart home device company is using AWS Lambda for various API requests. The current CodePipeline pipeline builds, tests, and deploys Lambda functions in sequence. The team wants to expedite the deployment process. What should the DevOps Engineer do to optimize the pipeline?

You have found several unused and underutilized load balancers in a test environment that developers forgot to delete. You want to be notified whenever there are Trusted Advisor changes. What steps should you take? (Select THREE.)

A digital payments company using CloudTrail needs to ensure that their log files comply with PCI DSS requirements by preventing tampering. What is the MOST suitable solution with the LEAST amount of effort?

A regional e-commerce site is expanding globally and needs to store product catalog data in a single source while ensuring user personal information and purchases are kept regionally. Which solution meets these requirements with the least changes?

A data breach occurred in your application hosted in an Auto Scaling group of EC2 instances. You need to automatically terminate any instance that was logged into via SSH. What is the MOST automated solution?

A company is re-architecting its monolithic system to a serverless application in AWS to save on cost. The deployment of the new version must first be rolled out to a small number of users for testing before the full release. If the tests fail, there should be an easy rollback option. How should the DevOps Engineer design the deployment setup? (Select TWO.)

A government agency is developing a solution to store confidential files containing PII. The data must be encrypted at rest and in transit, and replicated at least 450 miles apart. What should the DevOps Engineer implement?

A retail company is migrating its multi-tier web applications to AWS. The deployment requirements change frequently, and the company is using CloudFormation to automate and manage the infrastructure. What is the recommended CloudFormation setup in this scenario?

A company is migrating its customer portal to AWS Elastic Beanstalk with an external RDS MySQL database in Multi-AZ. The company requires that full capacity is maintained during deployment, and the ability to roll back easily. What is the most cost-effective deployment setup?

A high-frequency trading application is hosted in an Auto Scaling group of EC2 instances behind an Application Load Balancer, using DynamoDB for the database. After a failed deployment caused an outage, the DevOps Engineer is tasked with implementing a strategy that maintains performance during deployment and allows immediate rollback. What should the engineer implement?

A company has developed a serverless application using Lambda functions and DynamoDB. The CI/CD pipeline deploys using AWS CodePipeline and CodeBuild. The lead engineer wants to reduce the risk of failed deployments by releasing new versions to a subset of users before full release. How should the pipeline be modified?

An ECS cluster running Docker-based applications pulls images from a private container registry. The development team noticed that some tasks are still running old images after a new version was published. How should this issue be resolved?

A CloudWatch Events rule with a custom event pattern is set up in a company's AWS account. The rule monitors the status of AWS CodePipeline. What does this rule capture?

A company needs to monitor EC2 instance utilization across multiple AWS accounts and automatically terminate underutilized instances. All resources are tagged for cost allocation. What is the most suitable solution?

A media company hosts its .NET web application on Elastic Beanstalk with S3 for static content and DynamoDB for data storage. After a marketing campaign, traffic increased, with 80% of it being duplicate read requests. How can the performance of the application be improved?

A leading software development company is using an Auto Scaling group of EC2 instances for high availability and fault tolerance. They want to automate their CloudFormation template to fetch the latest AMI IDs and reduce manual updates. What is the MOST suitable and cost-effective solution to automate this process?

A company with a hybrid architecture wants to automate the configuration of a 10-node cluster across three Availability Zones, each with a corresponding Elastic Network Interface (ENI), local IP, and static hostname. Which solution provides the LEAST amount of effort to automate this architecture?

A company uses AWS CodeCommit, CodeBuild, CodeDeploy, and CodePipeline for CI/CD. They need to automatically roll back deployments and notify their DevOps team via Slack if a deployment fails. What is the MOST suitable configuration to achieve this?

A company wants to dynamically change the log level of its NGINX-based web application during CodeDeploy deployments, without creating different application revisions for each deployment group. Which solution provides the LEAST management overhead?

A tech company deployed its static corporate website using CloudFormation in the US East (N. Virginia) region. It now wants to move the website to US West (Oregon), but the CloudFormation stack deletion fails. What is the root cause, and how can it be fixed?

A company is developing a serverless application using AWS Lambda, AWS SAM, and Amazon API Gateway. They want automatic deployments triggered by a new commit to CodeCommit and need separate pipelines for TEST and PROD environments, with only the TEST environment allowing automatic deployment. How can the DevOps engineer satisfy this requirement?

A telecommunications company uses CloudFormation to deploy applications to multiple environments. The DevOps engineer needs to automate deployments using AWS CodePipeline while ensuring the same CloudFormation template is reusable across multiple pipelines. How should the DevOps engineer implement this solution?

A multinational bank using AWS Organizations needs to monitor and report unencrypted EBS volumes across all accounts and regions. The DevOps engineer must automate reporting and notifications for any unencrypted EBS volumes. Which solution provides the LEAST operational overhead?

A company with a hybrid cloud environment uses a proprietary code analysis tool in their on-premises data center. The tool must be integrated into the AWS CodePipeline workflow to check code quality before deployment. Which is the MOST suitable solution?

A company is deploying its enterprise web application in Amazon ECS using the Fargate launch type. They need to securely provide database credentials to the application using environment variables, with lifecycle management and key rotation. What is the MOST suitable solution?

A leading commercial bank uses an encrypted Amazon S3 bucket to store customer files, with federated access configured for an Active Directory user group. For audit purposes, there is a new requirement to detect policy changes related to restricted federated access and revert any accidental changes. Which of the following provides the FASTEST way to detect configuration changes?

A company has a hybrid cloud architecture and needs to aggregate system logs from its on-premises and AWS resources for analysis and auditing. Which is the MOST cost-effective solution with the LEAST amount of effort?

An application hosted on EC2 instances in a public subnet with no Internet access can no longer fetch external dependencies upon launch due to recent security changes. What is the MOST secure solution to allow the instances to retrieve dependencies without public Internet access?

An e-commerce website hosted in the us-east-1 region experienced a regional outage, causing delays in the database failover to the us-west-1 region. The database also missed three hours of transactions. What solution should the DevOps engineer implement to improve the RTO and RPO for cross-region failover?

A game development company wants to host its latest game on AWS, requiring real-time data transfer and compliance with data residency requirements. The CI/CD process must use CodePipeline, CodeCommit, CodeBuild, and CodeDeploy. Which is the MOST suitable and efficient solution to meet these requirements?