最上級のAWS-DevOps-Engineer-Professional試験問題Amazonテスト最高成績で最速合格をゲットせよ!
試験準備には最適なAWS-DevOps-Engineer-Professional試験問題2022年最新のAWS Certified DevOps Engineer究極な275問があります
質問 79
A company that uses electronic health records is running a fleet of Amazon EC2 instances with an Amazon Linux operating system. As part of patient privacy requirements, the company must ensure continuous compliance for patches for operating system and applications running on the EC2 instances.
How can the deployments of the operating system and application patches be automated using a default and custom repository?
- A. Use yum-config-manager to add the custom repository under /etc/yum.repos.d and run yum-config-manager-enable to activate the repository.
- B. Use AWS Systems Manager to create a new patch baseline including the corporate repository. Execute the AWS-AmazonLinuxDefaultPatchBaseline document using the run command to verify and install patches.
- C. Use AWS Systems Manager to create a new patch baseline including the custom repository. Execute the AWS-RunPatchBaseline document using the run command to verify and install patches.
- D. Use AWS Direct Connect to integrate the corporate repository and deploy the patches using Amazon CloudWatch scheduled events, then use the CloudWatch dashboard to create reports.
正解: B
質問 80
You currently have a set of instances running on your Opswork stacks. You need to install security updates on these servers. What does AWS recommend in terms of how the security updates should be deployed?
Choose 2 answers from the options given below.
- A. Createa new Opswork stack with the new instances.
- B. Createand start new instances to replace your current online instances. Then deletethe current instances.
- C. OnLinux-based instances in Chef 11.10 or older stacks, run the UpdateDependencies stack command.
- D. Create a cloudformation template which can be used to replace the instances.
正解: B,C
解説:
Explanation
The AWS Documentation mentions the following
By default, AWS OpsWorks Stacks automatically installs the latest updates during setup, after an instance finishes booting. AWS OpsWorks Stacks does not automatically install updates after an instance is online, to avoid interruptions such as restarting application servers. Instead, you manage updates to your online instances yourself, so you can minimize any disruptions.
We recommend that you use one of the following to update your online instances.
Create and start new instances to replace your current online instances. Then delete the current instances. The new instances will have the latest set of security patches installed during setup.
On Linux-based instances in Chef 11.10 or older stacks, run the Update Dependencies stack command, which installs the current set of security patches and other updates on the specified instances.
For more information on Opswork updates, please visit the below url * http://docs.aws.amazon.com/opsworks/latest/userguide/best-practices-updates.htmI
質問 81
You need to deploy a multi-container Docker environment on to Elastic beanstalk. Which of the following
files can be used to deploy a set of Docker containers to Elastic beanstalk
- A. Dockerfile
- B. Dockerrun.aws.json
- C. Dockerrun
- D. DockerMultifile
正解: B
解説:
Explanation
The AWS Documentation specifies
A Dockerrun.aws.json file is an Clastic Beanstalk-specific JSON file that describes how to deploy a set of
Docker containers as an Clastic Beanstalk application. You
can use aDockerrun.aws.json file for a multicontainer Docker environment.
Dockerrun.aws.json describes the containers to deploy to each container instance in the environment as well as
the data volumes to create on the host instance for
the containers to mount.
For more information on this, please visit the below URL:
* http://docs.aws.a
mazon.com/elasticbeanstalk/latest/dg/create_deploy_docker_v2config. html
質問 82
A company is deploying a container-based application using AWS CodeBuild. The Security team mandates that all containers are scanned for vulnerabilities prior to deployment using a password-protected endpoint. All sensitive information must be stored securely.
Which solution should be used to meet these requirements?
- A. Use the AWS Encryption SDK to encrypt the password and embed in the buildspec.yml file as a variable under the secrets mapping. Attach a policy to CodeBuild to enable access to the required decryption key.
- B. Encrypt the password using AWS KMS. Store the encrypted password in the buildspec.yml file as an environment variable under the variables mapping. Reference the environment variable to initiate scanning.
- C. Store the password in the AWS Systems Manager Parameter Store as a secure string. Add the Parameter Store key to the buildspec.yml file as an environment variable under the parameter-store mapping.
Reference the environment variable to initiate scanning. - D. Import the password into an AWS CloudHSM key. Reference the CloudHSM key in the buildpec.yml file as an environment variable under the variables mapping. Reference the environment variable to initiate scanning.
正解: C
質問 83
The Security team depends on AWS CloudTrail to detect sensitive security issues in the company's AWS account. The DevOps Engineer needs a solution to auto-remediate CloudTrail being turned off in an AWS account. What solution ensures the LEAST amount of downtime for the CloudTrail log deliveries?
- A. Create an Amazon CloudWatch Events rule for a scheduled event every 5 minutes. Create an AWS Lambda function that uses the AWS SDK to call StartLogging on an CloudTrail trail in the AWS account. Add the Lambda function ARN as a target to the CloudWatch Events rule.
- B. Launch a t2.nano instance with a script running every 5 minutes that uses the AWS SDK to query CloudTrail in the current account. If the CloudTrail trail is disabled, have the script re-enable the trail.
- C. Create an Amazon CloudWatch Events rule for the CloudTrail StopLogging event. Create an AWS Lambda function that uses the AWS SDK to call StartLogging on the ARN of the resource in which StopLogging was called. Add the Lambda function ARN as a target to the CloudWatch Events rule.
- D. Deploy the AWS-managed CloudTrail-enabled AWS Config rule, set with a periodic interval of 1 hour. Create an Amazon CloudWatch Events rule for AWS Config rules compliance change. Create an AWS Lambda function that uses the AWS SDK to call StartLogging on the ARN of the resource in which StopLogging was called. Add the Lambda function ARN as a target to the CloudWatch Events rule.
正解: C
解説:
https://aws.amazon.com/blogs/mt/monitor-changes-and-auto-enable-logging-in-aws-cloudtrail/
質問 84
Your company has the requirement to set up instances running as part of an Autoscaling Group. Part of the
requirement is to use Lifecycle hooks to setup custom based software's and do the necessary configuration on
the instances. The time required for this setup might take an hour, or might finish before the hour is up. How
should you setup lifecycle hooks for the Autoscaling Group. Choose 2 ideal actions you would include as part
of the lifecycle hook.
- A. Configure the lifecycle hook to record heartbeats. If the hour is up, restart the timeout period.
- B. Ifthe software installation and configuration is complete, then restart the time period.
- C. If the software installation and configuration is complete, then send a signal to complete the launch of
the instance. - D. Configure the lifecycle hook to record heartbeats. If the hour is up, choose to terminate the current
instance and start a new one
正解: A,C
解説:
Explanation
The AWS Documentation provides the following information on lifecycle hooks
By default, the instance remains in a wait state for one hour, and then Auto Scaling continues the launch or
terminate process (Pending: Proceed or Terminating: Proceed). If you need more time, you can restart the
timeout period by recording a heartbeat. If you finish before the timeout period ends, you can complete the
lifecycle action, which continues the launch or termination process
For more information on AWS Lifecycle hooks, please visit the below URL:
* http://docs.aws.amazon.com/autoscaling/latest/userguide/lifecycle-hooks.html
質問 85
A company plans to stop using Amazon EC2 key pairs for SSH access, and instead plans to use AWS Systems Manager Session Manager. To further enhance security, access to Session Manager must take place over a private network only.
Which combinations of actions will accomplish this? (Choose two.)
- A. Allow inbound access to TCP port 22 in all associated EC2 security groups from the VPC CIDR range.
- B. Deploy a new EC2 instance that will act as a bastion host to the rest of the EC2 instance fleet.
- C. Attach an IAM policy with the necessary Systems Manager permissions to the existing IAM instance profile.
- D. Remove any default routes in the associated route tables.
- E. Create a VPC endpoint for Systems Manager in the desired Region.
正解: C,E
質問 86
A Solutions Architect is about to deploy an API on multiple EC2 instances in an Auto Scaling group behind an
ELB. The support team has the following operational requirements:
1 They get an alert when the requests per second go over 50,000
2 They get an alert when latency goes over 5 seconds
3 They can validate how many times a day users call the API requesting highly-sensitive data
Which combination of steps does the Architect need to take to satisfy these operational requirements? (Select
two.)
- A. Create an application to export and save CloudWatch metrics for longer term trending analysis.
- B. Configure CloudWatch alarms for any metrics the support team requires.
- C. Ensure that CloudTrail is enabled.
- D. Create a custom CloudWatch metric to monitor the API for data access.
- E. Ensure that detailed monitoring for the EC2 instances is enabled.
正解: D,E
質問 87
A DevOps Engineer is leading the implementation for automating patching of Windows-based workstations in a hybrid cloud environment by using AWS Systems Manager (SSM).
What steps should the Engineer follow to set up Systems Manager to automate patching in this environment?
(Select TWO.)
- A. Create multiple IAM service roles for Systems Manager so that the ssm.amazonaws.com service can execute the AssumeRole operation on every instance. Register the role on a per-resource level to enable the creation of a service token. Perform managed-instance activation with the newly created service role attached to each managed instance.
- B. Run AWS Config to create a list of instances that are unpatched and not compliant. Create an instance scheduler job, and through an AWS Lambda function, perform the instance patching to bring them up to compliance.
- C. Using previously obtained activation codes and activation IDs, download and install the SSM Agent on the hybrid servers, and register the servers or virtual machines on the Systems Manager service. Hybrid instances will show with an "mi-" prefix in the SSM console.
- D. Using previously obtained activation codes and activation IDs, download and install the SSM Agent on the hybrid servers, and register the servers or virtual machines on the Systems Manager service. Hybrid instances will show with an "i-" prefix in the SSM console as if they were provisioned as a regular Amazon EC2 instance.
- E. Create an IAM service role for Systems Manager so that the ssm.amazonaws.com service can execute the AssumeRole operation. Register the role to enable the creation of a service token. Perform managed-instance activation with the newly created service role.
正解: B,E
質問 88
Your DevOps team is responsible for a multi-tier, Windows-based web application consisting of web servers, Amazon RDS database instances, and a load balancer behind Amazon Route53.
You've been asked by your manager to build a cost-effective rolling deployment solution for this web application.
What method should you use?
- A. Re-deploy your application on an AWS OpsWorks stack. Use the AWS OpsWorks done stack feature to allow updates between duplicate stacks.
- B. Re-deploy your application on Elastic Beanstalk and take advantage of Elastic BeanStalk rolling updates.
- C. Re-deploy your application using an AWS CloudFormation template. Use AWS CloudFormation rolling deployment policies, create a new policy for your AWS CloudFormation stack, and initiate an update stack operation to deploy new code.
- D. Re-deploy your application using an AWS CloudFormation template, launch a new AWS CloudFormation stack during each deployment, and then tear down the old stack.
正解: C
質問 89
A healthcare company has a critical application running in AWS. Recently, the company experienced some down time. if it happens again, the company needs to be able to recover its application in another AWS Region. The application uses Elastic Load Balancing and Amazon EC2 instances. The company also maintains a custom AMI that contains its application. This AMI is changed frequently. The workload is required to run in the primary region, unless there is a regional service disruption, in which case traffic should fail over to the new region. Additionally, the cost for the second region needs to be low. The RTO is 2 hours. Which solution allows the company to fail over to another region in the event of a failure, and also meet the above requirements?
- A. Automate the copying of the AMI in the main region to the backup region. Generate an AWS Lambda function that will create an EC2 instance from the AMI and place it behind a load balancer. Using the same Lambda function, point the Amazon Route 53 record to the load balancer in the backup region. Trigger the Lambda function in the event of a failure.
- B. Maintain a copy of the AMI from the main region in the backup region. Create an Auto Scaling group with one instance using a launch configuration that contains the copied AMI. Use an Amazon Route 53 record to direct traffic to the load balancer in the backup region in the event of failure, as required. Allow the Auto Scaling group to scale out as needed during a failure.
- C. Place the AMI in a replicated Amazon S3 bucket. Generate an AWS Lambda function that can create a launch configuration and assign it to an already created Auto Scaling group. Have one instance in this Auto Scaling group ready to accept traffic. Trigger the Lambda function in the event of a failure. Use an Amazon Route 53 record and modify it with the same Lambda function to point to the load balancer in the backup region.
- D. Automate the copying of the AMI to the backup region. Create an AWS Lambda function that can create a launch configuration and assign it to an already created Auto Scaling group. Set the Auto Scaling group maximum size to 0 and only increase it with the Lambda function during a failure. Trigger the Lambda function in the event of a failure. Use an Amazon Route 53 record and modify it with the same Lambda function to point to the load balancer in the backup region.
正解: C
質問 90
A government agency has multiple AWS accounts, many of which store sensitive citizen information. A Security team wants to detect anomalous account and network activities (such as SSH brute force attacks) in any account and centralize that information in a dedicated security account. Event information should be stored in an Amazon S3 bucket in the security account, which is monitored by the department's Security Information and Even Manager (SIEM) system.
How can this be accomplished?
- A. Enable Amazon Macie in every account. Configure the security account as the Macie Administrator for every member account using invitation/acceptance. Create an Amazon CloudWatch Events rule in the security account to send all findings to Amazon Kinesis Data Firehouse, which should push the findings to the S3 bucket.
- B. Enable Amazon Macie in the security account only. Configure the security account as the Macie Administrator for every member account using invitation/acceptance. Create an Amazon CloudWatch Events rule in the security account to send all findings to Amazon Kinesis Data Streams. Write and application using KCL to read data from the Kinesis Data Streams and write to the S3 bucket.
- C. Enable Amazon GuardDuty in the security account only. Configure the security account as the GuardDuty Administrator for every member account using invitation/acceptance. Create an Amazon CloudWatch rule in the security account to send all findings to Amazon Kinesis Data Streams. Write and application using KCL to read data from Kinesis Data Streams and write to the S3 bucket.
- D. Enable Amazon GuardDuty in every account. Configure the security account as the GuardDuty Administrator for every member account using invitation/acceptance. Create an Amazon CloudWatch rule in the security account to send all findings to Amazon Kinesis Data Firehouse, which will push the findings to the S3 bucket.
正解: D
解説:
https://aws.amazon.com/about-aws/whats-new/2018/07/automate-amazon-guardduty- provisioning-over-multiple-accounts-and-regions-with-aws-cloudformation-stacksets-integration/ GuardDuty should be explicitly enabled in all member accounts.
質問 91
An online company uses Amazon EC2 Auto Scaling extensively to provide an excellent customer experience while minimizing the number of running EC2 instances. The company's self-hosted Puppet environment in the application layer manages the configuration of the instances. The IT manager wants the lowest licensing costs and wants to ensure that whenever the EC2 Auto Scaling group scales down, removed EC2 instances are deregistered from the Puppet master as soon as possible.
How can the requirement be met?
- A. Bake the AWS CodeDeploy agent into the base AMI. When the Auto Scaling group scales out, use CodeDeploy to install the Puppet agent, and execute a script to register the newly deployed instances to the Puppet master. When the Auto Scaling group scales in, use the CodeDeploy lifecycle hook to run a script to de-register the instance from the Puppet master.
ApplicationStop - B. Bake the AWS Systems Manager agent into the base AMI. When the Auto Scaling group scales out, use the AWS Systems Manager to install the Puppet agent, and run a script to register the newly deployed instances to the Puppet master. When the Auto Scaling group scales in, use the Systems Manager instance stop lifecycle hook to run a script to de-register the instance from the Puppet master.
- C. At instance launch time, use EC2 user data to deploy the AWS CodeDeploy agent. When the Auto Scaling group scales out, use CodeDeploy to install the Puppet agent, and run a script to register the newly deployed instances to the Puppet master. When the Auto Scaling group scales in, use the EC2 user data instance stop script to run a script to de-register the instance from the Puppet master.
- D. At instance launch time, use EC2 user data to deploy the AWS CodeDeploy agent. Use CodeDeploy to install the Puppet agent. When the Auto Scaling group scales out, run a script to register the newly deployed instances to the Puppet master. When the Auto Scaling group scales in, use the EC2 Auto Scaling EC2_INSTANCE_TERMINATING lifecycle hook to trigger de- registration from the Puppet master.
正解: D
解説:
codedeploy agent is a software package that, when installed and configured on an instance, makes it possible for that instance to be used in CodeDeploy deployments.
質問 92
Which of the following Cloudformation helper scripts can help install packages on EC2 resources
- A. cfn-get-metadata
- B. cfn-init
- C. cfn-hup
- D. cfn-signal
正解: B
解説:
Explanation
The AWS Documentation mentions
Currently, AWS CloudFormation provides the following helpers:
cf n-init: Used to retrieve and interpret the resource metadata, installing packages, creating files and starting
services.
cf n-signal: A simple wrapper to signal an AWS CloudFormation CreationPolicy or WaitCondition, enabling
you to synchronize other resources in the stack with the application being ready.
cf n-get-metadata: A wrapper script making it easy to retrieve either all metadata defined for a resource or path
to a specific key or subtree of the resource metadata.
cf
n-hup: A daemon to check for updates to metadata and execute custom hooks when the changes are detected.
For more information on helper scripts, please visit the below URL: http://docs.aws.a
mazon.com/AWSCIoudFormation/latest/UserGuide/cfn-helper-scri pts-reference.htm I
質問 93
A company is testing a web application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The company uses a blue/green deployment process with immutable instances when deploying new software. During testing, users are being automatically logged out of the application at random times. Testers also report that, when a new version of the application is deployed, all users are logged out. The Development team needs a solution to ensure users remain logged in across scaling events and application deployments.
What is the MOST efficient way to ensure users remain logged in?
- A. Modify the application to store user session information in an Amazon ElastiCache cluser.
- B. Enable session sharing on the load balancer and modify the application to read from the session store.
- C. Store user session information in an Amazon S3 bucket and modify the application to read session information from the bucket.
- D. Enable smart sessions on the load balancer and modify the application to check for an existing session.
正解: A
質問 94
You are Devops Engineer for a large organization. The company wants to start using Cloudformation
templates to start building their resources in AWS. You are getting requirements for the templates from
various departments, such as the networking, security, application etc. What is the best way to architect these
Cloudformation templates.
- A. Considerusing Opsworks to create your environments since Cloudformation is not builtfor such
customization. - B. Createseparate logical templates, for example, a separate template for networking,security, application
etc. Then nest the relevant templates. - C. Usea single Cloudformation template, since this would reduce the maintenanceoverhead on the
templates itself. - D. Considerusing Elastic beanstalk to create your environments since Cloudformation is notbuilt for such
customization.
正解: B
解説:
Explanation
The AWS documentation mentions the following
As your infrastructure grows, common patterns can emerge in which you declare the same components in each
of your templates. You can separate out these
common components and create dedicated templates for them. That way, you can mix and match different
templates but use nested stacks to create a single,
unified stack. Nested stacks are stacks that create other stacks. To create nested stacks, use the AWS:: Cloud
Form ation::Stackresource in your template to reference
other templates.
For more information on Cloudformation best practises, please visit the below url
http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/best-practices. html
質問 95
Your IT company is currently hosting a production environment in Elastic beanstalk. You understand that the Elastic beanstalk service provides a facility known as Managed updates which are minor and patch version updates which are periodically required for your system. Your IT supervisor is worried about the impact that these updates would have on the system. What can you tell about the Elastic beanstalk service with regards to managed updates
- A. Elastic Beanstalk applies managed updates with no reduction in capacity
- B. Package updates can be configurable weekly maintenance window
- C. Elastic Beanstalk applies managed updates with no downtime
- D. All of the above
正解: D
解説:
Explanation
The AWS Documentation mentions the following on package updates for the Clastic beanstalk environment You can configure your environment to apply minor and patch version updates automatically during a configurable weekly maintenance window with Managed Platform Updates. Elastic Beanstalk applies managed updates with no downtime or reduction in capacity, and cancels the update immediately if instances running your application on the new version fail health checks.
For more information on Elastic beanstalk managed updates please refer to the URL:
* https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/environment-platform-update-managed.html
* http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.platform.upgrade.html
質問 96
Your development team is developing a mobile application that access resources in AWS. The users accessing this application will be logging in via Facebook and Google. Which of the following AWS mechanisms would you use to authenticate users for the application that needs to access AWS resou rces
- A. Useseparate 1AM Roles that correspond to each Facebook and Google user
- B. Useseparate 1AM users that correspond to each Facebook and Google user
- C. UseAWS Policies to authenticate the users
- D. UseWeb identity federation to authenticate the users
正解: D
解説:
Explanation
The AWS documentation mentions the following
You can directly configure individual identity providers to access AWS resources using web identity federation. AWS currently supports authenticating users using web identity federation through several identity providers:
Login with Amazon
Facebook Login
Google Sign-in For more information on Web identity federation please visit the below URL:
* http://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/loading-browser-credentials-federated-id.htmI
質問 97
You have been requested to use CloudFormation to maintain version control and achieve automation for the applications in your organization. How can you best use CloudFormation to keep everything agile and maintain multiple environments while keeping cost down?
- A. Use CloudFormation custom resources to handle dependencies between stacks
- B. Create multiple templates in one CloudFormation stack.
- C. Create separate templates based on functionality, create nested stacks with CloudFormation.
- D. Combine all resources into one template for version control and automation.
正解: C
解説:
Explanation
As your infrastructure grows, common patterns can emerge in which you declare the same components in each of your templates. You can separate out these common components and create dedicated templates for them.
That way, you can mix and match different templates but use nested stacks to create a single, unified stack.
Nested stacks are stacks that create other stacks. To create nested stacks, use the AWS:: Cloud Form ation::Stackresource in your template to reference other templates. For more information on Cloudformation best practises please refer to the below link:
* http://docs.aws.amazon.com/AWSCIoudFormation/latest/UserGuide/best-practices.html
質問 98
A DevOps Engineer must create a Linux AMI in an automated fashion. The newly created AMI identification must be stored in a location where other build pipelines can access the new identification programmatically What is the MOST cost-effective way to do this?
- A. Create an AWS Systems Manager automation document with values instructing how the image should be created. Then build a pipeline in AWS CodePipeline to execute the automation document to build the AMI when triggered. Store the AMI identification output as a Systems Manager parameter.
- B. Build a pipeline in AWS CodePipeline to download and save the latest operating system Open Virtualization Format (OVF) image to an Amazon S3 bucket, then customize the image using the guestfish utility. Use the virtual machine (VM) import command to convert the OVF to an AMI, and store the AMI identification output as an AWS Systems Manager parameter.
- C. Launch an Amazon EC2 instance and install Packer. Then configure a Packer build with values defining how the image should be created. Build a Jenkins pipeline to invoke the Packer build when triggered to build an AMI. Store the AMI identification output in an Amazon DynamoDB table.
- D. Build a pipeline in AWS CodePipeline to take a snapshot of an Amazon EC2 instance running the latest version of the application. Then start a new EC2 instance from the snapshot and update the running instance using an AWS Lambda function. Take a snapshot of the updated instance, then convert it to an AMI. Store the AMI identification output in an Amazon DynamoDB table.
正解: A
解説:
https://aws.amazon.com/blogs/devops/bluegreen-infrastructure-application-deployment-blog/
質問 99
A Security team requires all Amazon EBS volumes that are attached to an Amazon EC2 instance to have AWS Key Management Service (AWS KMS) encryption enabled. If encryption is not enabled, the company's policy requires the EBS volume to be detached and deleted. A DevOps Engineer must automate the detection and deletion of unencrypted EBS volumes.
Which method should the Engineer use to accomplish this with the LEAST operational effort?
- A. Create an AWS Lambda function to describe all EBS volumes in the region and identify volumes that are attached to an EC2 instance without encryption enabled. The function then deletes all non- compliant volumes. The AWS Lambda function is invoked every 5 minutes by an Amazon CloudWatch Events scheduled rule.
- B. Create an Amazon CloudWatch Events rule that invokes an AWS Lambda function when an EBS volume is created. The Lambda function checks the EBS volume for encryption. If encryption is not enabled and the volume is attached to an instance, the function deletes the volume.
- C. Create a rule in AWS Config to check for unencrypted and attached EBS volumes. Subscribe an AWS Lambda function to the Amazon SNS topic that AWS Config sends change notifications to.
The Lambda function checks the change notification and deletes any EBS volumes that are non- compliant. - D. Launch an EC2 instance with an IAM role that has permissions to describe and delete volumes. Run a script on the EC2 instance every 5 minutes to describe all EBS volumes in all regions and identify volumes that are attached without encryption enabled. The script then deletes those volumes.
正解: C
質問 100
A company has several AWS accounts. The accounts are shared and used across multiple teams globally, primarily for Amazon EC2 instances. Each EC2 instance has tags for team, environment, and cost center to ensure accurate cost allocations.
How should a DevOps Engineer help the teams audit their costs and automate infrastructure cost optimization across multiple shared environments and accounts?
- A. Use AWS Systems Manager to track instance utilization and report underutilized instances to Amazon CloudWatch. Filter data in CloudWatch based on tags for team, environment, and cost center. Set up triggers from CloudWatch into AWS Lambda to reduce underutilized instances
- B. Create a separate Amazon CloudWatch dashboard for EC2 instance tags based on cost center, environment, and team, and publish the instance tags out using unique links for each team. For each team, set up a CloudWatch Events rule with the CloudWatch dashboard as the source, and set up a trigger to initiate an AWS Lambda function to reduce underutilized instances.
- C. Create an Amazon CloudWatch Events rule with AWS Trusted Advisor as the source for low utilization EC2 instances. Trigger an AWS Lambda function that filters out reported data based on tags for each team, environment, and cost center, and store the Lambda function in Amazon S3. Set up a second trigger to initiate a Lambda function to reduce underutilized instances.
- D. Set up a scheduled script on the EC2 instances to report utilization and store the instances in an Amazon DynamoDB table. Create a dashboard in Amazon QuickSight with DynamoDB as the source data to find underutilized instances. Set up triggers from Amazon QuickSight in AWS Lambda to reduce underutilized instances.
正解: D
質問 101
......
Amazon AWS-DevOps-Engineer-Professional 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
| トピック 8 |
|
| トピック 9 |
|
| トピック 10 |
|
| トピック 11 |
|
| トピック 12 |
|
| トピック 13 |
|
| トピック 14 |
|
| トピック 15 |
|
| トピック 16 |
|
| トピック 17 |
|
| トピック 18 |
|
| トピック 19 |
|
| トピック 20 |
|
注目のAWS-DevOps-Engineer-Professional豪華セット試験ガイドで最速合格を目指そう:https://www.passtest.jp/Amazon/AWS-DevOps-Engineer-Professional-shiken.html
AWS-DevOps-Engineer-Professional試験ガイド豪華セットで最速合格を目指そう:https://drive.google.com/open?id=1QRJVhMuUcEV65vbKPvW_7gXWfOr5bLdM