AWS-DevOps-Engineer-Professional最新対策問題 & AWS-DevOps-Engineer-Professional関連復習問題集なぜ我々社は試験に合格しないなら、全額での返金を承諾するのは大勢の客様が弊社のAmazon AWS-DevOps-Engineer-Professional問題集を使用して試験に合格するのは我々に自信を与えるからです。Amazon AWS-DevOps-Engineer-Professional試験はIT業界での人にとって、とても重要な能力証明である一方で、大変難しいことです。それで、弊社の専門家たちは多くの時間と精力を尽くし、Amazon AWS-DevOps-Engineer-Professional試験資料を研究開発されます。 Amazon AWS Certified DevOps Engineer - Professional 認定 AWS-DevOps-Engineer-Professional 試験問題 (Q537-Q542):質問 # 537
You are working for a startup company that is building an application that receives large amounts of data.
Unfortunately, current funding has left the start-up short on cash, cannot afford to purchase thousands of dollars of storage hardware, and has opted to use AWS. Which services would you implement in order to store a virtually unlimited amount of data without any effort to scale when demand unexpectedly increases? Choose the correct answer from the options below
A. AmazonGlacier, to keep costs low for storage and scale infinitely
B. Amazonlmport/Export, because Amazon assists in migrating large amounts of data toAmazon S3
C. AmazonS3, because it provides unlimited amounts of storage data, scales automatically highly available, and durable
D. AmazonEC2, because EBS volumes can scale to hold any amount of data and, when usedwith Auto Scaling, can be designed for fault tolerance and high availability
正解:C
解説:
Explanation
The best option is to use S3 because you can host a large amount of data in S3 and is the best storage option provided by AWS.
For more information on S3, please refer to the below link:
* http://docs.aws.amazon.com/AmazonS3/latest/dev/Welcome.htmI
質問 # 538
A DevOps Engineer is working on a project that is hosted on Amazon Linux and has failed a security review.
The DevOps Manager has been asked to review the company buildspec.yaml file for an AWS CodeBuild project and provide recommendations. The buildspec.yaml file is configured as follows:
What changes should be recommended to comply with AWS security best practices? (Select THREE.)
A. Move the environment variables to the 'db-deploy-bucket' Amazon S3 bucket, add a prebuild stage to download, then export the variables.
B. Scramble the environment variables using XOR followed by Base64, add a section to install, and then run XOR and Base64 to the build phase.
C. Store the DB_PASSWORD as a SecurityString value in AWS Systems Manager Parameter Store and then remove the DB_PASSWORD from the environment variables.
D. Use AWS Systems Manager run command versus scp and ssh commands directly to the instance.
E. Add a post-build command to remove the temporary files from the container before termination to ensure they cannot be seen by other CodeBuild users.
F. Update the CodeBuild project role with the necessary permissions and then remove the AWS credentials from the environment variable.
正解:A、D、E
質問 # 539
A company is adopting AWS CodeDeploy to automate its application deployments for a Java-Apache Tomcat application with an Apache webserver. The Development team started with a proof of concept, created a deployment group for a developer environment, and performed functional tests within the application. After completion, the team will create additional deployment groups for staging and production The current log level is configured within the Apache settings, but the team wants to change this configuration dynamically when the deployment occurs, so that they can set different log level configurations depending on the deployment group without having a different application revision for each group.
How can these requirements be met with the LEAST management overhead and without requiring different script versions for each deployment group?
A. Tag the Amazon EC2 instances depending on the deployment group. Then place a script into the application revision that calls the metadata service and the EC2 API to identify which deployment group the instance is part of. Use this information to configure the log level settings. Reference the script as part of the AfterInstall lifecycle hook in the appspec.yml file.
B. Create a script that uses the CodeDeploy environment variable DEPLOYMENT_GROUP_NAME to identify which deployment group the instances is part of. Use this information to configure the log level settings. Reference this script as part of the Beforelnstall lifecycle hook in the appspec.yml file
C. Create a CodeDeploy custom environment variable for each environment. Then place a script into the application revision that checks this environment variable to identify which deployment group the instance is part of. Use this information to configure the log level settings. Reference this script as part of the ValidateService lifecycle hook in the appspec.yml file.
D. Create a script that uses the CodeDeploy environment variable DEPLOYMENT_GROUP_ID to identify which deployment group the instance is part of to configure the log level settings. Reference this script as part of the Install lifecycle hook in the appspec.yml file.
正解:C
質問 # 540
You have a complex system that involves networking, IAM policies, and multiple, three-tier applications.
You are still receiving requirements for the new system, so you don't yet know how many AWS components will be present in the final design.
You want to start using AWS CloudFormation to define these AWS resources so that you can automate and version-control your infrastructure.
How would you use AWS CloudFormation to provide agile new environments for your customers in a cost-effective, reliable manner?
A. Manually create one template to encompass all the resources that you need for the system, so you only have a single template to version-control.
B. Create multiple separate templates for each logical part of the system, and provide the outputs from one to the next using an Amazon Elastic Compute Cloud (EC2) instance running the SDK for finer granularity of control.
C. Create multiple separate templates for each logical part of the system, create nested stacks in AWS CloudFormation, and maintain several templates to version-control.
D. Manually construct the networking layer using Amazon Virtual Private Cloud (VPC) because this does not change often, and then use AWS CloudFormation to define all other ephemeral resources.
正解:C
質問 # 541
You are planning on using encrypted snapshots in the design of your AWS Infrastructure. Which of the following statements are true with regards to EBS Encryption
A. Snapshotting an encrypted volume makes an encrypted snapshot when specified / requested; restoring an encrypted snapshot always creates an encrypted volume.
B. Snapshotting an encrypted volume makes an encrypted snapshot; restoring an encrypted snapshot always creates an encrypted volume.
C. Snapshotting an encrypted volume makes an encrypted snapshot when specified / requested; restoring an encrypted snapshot creates an encrypted volume when specified / requested.
D. Snapshottingan encrypted volume makes an encrypted snapshot; restoring an encrypted snapshot creates an encrypted volume when specified / requested.
正解:B
解説:
Explanation
Amazon CBS encryption offers you a simple encryption solution for your CBS volumes without the need for you to build, maintain, and secure your own key management infrastructure. When you create an encrypted CBS volume and attach it to a supported instance type, the following types of data are encrypted:
* Data at rest inside the volume
* All data moving between the volume and the instance
* All snapshots created from the volume
Snapshots that are taken from encrypted volumes are automatically encrypted. Volumes that are created from encrypted snapshots are also automatically encrypted.
For more information on CBS encryption, please visit the below URL:
* http://docs.aws.amazon.com/AWSCC ... /CBSCncryption.html
