AWS-Certified-DevOps-Engineer-Professional Free Practice Test

A company builds a container image in an AWS CodeBuild project by running Docker commands. After the container image is built, the CodeBuild project uploads the container image to an Amazon S3 bucket. The CodeBuild project has an IAM service role that has permissions to access the S3 bucket.
A DevOps engineer needs to replace the S3 bucket with an Amazon Elastic Container Registry (Amazon ECR) repository to store the container images. The
DevOps engineer creates an ECR private image repository in the same AWS Region of the CodeBuild project. The DevOps engineer adjusts the IAM service role with the permissions that are necessary to work with the new ECR repository. The DevOps engineer also places
new repository information into the docker build command and the docker push command that are used in the buildspec.yml file.
When the CodeBuild project runs a build job, the job fails when the job tries to access the ECR repository.
Which solution will resolve the issue of failed access to the ECR repository?

1. A. Update the buildspec.yml file to log in to the ECR repository by using the aws ecr get- login-password AWS CLI command to obtain an authentication toke
2. B. Update the docker login command to use the authentication token to access the ECR repository.
3. C. Add an environment variable of type SECRETS_MANAGER to the CodeBuild projec
4. D. In the environment variable, include the ARN of the CodeBuild project's IAM service rol
5. E. Update the buildspec.yml file to use the new environment variable to log in with the docker login command to access the ECR repository.
6. F. Update the ECR repository to be a public image repositor
7. G. Add an ECR repository policy that allows the IAM service role to have access.
8. H. Update the buildspec.yml file to use the AWS CLI to assume the IAM service role for ECR operation
9. I. Add an ECR repository policy that allows the IAM service role to have access.

Correct Answer: A
Update the buildspec.yml file to log in to the ECR repository by using the aws ecr get-login- password AWS CLI command to obtain an authentica-tion token. Update the docker login command to use the authentication token to access the ECR repository.
This is the correct solution. The aws ecr get-login-password AWS CLI command retrieves and displays an authentication token that can be used to log in to an ECR repository. The docker login command can use this token as a password to authenticate with the ECR repository. This way, the CodeBuild project can push and pull images from the ECR repository without any errors. For more information, see Using Amazon ECR with the AWS CLI and get-login-password.

A DevOps engineer is building a multistage pipeline with AWS CodePipeline to build, verify, stage, test, and deploy an application. A manual approval stage is required between the test stage and the deploy stage. The development team uses a custom chat tool with webhook support that requires near-real-time notifications.
How should the DevOps engineer configure status updates for pipeline activity and approval requests to post to the chat tool?

1. A. Create an Amazon CloudWatch Logs subscription that filters on CodePipeline Pipeline Execution State Chang
2. B. Publish subscription events to an Amazon Simple Notification Service (Amazon SNS) topi
3. C. Subscribe the chat webhook URL to the SNS topic, and complete the subscription validation.
4. D. Create an AWS Lambda function that is invoked by AWS CloudTrail event
5. E. When a CodePipeline Pipeline Execution State Change event is detected, send the event details to the chat webhook URL.
6. F. Create an Amazon EventBridge rule that filters on CodePipeline Pipeline Execution State Chang
7. G. Publish the events to an Amazon Simple Notification Service (Amazon SNS) topi
8. H. Create an AWS Lambda function that sends event details to the chat webhook UR
9. I. Subscribe the function to the SNS topic.
10. J. Modify the pipeline code to send the event details to the chat webhook URL at the end of each stag
11. K. Parameterize the URL so that each pipeline can send to a different URL based on the pipeline environment.

Correct Answer: C
https://aws.amazon.com/premiumsupport/knowledge-center/sns-lambda-webhooks-chime-slack-teams/

A rapidly growing company wants to scale for developer demand for AWS development environments. Development environments are created manually in the AWS Management Console. The networking team uses AWS CloudFormation to manage the networking infrastructure, exporting stack output values for the Amazon VPC and all subnets. The development environments have common standards, such as Application Load Balancers, Amazon EC2 Auto Scaling groups, security groups, and Amazon DynamoDB tables.
To keep up with demand, the DevOps engineer wants to automate the creation of development environments. Because the infrastructure required to support the application is expected to grow, there must be a way to easily update the deployed infrastructure. CloudFormation will be used to create a template for the development environments.
Which approach will meet these requirements and quickly provide consistent AWS environments for developers?

1. A. Use Fn::ImportValue intrinsic functions in the Resources section of the template to retrieve Virtual Private Cloud (VPC) and subnet value
2. B. Use CloudFormation StackSets for the development environments, using the Count input parameter to indicate the number of environments neede
3. C. Use the UpdateStackSet command to update existing development environments.
4. D. Use nested stacks to define common infrastructure component
5. E. To access the exported values, use TemplateURL to reference the networking team’s templat
6. F. To retrieve Virtual Private Cloud (VPC) and subnet values, use Fn::ImportValue intrinsic functions in the Parameters section of the root templat
7. G. Use the CreateChangeSet and ExecuteChangeSet commands to update existing development environments.
8. H. Use nested stacks to define common infrastructure component
9. I. Use Fn::ImportValue intrinsic functions with the resources of the nested stack to retrieve Virtual Private Cloud (VPC) and subnet value
10. J. Use the CreateChangeSet and ExecuteChangeSet commands to update existing development environments.
11. K. Use Fn::ImportValue intrinsic functions in the Parameters section of the root template to retrieve Virtual Private Cloud (VPC) and subnet value
12. L. Define the development resources in the order they need to be created in the CloudFormation nested stack
13. M. Use the CreateChangeSe
14. N. and ExecuteChangeSet commands to update existing development environments.

Correct Answer: C
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function- reference-importvalue.html https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html CF of network exports the VPC, subnet or needed information CF of application imports the above information to its stack and UpdateChangeSet/ ExecuteChangeSet

A company has its AWS accounts in an organization in AWS Organizations. AWS Config is manually configured in each AWS account. The company needs to implement a solution to centrally configure AWS Config for all accounts in the organization The solution also must record resource changes to a central account.
Which combination of actions should a DevOps engineer perform to meet these requirements? (Choose two.)

1. A. Configure a delegated administrator account for AWS Confi
2. B. Enable trusted access for AWS Config in the organization.
3. C. Configure a delegated administrator account for AWS Confi
4. D. Create a service-linked role for AWS Config in the organization’s management account.
5. E. Create an AWS CloudFormation template to create an AWS Config aggregato
6. F. Configure a CloudFormation stack set to deploy the template to all accounts in the organization.
7. G. Create an AWS Config organization aggregator in the organization's management accoun
8. H. Configure data collection from all AWS accounts in the organization and from all AWS Regions.
9. I. Create an AWS Config organization aggregator in the delegated administrator accoun
10. J. Configure data collection from all AWS accounts in the organization and from all AWS Regions.

Correct Answer: AE
https://aws.amazon.com/blogs/mt/org-aggregator-delegated-admin/ https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate- config.html

A DevOps engineer is building a continuous deployment pipeline for a serverless application that uses AWS Lambda functions. The company wants to reduce the customer impact of an unsuccessful deployment. The company also wants to monitor for issues.
Which deploy stage configuration will meet these requirements?

1. A. Use an AWS Serverless Application Model (AWS SAM) template to define the serverless applicatio
2. B. Use AWS CodeDeploy to deploy the Lambda functions with the Canary10Percent15Minutes Deployment Preference Typ
3. C. Use Amazon CloudWatch alarms to monitor the health of the functions.
4. D. Use AWS CloudFormation to publish a new stack update, and include Amazon CloudWatch alarms on all resource
5. E. Set up an AWS CodePipeline approval action for a developer to verify and approve the AWS CloudFormation change set.
6. F. Use AWS CloudFormation to publish a new version on every stack update, and include Amazon CloudWatch alarms on all resource
7. G. Use the RoutingConfig property of the AWS::Lambda::Alias resource to update the traffic routing during the stack update.
8. H. Use AWS CodeBuild to add sample event payloads for testing to the Lambda function
9. I. Publish a new version of the functions, and include Amazon CloudWatch alarm
10. J. Update the production alias to point to the new versio
11. K. Configure rollbacks to occur when an alarm is in the ALARM state.

Correct Answer: D
Use routing configuration on an alias to send a portion of traffic to a second function version. For example, you can reduce the risk of deploying a new version by configuring the alias to send most of the traffic to the existing version, and only a small percentage of traffic to the new version. https://docs.aws.amazon.com/lambda/latest/dg/configuration-aliases.html
The following are the steps involved in the deploy stage configuration that will meet the requirements:
✑ Use AWS CodeBuild to add sample event payloads for testing to the Lambda
functions.
✑ Publish a new version of the functions, and include Amazon CloudWatch alarms.
✑ Update the production alias to point to the new version.
✑ Configure rollbacks to occur when an alarm is in the ALARM state.
This configuration will help to reduce the customer impact of an unsuccessful deployment
by deploying the new version of the functions to a staging environment first. This will allow the DevOps engineer to test the new version of the functions before deploying it to production.
The configuration will also help to monitor for issues by including Amazon CloudWatch alarms. These alarms will alert the DevOps engineer if there are any problems with the new version of the functions.