AWS-DevOps-Engineer-Professional復習内容 & AWS-DevOps-Engineer-Professionalテストサンプル問題高賃金の仕事には、優れた労働能力と深い知識が必要です。 AWS-DevOps-Engineer-Professional試験に合格すると、夢の仕事を見つけるのに役立ちます。最高のAWS-DevOps-Engineer-Professional質問トレントをクライアントに提供します。Amazon受験者がAWS-DevOps-Engineer-Professional試験に簡単に合格できることを目指しています。私たちが提供するAWS-DevOps-Engineer-Professional学習教材は合格率とヒット率を高めるためのものです。準備と確認に少し時間をかけるだけで、AWS-DevOps-Engineer-Professional試験に合格できます。時間と労力はほとんどかかりません。ソフトウェアを無料でダウンロードして、購入する前に試用できます。 Amazon AWS Certified DevOps Engineer - Professional 認定 AWS-DevOps-Engineer-Professional 試験問題 (Q22-Q27):質問 # 22
A financial institution provides security-hardened AMIs of Red Hat Enterprise Linux 7.4 and Windows Server 2016 for its application teams to use in deployments. A DevOps Engineer needs to implement an automated daily check of each AMI to monitor for the latest CVE. How should the Engineer implement these checks using Amazon Inspector?
A. Install the Amazon Inspector agent in each AMI. Configure AWS Step Functions to launch an Amazon EC2 instance for each operating system from the hardened AMI, and tag the instance with SecurityCheck: True. Once EC2 instances have booted up, Step Functions will trigger an Amazon Inspector assessment for all instances with the tag SecurityCheck: True. Implement a scheduled Amazon CloudWatch Events rule that triggers Step Functions once each day.
B. Tag each AMI with SecurityCheck: True. Configure AWS Step Functions to first compose an Amazon Inspector assessment template for all AMIs that have the tag SecurityCheck: True and second to make a call to the Amazon Inspector API action StartAssessmentRun. Implement a scheduled Amazon CloudWatch Events rule that triggers Step Functions once each day.
C. Tag each AMI with SecurityCheck: True. Implement a scheduled Amazon Inspector assessment to run once each day for all AMIs with the tag SecurityCheck: True. Amazon Inspector should automatically launch an Amazon EC2 instance for each AMI and perform a security assessment.
D. Tag each instance with SecurityCheck: True. Implement a scheduled Amazon Inspector assessment to tun once each day for all instances with the tag SecurityCheck: True. Amazon Inspector should automatically perform an in-place security assessment for each AMI.
正解:A
質問 # 23
Which tool will Ansible not use, even if available, to gather facts?
A. facter
B. ohai
C. lsb_release
D. Ansible setup module
正解:C
解説:
Ansible will use it's own `setup' module to gather facts for the local system. Additionally, if ohai or facter are installed, those will also be used and all variables will be prefixed with `ohai_' or
`facter_' respectively. `lsb_relase' is a Linux tool for determining distribution information.
Reference: http://docs.ansible.com/ansible/setup_module.html
質問 # 24
Your application's Auto Scaling Group scales up too quickly, too much, and stays scaled when traffic decreases. What should you do to fix this?
A. Use larger instances instead of lots of smaller ones, so the Group stops scaling out so much and wasting resources as the OS level, since the OS uses a higher proportion of resources on smaller instances.
B. Calculate the bottleneck or constraint on the compute layer, then select that as the new metric, and set the metric thresholds to the bounding values that begin to affect response latency.
C. Set a longer cooldown period on the Group, so the system stops overshooting the target capacity.
The issue is that the scaling system doesn't allow enough time for new instances to begin servicing requests before measuring aggregate load again.
D. Raise the CloudWatch Alarms threshold associated with your autoscaling group, so the scaling takes more of an increase in demand before beginning.
正解:B
解説:
Systems will always over-scale unless you choose the metric that runs out first and becomes constrained first. You also need to set the thresholds of the metric based on whether or not latency is affected by the change, to justify adding capacity instead of wasting money. http://docs.aws.amazon.com/AutoS ... olicy_creating.html
質問 # 25
A company is evaluating Amazon S3 as a data storage solution for their daily analyst report. The company has
implemented stringent requirements concerning the security of the data at rest. Specifically, the CISO asked
for the use of envelope encryption with separate permissions for the use of an envelope key, automated
rotation of the encryption keys, and visibility into when an encryption key was used and by whom.
Which steps should a Solutions Architect take to satisfy the security requirements requested by the CISO?
A. Create an Amazon S3 bucket to store the reports and use Server-Side Encryption with
Customer-Provided Keys (SSE-C).
B. Create an Amazon S3 bucket to store the reports and use Amazon s3 versioning with Server-Side
Encryption with Amazon S3-Managed Keys (SSE-S3).
C. Create an Amazon S3 bucket to store the reports and use Server-Side Encryption with AWS
KMS-Managed Keys (SSE-KMS).
D. Create an Amazon S3 bucket to store the reports and use Server-Side Encryption with Amazon
S3-Managed Keys (SSE-S3).
質問 # 26
You have an asynchronous processing application usingan Auto Scaling Group and an SQS Queue. The Auto
Scaling Group scales according to the depth of the job queue. The completion velocity of the jobs has gone
down, the Auto Scaling Group size has maxec out, but the inbound job velocity did not increase. What is a
possible issue?
A. Someone changed the 1AM Role Policy on the instances in the worker group and broke permissions to
access the queue.
B. The scaling metric is not functioning correctly.
C. Some of the new jobs coming in are malformed and unprocessable.
D. The routing tables changed and none of the workers can process events anymore.
正解:C
解説:
Explanation
This question is more on the grounds of validating each option
Option B is invalid, because the Route table would have an effect on all worker processes and no jobs would
have been completed.
Option C is invalid because if the 1AM Role was invalid then no jobs would be completed.
Option D is invalid because the scaling is happening, its just that the jobs are not getting completed.
For more information on Scaling on Demand, please visit the below URL:
* http://docs.aws.a
mazon.com/autoscaling/latest/userguide/as-scale-based-on-demand.html