Information Technology > QUESTIONS & ANSWERS > AWS DevOps Engineer Professional Questions with Correct Answers. 100% accurate (All)

AWS DevOps Engineer Professional Questions with Correct Answers. 100% accurate

Document Content and Description Below

AWS DevOps Engineer Professional Questions with Correct Answers What is the names of the CodeDeploy deployment methods that are supported with Lambda functions? -Answer- LambdaAllAtOnce, LambdaCanary10PercentXMinutes, LambdaLinear10PercentXMinutes What are the supported sources for CodePipeline? -Answer- S3, AWS CodeCommit, GitHub, AWS ECR, AWS CodeStar Connections Where are AWS user credentials stored by default? -Answer- .aws/credentials How many Elastic IP addresses can an account have by default per AWS region? - Answer- 5 What AWS service is best suited for batch analysis of clickstream data? -Answer- EMR What is required to allow for passing queue messages that are 1GB in size? -AnswerUse the SQS Extended Client Library, and use S3 as a storage mechanism for message bodies. What are the data sources for AWS Macie? -Answer- S3 and CloudTrail What are valid data types for files in S3 to be read by AWS QuickSight? -Answer- CSV, TSV, ELF, CLF, JSON, XLSX How could one create an alarm that would notify people of health events in AWS? - Answer- CloudWatch Event for AWS Health Events, and use SNS for notifications. How do you configure CloudWatch to avoid INSUFFICIENT_DATA alarms with data sources that send data at longer intervals? -Answer- Configure CloudWatch to treat missing data points as "ignore". How do you get notified when Auto Scaling Groups fail to terminate instances? - Answer- Configure the ASG to send a notification to an SNS topic. What are the recommended services to use for receive notfications of events related to ASG scaling? -Answer- CloudWatch and SNS When changing the instance type of an Auto Scaling Group, what are the required steps? -Answer- Copy the existing launch configuration, modify the instance type, and attach the new launch configuration to the existing ASG.Can you modify instance types associated with existing launch configurations? -AnswerNo, you must copy the launch configuration. To use a mixture of spot and on-demand instance types in an Auto Scaling Group, which configuration tool should you use: Launch Configurations, or Launch Templates? -Answer- Launch Templates. Launch Configurations do not support mixed types. What operating system setting is a best practice to set to enable the best network throughput on EC2 instances? -Answer- Increasing the MTU. What are some differences between Global and Local Secondary Indexes for DynamoDB? -Answer- Local can only be created at time of table creation. Local only queries a single partition. Reads against a local index consume capacity from the base table, whereas global indexes have independent throughput allocations. What consistency types are supported by Global Secondary Indexes on DynamoDB? - Answer- Only Eventual Consistency is supported. What is the maximum size of a Local Secondary Index in DynamoDB? -Answer- 10GB What must be done to share an automated snapshot of an RDS database with another account? -Answer- Copy the snapshot, which turns it into a manual one, which can be shared with other accounts. What AWS service is ideal for notifying downstream systems of CloudFormation events? -Answer- SNS What feature should be used when creating groups of AWS instances that require close physical proximity for best performance? -Answer- Placement Groups You have an application that will allow users to upload photos to S3. What service should be used for authentication from various social network providers (Facebook, Google, etc) that will also allow for token based access to underlying AWS resources, such as S3? -Answer- Cognito using web identity federation. How can you specify a snapshot to be used when creating a new RDS database via CloudFormation? -Answer- Specify the DBSnapshotIdentifier property. What service is used to synchronize an existing Microsoft Active Directory installation with AWS IAM identities? -Answer- AWS Directory Service AD Connector What services are supported for CloudFormation Custom Resource Types? -AnswerSNS and Lambda What extension must configuration files for Elastic Beanstalk extensions use? -Answer- .configWhat folder must configuration files for Elastic Beanstalk be placed in? -Answer- .ebextensions What is required to allow IAM users in another AWS account to access an S3 bucket in your account? -Answer- Create a cross account IAM Role and grant permission to the third party AWS account to use the role. (https://aws.amazon.com/premiumsupport/knowledge-center/cross-account-access-s3/) What two items are required to allow AWS Inspector to run on EC2 instances? -AnswerThe AWS Systems Manager agent must be installed, and the EC2 instances must have a role that allows the SSM Run Command privilege. What is the name of the environment variable that passes the name of the deployment group in AWS CodeDeploy? -Answer- DEPLOYMENT_GROUP_NAME (https://docs.aws.amazon.com/codedeploy/latest/userguide/reference-appspec-filestructure-hooks.html#reference-appspec-file-structure-environment-variable-availability) What service can be used to easily look for under-utilized EC2 instances? -AnswerAWS Trusted Advisor To invoke a Lambda function upon Trusted Advisor detecting under-utilized instances, what event type should be configured in the CloudWatch Event rule? -Answer- Check Item Refresh Status (https://docs.aws.amazon.com/awssupport/latest/user/cloudwatchevents-ta.html) In AWS Systems Manager, what two items control what patches are installed and when? -Answer- Patch Baselines (what is installed) and Patch Groups (when). (https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-patchpatchgroups.html) What CloudWatch functionality should be used to track changes in state to ECS instances / tasks? -Answer- CloudWatch Events (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_cwe_events.htm l) What are the pre-requisites for using AWS CodeDeploy with on-premise instances? - Answer- The account used to configure the instance must have sudo / root access; the OS must be one of the allowed options; the machines must have outbound port 443 access; the IAM user must have access to register with CodeDeploy. (https://docs.aws.amazon.com/codedeploy/latest/userguide/on-premises-instancesregister.html) What command can be used to register on-premise instances with AWS CodeDeploy without requiring individual IAM users? -Answer- register-on-premises-instance(https://docs.aws.amazon.com/codedeploy/latest/userguide/instances-on-premisesregister-instance.html#instances-on-premises-register-instance-2-register-command) What deployment targets for AWS CodeDeploy are not eligible for selection by tags? - Answer- ECS Cluster and Lambda What are the steps to deploy application revisions in AWS CodeDeploy for EC2 / onpremise instances? -Answer- Create an application; specify the deployment group; specify the deployment configuration; upload the revision. (https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-stepsserver.html#deployment-steps-workflow) What are the steps to deploy an application revision in AWS CodeDeploy for Lambda functions? -Answer- Create an application; specify a deployment group; specify deployment configuration; specify AppSpec file. (https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-stepslambda.html#deployment-process-workflow-lambda) What are the steps to deploy an application revision in AWS CodeDeploy for ECS? - Answer- Create an ECS service with deployment controller = CodeDeploy; create an application; create a deployment group; specify AppSpec file. (https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-stepsecs.html#deployment-process-workflow-ecs) Must all accounts sending CloudWatch Events to a master account be part of the same AWS Organization? -Answer- No. Permissions can be granted at the Account or Organization level. (https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEventsCrossAccountEventDelivery.html) What are the options for installing security updates on instances managed / provisioned with AWS OpsWorks? -Answer- Create new instances and delete the old ones; use the Update Dependencies stack command for Linux instances running Chef. (https://docs.aws.amazon.com/opsworks/latest/userguide/workingsecurity-updates.html) Can individual IAM users be given rights to send CloudWatch events to your AWS Account? -Answer- No, only whole organizations or accounts can be given access on the receiver side. However, users on the sending side must be given access to send to individual receiving Accounts via IAM policy. (https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEventsCrossAccountEventDelivery.html) What two things must be done to allow users to access AWS CodeCommit repositories via SSH Git access? -Answer- The user's public key must be uploaded to the IAM Security Credential tab; the user must have access to the CodeCommit resource viaIAM policy. (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sshkeys.html#ssh-keys-code-commit) What is the format for the user name generated for CodeCommit SSH keys? -AnswerAPKxxxxxxx (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-upssh-unixes.html#setting-up-ssh-unixes-keys) What are names of on-premise instances prefixes with in AWS Systems Manager? - Answer- "mi" (https://docs.aws.amazon.com/systemsmanager/latest/userguide/managed_instances.html) What service integrates with DynamoDB Streams to be triggered to process data as changes occur? -Answer- AWS Lambda (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.Lamb da.html) What is the order of events in creating an Elastic Beanstalk environment? -AnswerCreate application; upload version; launch environment; manage environment. What are the two places IAM permissions are used in configuring an Elastic Beanstalk environment? -Answer- A service role, which allows Elastic Beanstalk to access resources in your account; instance profiles, which are attached to the EC2 instances provisioned by Elastic Beanstalk. How can you configure Elastic Beanstalk to best manage application versions to lower cost? -Answer- Configure an Application Version Lifecycle to remove either versions older than 'x' days, or to only keep the last 'y' versions. You configure an Application Version Lifecycle policy for an Elastic Beanstalk application, such that only the last 3 versions of the application are kept. However, after uploading a new version, there are still 5 versions present. What are some of the reasons this could happen? -Answer- Elastic Beanstalk will not remove applications versions that are 1) still in use; 2) were in use by environments terminated less than ten weeks before the policy was triggered by the creation of the new version. (https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/applications-lifecycle.html) You create a bundle for Elastic Beanstalk of a .NET application using IIS with a non default site name. After deploying the bundle the site does not load properly. What did you do wrong that may cause this problem? -Answer- To work correctly, the site name used when creating a source bundle for a .NET application must start with "Default Web Site". (https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/applicationssourcebundle.html) You need to deploy an application in Elastic Beanstalk that processes messages from an SQS queue. What environment tier should you deploy the resources in? -AnswerThe Worker Environment tier. (https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts.html#concepts-tier) After deploying an Elastic Beanstalk environment, you make some ad-hoc changes to the resources created as part of the environment. You subsequently clone the environment in the Elastic Beanstalk console. Will the changes you made be carried over to the clone of the environment? -Answer- No, changes made outside of the Elastic Beanstalk configuration ("unmanaged changes") are not included when cloning an environment. (https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/usingfeatures.managing.clone.html) You have several different but related environments you need to create in Elastic Beanstalk. What feature of Elastic Beanstalk allows you to create all the necessary environments with on AWS CLI call? -Answer- The Compose Environments API allows you to create related groups of environments together. (https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/environment-mgmtcompose.html) What are the options for deployments in Elastic Beanstalk? -Answer- All at once; rolling; rolling with additional batch; immutable. You have an application deployed in Elastic Beanstalk that is known to take upwards of 15 minutes to pass health checks after deployment. What setting should you change in the deployment configuration to ensure that Elastic Beanstalk doesn't fail the deployment prematurely? -Answer- Command timeout, which specifies how long Elastic Beanstalk will wait for a batch of instances to show as healthy before considering the deployment a failure. (https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/usingfeatures.rolling-version-deploy.html#environments-cfg-rollingdeployments-console) You will be using the Blue/Green deployment strategy with Elastic Beanstalk, and your application uses a RDS database as a back-end store. What critical action must you take to ensure you do not lose data during a deployment? -Answer- Use an externally managed RDS instance, not one managed by Elastic Beanstalk, since that will be removed as part of the swap. (https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/usingfeatures.CNAMESwap.html) You have several Elastic Beanstalk environments that are related and need to communicate with each other. What feature of Elastic Beanstalk facilitates this and how does it work? -Answer- Environment Links. This works by presenting an environment variable that points to the queue URL or endpoint URL of another Elastic Beanstalk environment. (https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/environment-cfglinks.html) You are configuring an Elastic Beanstalk environment and wish to use Spot Instances if your environment scales beyond 4 instances. What settings need to be configured toallow this to happen? -Answer- AWS:EC2:Instances.EnableSpot = true, AWS.EC2.Instances.SpotFleetOnDemandBase = 4 (https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/command-optionsgeneral.html#command-options-general-ec2instances) In Elastic Beanstalk, when are commands specified in the "commands" section of an .ebextensions file executed? -Answer- Before the application and web server are set up, and before the application version file is extracted. (https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-containersec2.html#linux-commands) In Elastic Beanstalk, when are commands specified in the "container_commands" section of an .ebextensions file executed? -Answer- After the application and web server are set up and the application version file is extracted, but before the application is deployed. (https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customizecontainers-ec2.html#linux-container-commands) As part of an application deployment in Elastic Beanstalk, you need to run a database script. What setting do you need to specify in order to ensure the script is only executed once? -Answer- "container_commands.leader_only" (https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-containersec2.html#linux-container-commands) Is anything required to ensure that data sent via DynamoDB Streams is encrypted? - Answer- No, Streams data is encrypted by default, just like the rest of the data in DynamoDB. (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.html, https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/EncryptionAtRe st.html) What are the points of data that can be configured to be included in DynamoDB Streams? -Answer- Keys only, new image (updated version of data), old image (data before it was modified), or bot hnew and old. (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.html) A business owner has a requirement that data streamed via DynamoDB Streams is kept for 7 days in case it needs to be re-processed. What must you do to ensure this is in place? -Answer- This is not possible, because DynamoDB Streams only retain data for 24 hours. (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.html) You have an application that needs to read and write items from a DynamoDB table at a consistent rate of around 100 reads / sec and 50 writes / sec, both using the strong consistency model. An item averages 12kb in size. What provisioned capacity should you set for the table? -Answer- 300 read capacity units, and 600 write capacity units. (12kb item size / 4kb per read capacity unit * 100 strongly consistent reads; 12kb itemsize / 1kb per write capacity unit * 50 writes - https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThr oughput.html) You have an application that stores data in a DynamoDB table. The data is time based and is only relevant for 90 days, after which there is no need to retain the data. What's the most efficient way to ensure that un-necessary data is cleaned up to avoid excess storage costs? -Answer- Utilize the Time To Live feature, which automatically expires and deletes data after a configured period. (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/TTL.html) What parts of a DynamoDB table are restored when using an on-demand or point in time backup? -Answer- Global Secondary Indexes, Local Secondary Indexes, Provisioned read / write capacity. All other settings (such as CW metrics, IAM permissions, Autoscaling, TTL, etc) have to be manually re-attached. (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/backuprestore_ HowItWorks.html) What is the appropriate API call to perform a series of DynamoDB writes in a transactionally consistent fashion? -Answer- TransactWriteItems (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/transactionapis.html) Describe how you could manage a multi-step, logic driven, stateful build / deployment pipeline using AWS CodePipeline and other AWS services. -Answer- Have the deployment step call a Lambda that invokes a Step Function and returns a token to CodePipeline. Subsequent calls include the token, which causes Lambda to check on the status of the Step Function execution. Once complete, it returns either success (which causes the pipeline to continue) or failure. (https://aws.amazon.com/blogs/devops/using-aws-step-functions-state-machines-tohandle-workflow-driven-aws-codepipeline-actions/) What are the Build action integrations for AWS CodePipeline? -Answer- AWS CodeBuild, CloudBees, TeamCity, and Jenkins. (https://docs.aws.amazon.com/codepipeline/latest/userguide/integrations-actiontype.html#integrations-source) What are the Deploy action integrations for AWS CodePipeline? -Answer- S3, CloudFormation, CodeDeploy, ECS, Elastic Beanstalk, OpsW

[Show More]

Last updated: 3 years ago

Preview 1 out of 17 pages

Buy Now

Instant download