Exam Code: DevOps-Engineer-Professional
Exam Name: AWS Certified DevOps Engineer – Professional
Version : Demo
Total QA : 80
You currently run your infrastructure on Amazon EC2 instances behind an Auto Scaling group> All logs for you
application are currently written to ephemeral storage. Recently your company experienced a major bug in
code that made it through testing and was ultimately deployed to your fleet. This bug triggered your Auto
Scaling group to scale up and back down before you could successfully retrieve the logs off your server to
better assist you in troubleshooting the bug.
Which technique should you use to make sure you are able to review your logs after your instances have shut
A. Configure the ephemeral policies on your Auto Scaling group to back up on terminate.
B. Configure your Auto Scaling policies to create a snapshot of all ephemeral storage on terminate.
C. Install the CloudWatch Logs Agent on your AMI, and configure CloudWatch Logs Agent to stream your
D. Install the CloudWatch monitoring agent on your AMI, and set up new SNS alert for CloudWatch metrics
that triggers the CloudWatch monitoring agent to backup all logs on the ephemeral drive.
E. Install the CloudWatch monitoring agent on your AMI, Update your Auto Scaling policy to enable
automated CloudWatch Log copy.
Correct Answer: C
Management has reported an increase in the monthly bill from Amazon web services, and they are extremely
concerned with this increased cost. Management has asked you to determine the exact cause of this increase.
After reviewing the billing report, you notice an increase in the data transfer cost.
How can you provide management with a better insight into data transfer use?
A. Update your Amazon CloudWatch metrics to use five-second granularity, which will give better detailed
metrics that can be combined with your billing data to pinpoint anomalies.
B. Use Amazon CloudWatch Logs to run a map-reduce on your logs to determine high usage and data
C. Deliver custom metrics to Amazon CloudWatch per application that breaks down application data transfer
into multiple, more specific data points.
D. Using Amazon CloudWatch metrics, pull your Elastic Load Balancing outbound data transfer metrics
monthly, and include them with your billing report to show which application is causing higher bandwidth
Correct Answer: C
During metric analysis, your team has determined that the company’s website is experiencing response times
during peak hours that are higher than anticipated. You currently rely on Auto Scaling to make sure that you
are scaling your environment during peak windows. How can you improve your Auto Scaling policy to reduce
this high response time?
Choose 2 answers.
A. Push custom metrics to CloudWatch to monitor your CPU and network bandwidth from your servers, which
will allow your Auto Scaling policy to have better fine-grain insight.
B. Increase your Auto Scaling group’s number of max servers.
C. Create a script that runs and monitors your servers; when it detects an anomaly in load, it posts to an
Amazon SNS topic that triggers Elastic Load Balancing to add more servers to the load balancer.
D. Push custom metrics to CloudWatch for your application that include more detailed information about your
web application, such as how many requests it is handling and how many are waiting to be processed.
E. Update the CloudWatch metric used for your Auto Scaling policy, and enable sub-minute granularity to
allow auto scaling to trigger faster.
Correct Answer: BD
Your Company wants to perform A/B testing on a new website feature for 20 percent of its users. The website
uses CloudFront for whole site delivery, with some content cached for up to 24 hours.
How do you enable this testing for the required proportion of users while minimizing performance impact?
A. Configure the web servers to handle two domain names. The feature is switched on or off depending on
which domain name is used for a request. Configure a CloudFront origin for each domain name, and
configure the CloudFront distribution to use one origin for 20 percent of users and the other origin for the
other 80 percent.
B. Configure the CloudFront distribution to forward a cookie specific to this feature. For requests where the
cookie is not set, the web servers set its value to ”on” for 20 percent of responses and “off” for 80 percent.
For requests where the cookie is set, the web servers use Its value to determine whether the feature
should be on or off for the response.
C. Create a second stack of web servers that host the website with the feature on. Using Amazon Route53,
create two resource record sets with the same name: one with a weighting of “1” and a value of this new
stack; the other a weighting of “4” and a value of the existing stack. Use the resource record set’s name as
the CloudFront distribution’s origin.
D. Invalidate all of the CloudFront distribution’s cache items that the feature affects. On future requests, the
web servers create responses with the feature on for 20 percent of users, and off for 80 percent. The web
servers set “Cache-Control: no-cache” on all of these responses.
Correct Answer: B
You have been asked to use your departments existing continuous Integration (CI) tool to test a three-tier web
architecture defined In an AWS CloudFormation template. The tool already supports AWS APIs and can
launch new AWS CloudFormation stacks after polling version control. The CI tool reports on the success of the
AWS CloudFormation stack creation by using the Describe Stacks API to look for the CREATE_COMPLETE
The architecture tiers defined in the template consist of:
• One load balancer
• Five Amazon EC2 instances running the web application
• One multi-AZ Amazon ROS instance
How would you implement this?
Choose 2 answers
A. Define a WaitCondition and a WaitConditionHandle for the output of a UserData command that does sanity
checking of the application’s post-install state.
B. Define a CustomResource and write a script that runs architecture-level Integration tests through the load
balancer to the application and database for the state of multiple tiers.
C. Define a WaitCondition and use a WaitConditionHandle that leverages the AWS SDK to run the
DescribeStacks API call until the CREATE_COMPLETE status is returned.
D. Define a CustomResource that leverages the AWS SDK to run the DescribeStacks API call until the
‘CREATE_COMPLETE status is returned.
E. Define a UserDataHandle for the output of a UserData command that does sanity checking of the
application’s post-install state and runs integration tests on the state of multiple tiers through the load
balancer to the application.
F. Define a UserDataHandle for the output of a CustomResource that does sanity checking of the
application’s post-install state.
Correct Answer: CE
You are building a large, multi-tenant SaaS (software-as-a-service) application with a component that fetches
data to process from a customer-specific Amazon S3 bucket in their account.
How should you ensure that your application follows security best practices and limits risk when fetching data
from customer-owned Amazon S3 buckets?
A. Have users create an IAM user with a policy that grants read-only access to the Amazon S3 bucket
required by your application, and store the corresponding access keys in an encrypted database that holds
their account data.
B. Have users create a cross-account lAM role with a policy that grants read-only access to the Amazon S3
bucket required by your application to the AWS account ID running your production Sass application.
C. Have users create an Amazon S3 bucket policy that grants read-only access to the Amazon S3 bucket
required by your application, and securely store the corresponding access keys in the database holding
their account data.
D. Have users create an Amazon S3 bucket policy that grants read-only access to the Amazon S3 bucket
required by your application and limits access to the public IP address of the SaaS application.
Correct Answer: B