AWS Certified DevOps Engineer - Professional - Exam Simulator

You are a DevOps Engineer at a company that has a microservices architecture built using AWS Lambda. You have been tasked with setting up a Continuous Integration/Continuous Deployment (CI/CD) pipeline that automates the deployment of these Lambda functions. The deployment must ensure zero downtime and should integrate seamlessly with AWS CodeDeploy. Which deployment strategy should you choose?

Your team is responsible for maintaining an application's CI/CD pipeline. Recently, there have been frequent bugs discovered in production. To improve the quality of code being deployed, you decide to integrate automated testing into your CI/CD pipeline. Your pipeline currently uses AWS CodePipeline, and deploys the application using AWS CodeDeploy. Which of the following is the MOST appropriate method to ensure automated testing is performed before the deployment stage with AWS CodeDeploy?

As a DevOps engineer at a rapidly growing tech company, you are tasked with automating the build and deployment of EC2 instances and container images. Your company uses AWS CloudFormation to manage its infrastructure as code. Recently, the team decided to utilize EC2 Image Builder to streamline the creation and update of both EC2 and container images. You need to ensure that the image creation process is automated and integrates seamlessly with your existing CloudFormation setup. Which approach would you use to achieve this goal?

You are a DevOps engineer at a company that is deploying a new microservices architecture on Amazon EKS. The team decided to use a blue/green deployment strategy to release a new version of a critical microservice in order to minimize risks and downtime. Which method should you employ to ensure traffic is gradually shifted from the existing version (blue) to the new version (green) within Amazon EKS?

You are a DevOps engineer at a mid-sized tech company. Your team is in the process of implementing a new infrastructure as code (IaC) strategy using AWS CloudFormation to manage your cloud resources. You have created several reusable CloudFormation templates to standardize the deployment of various AWS services, including EC2 instances, RDS databases, and VPC configurations. However, you recently discovered that some of your templates grant overly permissive IAM roles, which has raised security concerns. Now, you need to enforce more stringent IAM policies within your CloudFormation templates and ensure that only needed permissions are granted to various resources. Which solution will help you achieve this objective most effectively?

You are a DevOps engineer working for a company that has recently decided to scale its cloud infrastructure using AWS. You have been tasked with setting up a governance framework for multiple AWS accounts across different regions. One of the requirements is to automate the provisioning of AWS resources to ensure they adhere to best practices and security policies. You want to use a service that allows you to easily create and manage catalogs of approved AWS resources that can be deployed across multiple accounts and regions. Which service should you choose to meet these requirements?

You are working for a large e-commerce company that needs to ensure its software environment is compliant with regulatory standards across multiple AWS accounts. Your team uses AWS Config to maintain this compliance by checking the state of AWS resources against predefined rules. Recently, you have been tasked with designing and building an automated solution to handle this process for hundreds of AWS accounts and thousands of resources. Which approach would best achieve this objective?

Your company runs a fleet of web applications across multiple AWS regions to ensure high availability and low latency for users around the globe. The architecture leverages Amazon EC2 instances running behind Elastic Load Balancers (ELBs) and uses Amazon Route 53 for DNS routing. The business requirements dictate that even in the event of a regional outage, your users should experience minimal downtime and uninterrupted service. How can you meet these requirements with the least amount of manual intervention while also improving the performance of your globally distributed applications?

You are a DevOps engineer working for a financial services company that is expanding its services to global markets. The company aims to provide a highly available and scalable architecture to handle a large influx of API requests for processing transactions. You’ve been tasked with designing a serverless architecture that ensures each step in the transaction process, such as validation, authorization, and transaction logging, is carried out reliably and is highly available. Which of the following architectures best meets these requirements using AWS services?

You are working as a DevOps engineer for a company that runs a web application using Amazon RDS with a Multi-AZ deployment for its database backend. The application is distributed across multiple EC2 instances behind an Application Load Balancer (ALB). Recently, you discovered that when a primary instance in your RDS Multi-AZ deployment fails, there is a brief period during which the application experiences downtime until the failover to the standby instance completes. The company's Service Level Agreement (SLA) requires minimal downtime to meet its Recovery Time Objective (RTO) and Recovery Point Objective (RPO) mandates. What steps should you take to configure the load balancer to ensure seamless recovery and maintain high availability in case of a backend failure?

A healthcare company uses AWS to host its applications, and it is critical to ensure the privacy and security of patient information. The DevOps team has been tasked with configuring Amazon CloudWatch to monitor application logs and store them in an encrypted format to comply with stringent security policies and industry regulations like HIPAA. After setting up CloudWatch, they must ensure that the log data collected is encrypted at rest. Which of the following actions should the DevOps team take to properly configure the encryption of log data using AWS KMS while ensuring the log metrics remain available for alerting and analysis?

A mid-sized e-commerce company uses AWS services to handle its backend operations. They store web server access logs in an Amazon S3 bucket and want to analyze these logs to identify potential security issues such as unauthorized access attempts and unusual traffic patterns. The company wants to use AWS services to perform these analyses efficiently. Which combination of AWS services should they use to achieve their goal?

You are managing a large-scale web application deployed on AWS. The application uses an Application Load Balancer (ALB) and Amazon Route 53 to distribute traffic across multiple EC2 instances. To ensure high availability and fault tolerance, you have configured health checks for both the ALB and Route 53. You want to automate monitoring and event management such that if any of the health checks fail, an alert is triggered, and specific remediation steps are automatically initiated. Which of the following solutions best accomplishes this task using AWS Config?

Your team has built a financial application that stores transactional data in an Amazon DynamoDB table. To ensure the consistency and reliability of your system, you need to update a secondary system whenever there is an insertion or update in your DynamoDB table. The requirements are to process these changes efficiently, ensure persistence, and allow retry mechanisms in case of failures. What AWS service combination would be the most suitable for this task?

You are working as an AWS DevOps Engineer and you recently implemented an instance monitoring solution using AWS EventBridge. Your EventBridge rule is triggering an AWS Lambda function whenever a specific EC2 instance enters a 'Stopped' state unexpectedly. The Lambda function should automatically remediate this non-desired state by starting the instance again. During a system audit, you noticed the instance remained in a 'Stopped' state and was never started as expected. Which action will most likely resolve this issue?

Your company has deployed a set of microservices on Amazon ECS using the Fargate launch type for a new application. Recently, some of the containers have started failing intermittently. Upon investigation, you’ve noticed that tasks are being killed unexpectedly. To ensure the stability of the application, you need to troubleshoot and resolve this issue promptly. What action should you take to troubleshoot the cause of the failed ECS tasks?

You are designing a new internal application for an enterprise that is rapidly scaling its AWS infrastructure. To ensure secure access management, you need to implement permissions boundaries to restrict the maximum permissions that IAM and machine identities can receive. You also need to ensure that only certain trusted administrators can grant IAM roles with elevated permissions. What combination of approaches should you use to achieve this? A) Apply permissions boundaries to all IAM roles and users, and grant administrators the necessary IAM permissions to make changes. B) Use AWS Organizations Service Control Policies (SCPs) to manage permissions across accounts, and use IAM roles with MFA to restrict access further. C) Apply permissions boundaries to IAM roles and users, use AWS STS for temporary elevated permissions when required, and implement MFA for administrative actions. D) Use IAM access advisor combined with VPC endpoint policies to restrict permissions and access.

You are designing a secure application that stores sensitive configuration data, such as database credentials, API keys, and authentication information. Your goal is to ensure that this data is both encrypted at rest and securely accessible by your application during runtime without exposing the secrets in plain text. To achieve this, you decide to use AWS Secrets Manager in conjunction with AWS Key Management Service (KMS). Which of the following approaches will help you automate the security controls and data protection for this application?

Your company operates several microservices that are critical to business operations. You've recently noticed some suspicious activity in the logs and need to ensure that your AWS environment remains compliant with security policies. Your team uses AWS Config for this purpose. Which of the following actions would allow you to continuously monitor and analyze the logs, metrics, and security findings to ensure compliance with your security policies?