[Oct-2021] Amazon AWS-DevOps-Engineer-Professional Dumps – Reduce Your Chance of Failure in AWS-DevOps-Engineer-Professional Exam [Q118-Q143]

[Oct-2021] Amazon AWS-DevOps-Engineer-Professional Dumps – Reduce Your Chance of Failure in AWS-DevOps-Engineer-Professional Exam

To help you achieve your ultimate goal, we suggest the actual Amazon AWS-DevOps-Engineer-Professional dumps for your AWS Certified DevOps Engineer - Professional (DOP-C01) exam preparation to use as your guideline.

NEW QUESTION 118
Your Company wants to perform A/B testing on a new website feature for 20 percent of its users.
The website uses CloudFront for whole site delivery, with some content cached for up to 24 hours.
How do you enable this testing for the required proportion of users while minimizing performance impact?

• A. Configure the CloudFront distribution to forward a cookie specific to this feature.
  For requests where the cookie is not set, the web servers set its value to ''on" for 20 percent of responses and "off" for 80 percent.
  For requests where the cookie is set, the web servers use Its value to determine whether the feature should be on or off for the response.
• B. Configure the web servers to handle two domain names.
  The feature is switched on or off depending on which domain name is used for a request.
  Configure a CloudFront origin for each domain name, and configure the CloudFront distribution to use one origin for 20 percent of users and the other origin for the other 80 percent.
• C. Invalidate all of the CloudFront distribution's cache items that the feature affects.
  On future requests, the web servers create responses with the feature on for 20 percent of users, and off for 80 percent.
  The web servers set "Cache-Control: no-cache" on all of these responses.
• D. Create a second stack of web servers that host the website with the feature on.
  Using Amazon Route53, create two resource record sets with the same name: one with a weighting of "1" and a value of this new stack; the other a weighting of "4" and a value of the existing stack. Use the resource record set's name as the CloudFront distribution's origin.

Answer: A

 

NEW QUESTION 119
A DevOps Engineer is responsible for the deployment of a PHP application. The Engineer is working in a hybrid deployment, with the application running on both on-premises servers and Amazon EC2 instances. The application needs access to a database containing highly confidential information. Application instances need access to database credentials, which must be encrypted at rest and in transit before reaching the instances.
How should the Engineer automate the deployment process while also meeting the security requirements?

• A. Use AWS CodeDeploy to deploy application packages to the instances. Store database credentials on AWS Systems Manager Parameter Store using the Secure String data type. Define an IAM policy for allowing access, and decrypt only the database credentials. Attach the IAM policy to the role associated to the instance profile for CodeDeploy-managed instances, and to the role used for on- premises instances registration on CodeDeploy.
• B. Use AWS CodeDeploy to deploy application packages to the instances. Store database credentials in the AppSpec file. Define an IAM policy for allowing access to only the database credentials. Attach the IAM policy to the role associated to the instance profile for CodeDeploy- managed instances and the role used for on-premises instances registration on CodeDeploy.
• C. Use AWS CodeDeploy to deploy application packages to the instances. Store database credentials on AWS Systems Manager Parameter Store using the Secure String data type. Define an IAM role with an attached policy that allows decryption of the database credentials. Associate this role to all the instances and on-premises servers.
• D. Use AWS Elastic Beanstalk with a PHP platform configuration to deploy application packages to the instances. Store database credentials on AWS Systems Manager Parameter Store using the Secure String data type. Define an IAM role for Amazon EC2 allowing access, and decrypt only the database credentials. Associate this role to all the instances.

Answer: A

 

NEW QUESTION 120
You have a fleet of Elastic Compute Cloud (EC2) instances in an Auto Scaling group.
All of these instances are running Microsoft Windows Server 2012 backed by Amazon Elastic Block Store (EBS).
These instances were launched through AWS CloudFormation.
You have determined that your instances are underutilized, and in order to save some money, have decided to modify the instance type of the fleet.
In which of the following ways can you achieve the desired result during a scheduled maintenance window? Choose 2 answers

• A. Take snapshots of the running instances, and launch new instances based on those snapshots.
• B. Identify the new instance type in the user data and restart the running instances one at a time.
• C. Use the AWS Command Line Interface (CLI) to modify the instance type of each running instance.
• D. Change the instance type in the AWS CloudFormation template that was used to create the Amazon EC2 instances, and then update the stack.
• E. Create a new Auto Scaling launch configuration specifying the new instance type, associate it to the existing Auto Scaling group, and terminate the running instances.

Answer: D,E

 

NEW QUESTION 121
As part of your deployment pipeline, you want to enable automated testing of your AWS CloudFormation template. What testing should be performed to enable faster feedback while minimizing costs and risk? Select three answers from the options given below

• A. Usethe AWS CloudFormation Validate Template to validate the syntax of the template
• B. Usethe AWS CloudFormation Validate Template to validate the properties ofresources defined in the template.
• C. Validatethe AWS CloudFormation template against the official XSD scheme definitionpublished by Amazon Web Services.
• D. Validatethe template's is syntax using a generalJSON parser.
• E. Updatethe stack with the template. If the template fails rollback will return thestack and its resources to exactly the same state.
• F. When creating the stack, specify an Amazon SNS topic to which your testing system is subscribed. Your testing system runs tests when it receives notification that the stack is created or updated.

Answer: A,E,F

Explanation:
Explanation
The AWS documentation mentions the following
The aws cloudformation validate-template command is designed to check only the syntax of your template. It does not ensure that the property values that you have specified for a resource are valid for that resource. Nor does it determine the number of resources that will exist when the stack is created.
To check the operational validity, you need to attempt to create the stack. There is no sandbox or test area for AWS Cloud Formation stacks, so you are charged for the resources you create during testing.
Option F is needed for notification.
For more information on Cloudformation template validation, please visit the link:
* http://docs.aws.a
mazon.com/AWSCIoudFormation/latest/UserGuide/using-cfn-va I idate-template.html

 

NEW QUESTION 122
A company wants to automatically re-create its infrastructure using AWS CloudFormation as part of the company's quality assurance (QA) pipeline. For each QA run, a new VPC must be created in a single account, resources must be deployed into the VPC, and tests must be run against this new infrastructure. The company policy states that all VPCs must be peered with a central management VPC to allow centralized logging. The company has existing CloudFormation templates to deploy its VPC and associated resources.
Which combination of steps will achieve the goal in a way that is automated and repeatable? (Choose two.)

• A. In the CloudFormation template:Use the Fn::Cidr function to allocate an unused CIDR range for the VPC and subnets.Create a peering connection to the management VPC.Update route tables to allow traffic to the management VPC.
• B. In the CloudFormation template:Invoke a custom resource to generate unique VPC CIDR ranges for the VPC and subnets.Create a peering connection to the management VPC.Update route tables to allow traffic to the management VPC.
• C. Create an AWS Lambda function that is invoked by an Amazon CloudWatch Events rule when a CreateVpcPeeringConnection API call is made. The Lambda function should check the source of the peering request, accepts the request, and update the route tables for the management VPC to allow traffic to go over the peering connection.
• D. Modify the CloudFormation template to include a mappings object that includes a list of /16 CIDR ranges for each account where the stack will be deployed.
• E. Use CloudFormation StackSets to deploy the VPC and associated resources to multiple AWS accounts using a custom resource to allocate unique CIDR ranges. Create peering connections from each VPC to the central management VPC and accept those connections in the management VPC.

Answer: B,D

 

NEW QUESTION 123
Which of these is not an instrinsic function in AWS CloudFormation?

• A. Fn::Not
• B. Fn::lf
• C. Fn::Equals
• D. Fn::Parse

Answer: D

Explanation:
Explanation
You can use intrinsic functions, such as Fn::lf, Fn::Cquals, and Fn::Not, to conditionally create stack resources. These conditions are evaluated based on input parameters that you declare when you create or update a stack. After you define all your conditions, you can associate them with resources or resource properties in the Resources and Outputs sections of a template.
For more information on Cloud Formation template functions, please refer to the URL:
* http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/intrinsic-function-reference.html and
* http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/intrinsic-function-reference-conditions.html

 

NEW QUESTION 124
A company that uses electronic health records is running a fleet of Amazon EC2 instances with an Amazon Linux operating system. As part of patient privacy requirements, the company must ensure continuous compliance for patches for operating system and applications running on the EC2 instances. How can the deployments of the operating system and application patches be automated using a default and custom repository?

• A. Use yum-config-manager to add the custom repository under /etc/yum.repos.d and run yum- to activate the repository.
  config-manager-enable
• B. Use AWS Systems Manager to create a new patch baseline including the corporate repository.
  Execute the AWS-AmazonLinuxDefaultPatchBaseline document using the run command to verify and install patches.
• C. Use AWS Direct Connect to integrate the corporate repository and deploy the patches using Amazon CloudWatch scheduled events, then use the CloudWatch dashboard to create reports.
• D. Use AWS Systems Manager to create a new patch baseline including the custom repository.
  Execute the AWS-RunPatchBaseline document using the run command to verify and install patches.

Answer: B

 

NEW QUESTION 125
Which of the following design strategies is ideal when designing loosely coupled systems. Choose 2 answers from the options given below

• A. Having the web and worker roles running on the same set of EC2 Instances
• B. Using SNS to establish communication between the web and worker roles
• C. Having the web and worker roles running on separate EC2 Instances
• D. Using SQS to establish communication between the web and worker roles

Answer: C,D

Explanation:
Explanation
The below diagram shows the ideal design which uses SQS and separate environments for web and worker processes. The SQS queue manages the communication between the web and worker roles.

One example is the way Elastic beanstalk manages worker environments. For more information on this, please visit the below URL:
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features-managing-env-tiers.htmI

 

NEW QUESTION 126
You are having a web and worker role infrastructure defined in AWS using Amazon EC2 resources. You are using SQS to manage the jobs being send by the web role. Which of the following is the right way to ensure the worker processes are adequately setup to handle the number of jobs send by the web role

• A. Use Cloudwatch monitoring to check the size of the queue and then scale out using Autoscaling to ensure that it can handle the right number of jobs
• B. Use Cloudwatch monitoring to check the size of the queue and then scale out SQS to ensure that it can handle the right number of jobs
• C. Use Route53 to ensure that the load is evenly distributed to the set of web and worker instances
• D. Use ELB to ensure that the load is evenly distributed to the set of web and worker instances

Answer: A

Explanation:
Explanation
The below diagram shows how SGS can be used to manage the communication between the Web and worker roles. The number of messages in the SQS queue can be used to determine the number of instances that should be there in the AutoScaling Group.

For more information on SQS and Autoscaling, please refer to the below U RL:
* http://docs.aws.amazon.com/autoscaling/latest/userguide/as-using-sqs-queue.html

 

NEW QUESTION 127
Your public website uses a load balancer and an Auto Scalinggroup in a virtual private cloud. Your chief security officer has asked you to set up a monitoring system that quickly detects and alerts your team when a large sudden traffic increase occurs. How should you set this up?

• A. Setup a cron job to actively monitor the AWS CloudTrail logs for increased trafficand use Amazon SNS to alert your team.
• B. Setup an Amazon CloudWatch alarm for the Elastic Load Balancing Networkln metricand then use Amazon SNS to alert your team.
• C. Usean Amazon EMR job to run every thirty minutes, analyze the Elastic LoadBalancing access logs in a batch manner to detect a sharp increase in trafficand then use the Amazon Simple Email Service to alert your team.
• D. Usean Amazon EMR job to run every thirty minutes analyze the CloudWatch logs fromyour application Amazon EC2 instances in a batch manner to detect a sharpincrease in traffic and then use the Amazon SNS SMS notification to alert yourteam
• E. Setup an Amazon CloudWatch alarm for the Amazon EC2 Networkln metric for the AutoScaling group and then use Amazon SNS to alert your team.

Answer: E

Explanation:
Explanation
The below snapshot from the AWS documentation gives details on the Networkln metric

 

NEW QUESTION 128
You meet once per month with your operations team to review the past month's data. During the meeting, you realize that 3 weeks ago, your monitoring system which pings over HTTP from outside AWS recorded a large spike in latency on your 3-tier web service API.
You use DynamoDB for the database layer, ELB, EBS, and EC2 for the business logic tier, and SQS, ELB, and EC2 for the presentation layer.
Which of the following techniques will NOT help you figure out what happened?

• A. Check your CloudTrail log history around the spike's time for any API calls that caused slowness.
• B. Review CloudWatch Metrics graphs to determine which component(s) slowed the system down.
• C. Analyze your logs to detect bursts in traffic at that time.
• D. Review your ELB access logs in S3 to see if any ELBs in your system saw the latency.

Answer: B

Explanation:
Metrics data are available for 2 weeks. If you want to store metrics data beyond that duration, you can retrieve it using our GetMetricStatistics API as well as a number of applications and tools offered by AWS partners.
https://aws.amazon.com/cloudwatch/faqs/

 

NEW QUESTION 129
You need the absolute highest possible network performance for a cluster computing application.
You already selected homogeneous instance types supporting 10 gigabit enhanced networking, made sure that your workload was network bound, and put the instances in a placement group.
What is the last optimization you can make?

• A. Use 9001 MTU instead of 1500 for Jumbo Frames, to raise packet body to packet overhead ratios.
• B. Turn off SYN/ACK on your TCP stack or begin using UDP for higher throughput.
• C. Bake an AMI for the instances and relaunch, so the instances are fresh in the placement group and do not have noisy neighbors.
• D. Segregate the instances into different peered VPCs while keeping them all in a placement group, so each one has its own Internet Gateway.

Answer: A

Explanation:
For instances that are collocated inside a placement group, jumbo frames help to achieve the maximum network throughput possible, and they are recommended in this case.
For more information, see Placement Groups.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/network_mtu.html#jumbo_frame_instanc es

 

NEW QUESTION 130
A publishing company used AWS Elastic Beanstalk, Amazon S3, and Amazon DynamoDB to develop a web application. The web application has increased dramatically in popularity, resulting in unpredictable spikes in traffic. A DevOps Engineer has noted that 90% of the requests are duplicate read requests.
How can the Engineer improve the performance of the website?

• A. Use DynamoDB Streams to cache repeated read requests to DynamoDB and API Gateway to cache images stored in S3.
• B. Use Amazon ElastiCache for Memcached to cache repeated read requests to DynamoDB and Varnish to cache images stored in S3.
• C. Use DynamoDB Accelerator to cache repeated read requests to DynamoDB and Amazon CloudFront to cache images stored in S3.
• D. Use Amazon ElastiCache for Redis to cache repeated read requests to DynamoDB and AWS Elemental MediaStore to cache images stored in S3.

Answer: D

 

NEW QUESTION 131
You run a 2000-engineer organization. You are about to begin using AWS at a large scale for the first time. You want to integrate with your existing identity management system running on Microsoft Active Directory, because your organization is a power-user of Active Directory. How should you manage your AWS identities in the most simple manner?

• A. Use an AWS Directory Sync Domain running on AWS Lambda
• B. Use a large AWS Directory Service AD Connector.
• C. Use a large AWS Directory Service Simple AD.
• D. Use an Sync Domain running on AWS Directory Service.

Answer: B

Explanation:
You must use AD Connector as a power-user of Microsoft Active Directory. Simple AD only works with a subset of AD functionality. Sync Domains do not exist; they are made up answers. AD Connector is a directory gateway that allows you to proxy directory requests to your on-premises Microsoft Active Directory, without caching any information in the cloud. AD Connector comes in
2 sizes; small and large. A small AD Connector is designed for smaller organizations of up to 500 users. A large AD Connector is designed for larger organizations of up to 5,000 users.
https://aws.amazon.com/directoryservice/details/

 

NEW QUESTION 132
A highly regulated company has a policy that DevOps Engineers should not log in to their Amazon EC2 instances except in emergencies. If a DevOps Engineer does log in, the Security team must be notified within
15 minutes of the occurrence.
Which solution will meet these requirements?

• A. Install the Amazon CloudWatch agent on each EC2 instance. Configure the agent to push all logs to Amazon CloudWatch Logs and set up a CloudWatch metric filter that searches for user logins. If a login is found, send a notification to the Security team using Amazon SNS.
• B. Install the Amazon Inspector agent on each EC2 instance. Subscribe to Amazon CloudWatch Events notifications. Trigger an AWS Lambda function to check if a message is about user logins. If it is, send a notification to the Security team using Amazon SNS.
• C. Set up a script on each Amazon EC2 instance to push all logs to Amazon S3. Set up an S3 event to trigger an AWS Lambda function, which triggers an Amazon Athena query to run. The Athena query checks for logins and sends the output to the Security team using Amazon SNS.
• D. Set up AWS CloudTrail with Amazon CloudWatch Logs. Subscribe CloudWatch Logs to Amazon Kinesis.
  Attach AWS Lambda to Kinesis to parse and determine if a log contains a user login. If it does, send a notification to the Security team using Amazon SNS.

Answer: B

 

NEW QUESTION 133
A DevOps Engineer is deploying a new web application. The company chooses AWS Elastic Beanstalk for deploying and managing the web application, and Amazon RDS MySQL to handle persistent data. The company requires that new deployments have minimal impact if they fail. The application resources must be at full capacity during deployment, and rolling back a deployment must also be possible.
Which deployment sequence will meet these requirements?

• A. Deploy the application using Elastic Beanstalk, and include RDS MySQL as part of the environment. Use default Elastic Beanstalk behavior to deploy changes to the application, and let rolling updates deploy changes to the application.
• B. Deploy the application using Elastic Beanstalk and connect to an external RDS MySQL instance using Elastic Beanstalk environment properties. Use Elastic Beanstalk features for a blue/green deployment to deploy the new release to a separate environment, and then swap the CNAME in the two environments to redirect traffic to the new version.
• C. Deploy the application using Elastic Beanstalk, and include RDS MySQL as part of the environment. Use Elastic Beanstalk immutable updates for application deployments.
• D. Deploy the application using Elastic Beanstalk, and connect to an external RDS MySQL instance using Elastic Beanstalk environment properties. Use Elastic Beanstalk immutable updates for application deployments.

Answer: D

 

NEW QUESTION 134
You want to securely distribute credentials for your Amazon RDS instance to your fleet of web server instances.
The credentials are stored in a file that is controlled by a configuration management system.
How do you securely deploy the credentials in an automated manner across the fleet of web server instances, which can number in the hundreds, while retaining the ability to roll back if needed?

• A. Keep credential files as a binary blob in an Amazon RDS MySQL DB instance, and have a script on each Amazon EC2 instance that pulls the files down from the RDS instance.
• B. Store the credential files in your version-controlled repository with the rest of your code.
  Use a parallel file copy program to send the credential files from your local machine to the Amazon EC2 instances.
• C. Store the credential files in your version-controlled repository with the rest of your code.
  Have a post-commit action in version control that kicks off a job in your continuous integration system which securely copses the new credential files to all web server instances.
• D. Store your credential files in an Amazon S3 bucket.
  Use Amazon S3 server-side encryption on the credential files.
  Have a scheduled job that pulls down the credential files into the instances every 10 minutes.
• E. Insert credential files into user data and use an instance lifecycle policy to periodically refresh the file from the user data.

Answer: D

 

NEW QUESTION 135
You have a multi-docker environment that you want to deploy to AWS. Which of the following configuration files can be used to deploy a set of Docker containers as an Elastic Beanstalk application?

• A. Dockerrunjson
• B. Dockerrun.awsjson
• C. .ebextensions
• D. Dockerfile

Answer: B

Explanation:
Explanation
A Dockerrun.aws.json file is an Clastic Beanstalk-specific JSON file that describes how to deploy a set of Docker containers as an Clastic Beanstalk application. You can use aDockerrun.aws.json file for a multicontainer Docker environment.
Dockerrun.aws.json describes the containers to deploy to each container instance in the environment as well as the data volumes to create on the host instance for the containers to mount.
* http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker_v2config.html

 

NEW QUESTION 136
What are the default memory limit policies for a Docker container?

• A. Limited memory, unlimited kernel memory
• B. Unlimited memory, limited kernel memory
• C. Unlimited memory, unlimited kernel memory
• D. Limited memory, limited kernel memory

Answer: C

Explanation:
Kernel memory limits are expressed in terms of the overall memory allocated to a container.
Consider the following scenarios:
Unlimited memory, unlimited kernel memory: This is the default behavior. Unlimited memory, limited kernel memory: This is appropriate when the amount of memory needed by all cgroups is greater than the amount of memory that actually exists on the host machine. You can configure the kernel memory to never go over what is available on the host machine, and containers which need more memory need to wait for it. Limited memory, umlimited kernel memory: The overall memory is limited, but the kernel memory is not.
Limited memory, limited kernel memory: Limiting both user and kernel memory can be useful for debugging memory-related problems. If a container is using an unexpected amount of either type of memory, it will run out of memory without affecting other containers or the host machine. Within this setting, if the kernel memory limit is lower than the user memory limit, running out of kernel memory will cause the container to experience an OOM error. If the kernel memory limit is higher than the user memory limit, the kernel limit will not cause the container to experience an OOM.
Reference:
https://docs.docker.com/engine/admin/resource_constraints/#--kernel-memory-details

 

NEW QUESTION 137
A company mandates the creation of capture logs for everything running in its AWS account. The account has multiple VPCs with Amazon EC2 instances, Application Load Balancers, Amazon RDS MySQL databases, and AWS WAF rules configured. The logs must be protected from deletion. A daily visual analysis of log anomalies from the previous day is required.
Which combination of actions should a DevOps Engineer take to accomplish this? (Choose three.)

• A. Configure Amazon S3 MFA Delete on the logging Amazon S3 bucket.
• B. Configure AWS Artifact to send all logs to the logging Amazon S3 bucket. Create a dashboard report in Amazon QuickSight.
• C. Deploy an Amazon CloudWatch agent to all Amazon EC2 instances.
• D. Configure AWS CloudTrail to send all logs to Amazon Inspector. Create a dashboard report in Amazon QuickSight.
• E. Configure an AWS Lambda function to send all CloudWatch logs to an Amazon S3 bucket. Create a dashboard report in Amazon QuickSight.
• F. Configure an Amazon S3 object lock legal hold on the logging Amazon S3 bucket.

Answer: C,E,F

 

NEW QUESTION 138
Your company has an e-commerce platform which is expanding all over the globe, you have EC2 instances deployed in multiple regions you want to monitor performance of all of these EC2 instances. How will you setup CloudWatch to monitor EC2 instances in multiple regions?

• A. Createseparate dashboards in every region
• B. Thisis not possible
• C. Haveone single dashboard to report metrics to CloudWatch from different region
• D. Register!nstances running on different regions to CloudWatch

Answer: C

Explanation:
Explanation
You can monitor AWS resources in multiple regions using a single Cloud Watch dashboard. For example, you can create a dashboard that shows CPU utilization for an CC2 instance located in the us-west-2 region with your billing metrics, which are located in the us-east-1 region.
For more information on Cloudwatch dashboard, please refer to the below url
* http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cross_region_dashboard.html

 

NEW QUESTION 139
A DevOps Engineer is deploying an Amazon API Gateway API with an AWS Lambda function providing the backend functionality. The Engineer needs to record the source IP address and response status of every API call.
Which combination of actions should the DevOps Engineer take to implement this functionality?
(Choose three.)

• A. Create a new Amazon S3 bucket or choose an existing S3 bucket to store the logs.
• B. Create a new Amazon CloudWatch Logs log group or choose an existing log group to store the logs.
• C. Configure AWS X-Ray to enable access logging for the API Gateway requests.
• D. Grant API Gateway permission to read and write logs to Amazon CloudWatch through an IAM role.
• E. Configure API Gateway to stream its log data to Amazon Kinesis.
• F. Configure the API Gateway stage to enable access logging and choose a logging format.

Answer: A,D,F

 

NEW QUESTION 140
A company recently launched an application that is more popular than expected. The company wants to ensure the application can scale to meet increasing demands and provide reliability using multiple Availability Zones (AZs) The application runs on a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB) A DevOps engineer has created an Auto Scaling group across multiple AZs for the application Instances launched in the newly added AZs are not receiving any traffic for the application.
What is likely causing this issue?

• A. The new AZ has not been added to the ALB
• B. The EC2 instances have not been manually associated to the ALB
• C. Auto Scaling groups can create new instances in a single AZ only.
• D. The ALB should be replaced with a Network Load Balancer (NLB).

Answer: A

 

NEW QUESTION 141
You are a Devops Enginneer in your company. You have been instructed to ensure there is an automated backup solution in place for EBS Volumes. These snapshots need to be retained only for a period of 20 days.
How can you achieve this requirement in an efficient manner?

• A. UseLifecycle policies to push the EBS Volumes to Amazon Glacier. Then use furtherlifecycle policies to delete the snapshots after 20 days.
• B. Use Amazon Data Lifecycle Manager to automate the process.
• C. Usethe aws ec2 create-volume API to create a snapshot of the EBS Volume. The usethe describe-volume to see those snapshots which are greater than 20 days andthen delete them accordingly using the delete-volume API call.
• D. UseLifecycle policies to push the EBS Volumes to Amazon S3. Then use further lifecyclepolicies to delete the snapshots after 20 days.

Answer: B

Explanation:
Explanation
Use Amazon Data Lifecycle Manager (Amazon DLM) to automate the creation, retention, and deletion of snapshots taken to back up your Amazon EBS volumes.
Automating snapshot management helps you to:
* Protect valuable data by enforcing a regular backup schedule.
Retain backups as required by auditors or internal compliance.
* Reduce storage costs by deleting outdated backups.
For more Information, Please check the below AWS Docs:
* https://docs.aws.amazon.com/AWSCC2/latest/UserGuide/snapshot-lifecycle.html

 

NEW QUESTION 142
A DevOps Engineer must create a Linux AMI in an automated fashion. The newly created AMI identification must be stored in a location where other build pipelines can access the new identification programmatically What is the MOST cost-effective way to do this?

• A. Launch an Amazon EC2 instance and install Packer. Then configure a Packer build with values defining how the image should be created. Build a Jenkins pipeline to invoke the Packer build when triggered to build an AMI. Store the AMI identification output in an Amazon DynamoDB table.
• B. Build a pipeline in AWS CodePipeline to download and save the latest operating system Open Virtualization Format (OVF) image to an Amazon S3 bucket, then customize the image using the guestfish utility. Use the virtual machine (VM) import command to convert the OVF to an AMI, and store the AMI identification output as an AWS Systems Manager parameter.
• C. Build a pipeline in AWS CodePipeline to take a snapshot of an Amazon EC2 instance running the latest version of the application. Then start a new EC2 instance from the snapshot and update the running instance using an AWS Lambda function. Take a snapshot of the updated instance, then convert it to an AMI. Store the AMI identification output in an Amazon DynamoDB table.
• D. Create an AWS Systems Manager automation document with values instructing how the image should be created. Then build a pipeline in AWS CodePipeline to execute the automation document to build the AMI when triggered. Store the AMI identification output as a Systems Manager parameter.

Answer: A

 

NEW QUESTION 143
......

100% Free AWS-DevOps-Engineer-Professional Demo-Trial [Pdf], get it now: https://drive.google.com/open?id=192l2iKV5Dg6gZW85hWvX8sv-QAQHTJw1

Accurate & Verified Answers As Seen in the Real Exam here: https://www.actualtestsquiz.com/AWS-DevOps-Engineer-Professional-test-torrent.html