[2025年03月19日] 検証済みのAWS-DevOps-Engineer-Professional問題集と575格別な問題 [Q290-Q310]

[2025年03月19日] 検証済みのAWS-DevOps-Engineer-Professional問題集と575格別な問題

AWS-DevOps-Engineer-Professional問題集合格保証付きの合格できるAWS-DevOps-Engineer-Professional試験2025年更新

質問 # 290
A DevOps Engineer is asked to implement a strategy for deploying updates to a web application with zero downtime. The application infrastructure is defined in AWS CloudFormation and is made up of an Amazon Route 53 record, an Application Load Balancer, Amazon EC2 instances in an EC2 Auto Scaling group, and Amazon DynamoDB tables. To avoid downtime, there must be an active instance serving the application at all times.
Which strategies will ensure the deployment happens with zero downtime? (Select TWO.)

• A. In the CloudFormation template, modify the AWS:: AutoScaling::DeploymentUpdates resource and add an UpdatePolicy attribute to define the required elements for a deployment with zero downtime.
• B. Add a new Application Load Balancer and Auto Scaling group to the CloudFormation template.
  Modify the AWS::AutoScaling::AutoScalingGroup resource and add an UpdatePolicy attribute to perform rolling updates.
• C. In the CloudFormation template, modify the AWS::AutoScaling::AutoscalingGroup resource and add an UpdatePolicy attribute to define the required elements for a deployment with zero downtime.
• D. In the CloudFormation template, modify the UpgradePolicy attribute for the CloudFormation stack and specify the Auto Scaling group that will be updated Configure MinSuccessfulInstancesPercent and PauseTime to ensure the deployment happens with zero downtime.
• E. Add a new Application Load Balancer and Auto Scaling group to the CloudFormation template.
  Deploy new changes to the inactive Auto Scaling group. Use Route 53 to change the active Application Load Balancer.

正解：C、E

質問 # 291
You have defined a Linux based instance stack in Opswork. You now want to attach a database to the
Opswork stack. Which of the below is an important step to ensure that the application on the Linux instances
can communicate with the database

• A. ConfigureSSL so that the instance can communicate with the database
• B. Addanother stack with the database layer and attach it to the application stack.
• C. Addanother stack with the database layer and attach it to the application stack.
• D. Addthe appropriate driver packages to ensure the application can work with thedatabase
• E. Configuredatabase tags for the Opswork application layerOpswork application layer
• F. ConfigureSSL so that the instance can communicate with the database
• G. Addthe appropriate driver packages to ensure the application can work with thedatabase
• H. Configuredatabase tags for theYou have defined a Linux based instance stack in Opswork. You now
  want to attach a database to the Opswork stack. Which of the below is an important step to ensure that
  the application on the Linux instances can communicate with the database

正解：D

解説：
Explanation
The AWS documentation mentions the below point
Important
For Linux stacks, if you want to associate an Amazon RDS service layer with your app, you must add the
appropriate driver package to the associated app server layer,
as follows:
1. Click Layers in the navigation pane and open the app server's Recipes tab.
2. Click Edit and add the appropriate driver package to OS Packages. For example, you should specify mysql
if the layer contains Amazon Linux instances and mysql-client if the layer contains Ubuntu instances.
3. Save the changes and redeploy the app.
For
more information on Opswork app connectivity, please visit the below URL: http://docs.aws.a
mazon.com/opsworks/latest/userguide/workingapps-connectdb. htm I

質問 # 292
A company is using several AWS CloudFormation templates for deploying infrastructure as code.
In most of the deployments, the company uses Amazon EC2 Auto Scaling groups. A DevOps Engineer needs to update the AMIs for the Auto Scaling group in the template if newer AMIs are available.
How can these requirements be met?

• A. Launch an Amazon EC2 m4 small instance and run a script on it to check for new AMIs. If new AMIs are available, the script should update the launch configuration resource block with the new AMI ID.
• B. Use conditions in the AWS CloudFormation template to check if new AMIs are available and return the AMI ID. Reference the returned AMI ID in the launch configuration resource block.
• C. Manage the AMI mappings in the CloudFormation template. Use Amazon CloudWatch Events for detecting new AMIs and updating the mapping in the template. Reference the map in the launch configuration resource block.
• D. Use an AWS Lambda-backed custom resource in the template to fetch the AMI IDs. Reference the returned AMI ID in the launch configuration resource block.

正解：D

解説：
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/walkthrough-custom- resources-lambda-lookup-amiids.html

質問 # 293
Your company develops a variety of web applications using many platforms and programming languages with different application dependencies.
Each application must be developed and deployed quickly and be highly evadable to satisfy your business requirements.
Which of the following methods should you use to deploy these applications rapidly?

• A. Use the AWS CloudFormation Docker import service to build and deploy the applications with high availability in multiple Availability Zones.
• B. Develop the applications in Docker containers, and then deploy them to Elastic Beanstalk environments with Auto Scaling and Elastic Load Balancing.
• C. Develop each application's code in DynamoDB, and then use hooks to deploy it to Elastic Beanstalk environments with Auto Scaling and Elastic Load Balancing.
• D. Store each application's code in a Git repository, develop custom package repository managers for each application's dependencies, and deploy to AWS OpsWorks in multiple Availability Zones.

正解：B

質問 # 294
Which of these is not a CloudFormation Helper Script?

• A. cfn-hup
• B. cfn-signal
• C. cfn-get-metadata
• D. cfn-request

正解：D

解説：
This is the complete list of CloudFormation Helper Scripts: cfn-init, cfn-signal, cfn-get-metadata, cfn-hup
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-helper-scripts- reference.html

質問 # 295
A DevOps Engineer is responsible for the deployment of a PHP application. The Engineer is working in a hybrid deployment, with the application running on both on-premises servers and Amazon EC2 instances. The application needs access to a database containing highly confidential information. Application instances need access to database credentials, which must be encrypted at rest and in transit before reaching the instances.
How should the Engineer automate the deployment process while also meeting the security requirements?

• A. Use AWS CodeDeploy to deploy application packages to the instances. Store database credentials on AWS Systems Manager Parameter Store using the Secure String data type. Define an IAM role with an attached policy that allows decryption of the database credentials. Associate this role to all the instances and on-premises servers.
• B. Use AWS CodeDeploy to deploy application packages to the instances. Store database credentials on AWS Systems Manager Parameter Store using the Secure String data type. Define an IAM policy for allowing access, and decrypt only the database credentials. Attach the IAM policy to the role associated to the instance profile for CodeDeploy-managed instances, and to the role used for on- premises instances registration on CodeDeploy.
• C. Use AWS Elastic Beanstalk with a PHP platform configuration to deploy application packages to the instances. Store database credentials on AWS Systems Manager Parameter Store using the Secure String data type. Define an IAM role for Amazon EC2 allowing access, and decrypt only the database credentials. Associate this role to all the instances.
• D. Use AWS CodeDeploy to deploy application packages to the instances. Store database credentials in the AppSpec file. Define an IAM policy for allowing access to only the database credentials. Attach the IAM policy to the role associated to the instance profile for CodeDeploy- managed instances and the role used for on-premises instances registration on CodeDeploy.

正解：B

質問 # 296
A web application has been deployed using an AWS Elastic Beanstalk application. The Application Developers are concerned that they are seeing high latency in two different areas of the application:
* HTTP client requests to a third-party API
* MySQL client library queries to an Amazon RDS database
A DevOps Engineer must gather trace data to diagnose the issues.
Which steps will gather the trace information with the LEAST amount of changes and performance impacts to the application?

• A. On the AWS Elastic Beanstalk management page for the application, enable the AWS X-Ray daemon.
  View the trace data in the X-Ray console.
• B. Instrument the application to use the AWS X-Ray SDK. Post trace data to an Amazon Elasticsearch Service cluster. Query the trace data for calls to the HTTP client and the MySQL client.
• C. Add additional logging to the application code. Use the Amazon CloudWatch agent to stream the application logs into Amazon Elasticsearch Service. Query the log data in Amazon ES.
• D. Instrument the application using the AWS X-Ray SDK. On the AWS Elastic Beanstalk management page for the application, enable the X-Ray daemon. View the trace data in the X-Ray console.

正解：D

解説：
Explanation/Reference:
Reference https://docs.aws.amazon.com/xray/latest/devguide/xray-gettingstarted.html

質問 # 297
A company has developed a Node.js web application which provides REST services to store and retrieve time series data. The web application is built by the Development team on company laptops, tested locally, and manually deployed to a single on-premises server, which accesses a local MySQL database. The company is starting a trial in two weeks, during which the application will undergo frequent updates based on customer feedback. The following requirements must be met:
* The team must be able to reliably build, test, and deploy new updates on a daily basis, without downtime or degraded performance.
* The application must be able to scale to meet an unpredictable number of concurrent users during the trial.
Which action will allow the team to quickly meet these objectives?

• A. Modify the application to use Amazon DynamoDB instead of a local MySQL database. Use AWS OpsWorks to create a stack for the application with a DynamoDB layer, an Application Load Balancer layer, and an Amazon EC2 instance layer. Use a Chef recipe to build the application and a Chef recipe to deploy the application to the EC2 instance layer. Use custom health checks to run unit tests on each instance with rollback on failure.
• B. Develop an AWS CloudFormation template to create an Application Load Balancer and two Amazon EC2 instances with Amazon EBS (SSD) volumes in an Auto Scaling group with rolling updates enabled. Use AWS CodeBuild to build and test the Node.js application and store it in an Amazon S3 bucket. Use user-data scripts to install the application and the MySQL database on each EC2 instance.
  Update the stack to deploy new application versions.
• C. Create two Amazon Lightsail virtual private servers for Node.js; one for test and one for production.
  Build the Node.js application using existing process and upload it to the new Lightsail test server using the AWS CLI. Test the application, and if it passes all tests, upload it to the production server. During the trial, monitor the production server usage, and if needed, increase performance by upgrading the instance type.
• D. Configure AWS Elastic Beanstalk to automatically build the application using AWS CodeBuild and to deploy it to a test environment that is configured to support auto scaling. Create a second Elastic Beanstalk environment for production. Use Amazon RDS to store data. When new versions of the applications have passed all tests, use Elastic Beanstalk 'swap cname' to promote the test environment to production.

正解：A

質問 # 298
A company is using an AWS CodeBuild project to build and package an application. The packages are copied to a shared Amazon S3 bucket before being deployed across multiple AWS accounts.
The buildspec.yml file contains the following:

The DevOps Engineer has noticed that anybody with an AWS account is able to download the artifacts.
What steps should the DevOps Engineer take to stop this?

• A. Modify the post_build to command to use --acl public-readand configure a bucket policy that grants read access to the relevant AWS accounts only.
• B. Modify the post_build command to remove --acl authenticated-readand configure a bucket policy that allows read access to the relevant AWS accounts only.
• C. Configure a default ACL for the S3 bucket that defines the set of authenticated users as the relevant AWS accounts only and grants read-only access.
• D. Create an S3 bucket policy that grants read access to the relevant AWS accounts and denies read access to the principal "*"

正解：A

質問 # 299
A DevOps Engineer must improve the monitoring of a Finance team payments microservice that handles transactions for an e-commerce platform. The microservice runs on multiple Amazon EC2 instances. The Finance team would like to know the number of payments per minute, and the team would like to be notified when this metric falls below a specified threshold.
How can this be cost-effectively automated?

• A. Have the Development team log successful transactions to an application log. Set up the Amazon CloudWatch agent on each instance. Create a CloudWatch alarm when the threshold is breached, and use Amazon SNS to notify the Finance team.
• B. Have the Development team post the number of successful transactions to Amazon CloudWatch as a custom metric. Create a CloudWatch alarm when the threshold is breached, and use Amazon SNS to notify the Finance team.
• C. Have the Development team log successful transactions to an application log. On each instance, set up the Amazon CloudWatch Logs agent to send application logs to CloudWatch Logs. Use an EC2 instance to monitor a metric filter, and send notifications to the Finance team.
• D. Have the Development team log successful transactions to an application log. Set up Logstash on each instance, which sends logs to an Amazon ES cluster. Create a Kibana dashboard for the Finance team that graphs the metric.

正解：A

解説：
https://aws.amazon.com/premiumsupport/knowledge-center/cloudwatch-custom-metrics/ B as the cloudwatch alarm depends on the metrics, but D didn't mention the custom metric of the number.

質問 # 300
You have a set of applications hosted in AWS. There is a requirement to store the logs from this application
onto durable storage. After a period of 3 months, the logs can be placed in archival storage. Which of the
following steps would you carry out to achieve this requirement. Choose 2 answers from the options given
below

• A. Storethe log files as they emitted from the application on to Amazon Simple Storageservice
• B. Storethe logfiles as they emitted from the application on to Amazon Glacier
• C. UseLifecycle policies to move the data onto Amazon Glacier after a period of 3months
• D. UseLifecycle policies to move the data onto Amazon Simple Storage service after aperiod of 3 months

正解：A、C

解説：
Explanation
The AWS Documentation mentions the following
Amazon Simple Storage Service (Amazon S3) makes it simple and practical to collect, store, and analyze data
- regardless of format - all at massive scale. S3 is object
storage built to store and retrieve any amount of data from anywhere - web sites and mobile apps, corporate
applications, and data from loT sensors or devices.
For more information on S3, please visit the below URL:
* https://aws.amazon.com/s3/
Lifecycle configuration enables you to specify the lifecycle management of objects in a bucket. The
configuration is a set of one or more rules, where each rule defines an action for Amazon S3 to apply to a
group of objects. These actions can be classified as follows: Transition actions - In which you define when
objects transition to another storage class. For example, you may choose to transition objects to the
STANDARDJ A (IA, for infrequent access) storage class 30 days after creation, or archive objects to the
GLACIER storage class one year after creation. Cxpiration actions - In which you specify when the objects
expire. Then Amazon S3 deletes the expired objects on your behalf. For more information on S3 Lifecycle
policies please visit the below URL:
* http://docs.aws.a
mazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.htm I

質問 # 301
Which of the following services can be used in conjunction with Cloudwatch Logs. Choose the 3 most viable services from the options given below

• A. Amazon Lambda
• B. Amazon S3
• C. Amazon SQS
• D. Amazon Kinesis

正解：A、B、D

解説：
Explanation
The AWS Documentation the following products which can be integrated with Cloudwatch logs
1) Amazon Kinesis - Here data can be fed for real time analysis
2) Amazon S3 - You can use CloudWatch Logs to store your log data in highly durable storage such as S3.
3) Amazon Lambda - Lambda functions can be designed to work with Cloudwatch log For more information on Cloudwatch Logs, please refer to the below link:
link:http://docs^ws.amazon.com/AmazonCloudWatch/latest/logs/WhatlsCloudWatchLogs.html

質問 # 302
The project you are working on currently uses a single AWS CloudFormation template to deploy its AWS infrastructure, which supports a multi-tier web application. You have been tasked with organizing the AWS CloudFormation resources so that they can be maintained in the future, and so that different departments such as Networking and Security can review the architecture before it goes to Production.
How should you do this in a way that accommodates each department, using their existing workflows?

• A. Use a custom application and the AWS SDK to replicate the resources defined in the current AWS CloudFormation template, and use the existing code review system to allow other departments to approve changes before altering the application for future deployments.
• B. Organize the AWS CloudFormation template so that related resources are next to each other in the template for each department's use, leverage your existing continuous integration tool to constantly deploy changes from all parties to the Production environment, and then run tests for validation.
• C. Separate the AWS CloudFormation template into a nested structure that has individual templates for the resources that are to be governed by different departments, and use the outputs from the networking and security stacks for the application template that you control
• D. Organize the AWS CloudFormation template so that related resources are next to each other in the template, such as VPC subnets and routing rules for Networking and security groups and IAM information for Security.

正解：C

質問 # 303
What does the Docker network docker_gwbridge do?

• A. allows communication between swarm nodes on the same host
• B. allows communication between containers on the same host
• C. allows communication between swarm nodes on different hosts
• D. allows communication between containers on the different hosts

正解：C

解説：
The docker_gwbridge is a local bridge network which is automatically created by Docker in two different circumstances: When you initialize or join a swarm, Docker creates the docker_gwbridge network and uses it for communication among swarm nodes on different hosts. When none of a container's networks can provide external connectivity, Docker connects the container to the docker_gwbridge network in addition to the container's other networks, so that the container can connect to external networks or other swarm nodes.
Reference:
https://docs.docker.com/engine/userguide/networking/#the-docker_gwbridge-network

質問 # 304
You are responsible for a large-scale video transcoding system that operates with an Auto Scaling group of video transcoding workers.
The Auto Scaling group is configured with a minimum of 750 Amazon EC2 instances and a maximum of 1000 Amazon EC2 instances.
You are using Amazon SQS to pass a message containing the URI for a video stored in Amazon S3 to the transcoding workers.
An Amazon CloudWatch alarm has notified you that the queue depth is becoming very large.
How can you resolve the alarm without the risk of increasing the time to transcode videos?
Choose 2 answers.

• A. Change the Amazon CloudWatch alarm so that it monitors the CPU utilization of the Amazon EC2 instances rather than the Amazon SQS queue depth.
• B. Add an additional Availability Zone to the Auto Scaling group configuration.
• C. Adjust the Auto Scaling group configuration to increase the maximum number of Amazon EC2 instances.
• D. Create a new Auto Scaling group with a launch configuration that has a larger Amazon EC2 instance type
• E. Adjust the Amazon CloudWatch alarms for a higher queue depth.
• F. Create a second queue in Amazon SQS.

正解：C、D

質問 # 305
After reviewing the last quarter's monthly bills, management has noticed an increase in the overall bill from
Amazon. After researching this increase in cost, you discovered that one of your new services is doing a lot of
GET Bucket API calls to Amazon S3 to build a metadata cache of all objects in the applications bucket. Your
boss has asked you to come up with a new cost-effective way to help reduce the amount of these new GET
Bucket API calls. What process should you use to help mitigate the cost?

• A. Upload all files to an ElastiCache file cache server. Update your application to now read all file
  metadata from the ElastiCache file cache server, and configure the ElastiCache policies to push all files
  to Amazon S3 for long-term storage.
• B. Update your Amazon S3 buckets' lifecycle policies to automatically push a list of objects to a new
  bucket, and use this list to view objects associated with the application's bucket.
• C. Create a new DynamoDB table. Use the new DynamoDB table to store all metadata about all objects
  uploaded to Amazon S3. Any time a new object is uploaded, update the application's internal Amazon
  S3 object metadata cache from DynamoDB.
  C Using Amazon SNS, create a notification on any new Amazon S3 objects that automatical ly updates
  a new DynamoDB table to store all
  metadata about the new object. Subscribe the application to the Amazon SNS topic to update its internal
  Amazon S3 object metadata cache from the DynamoDB table. ^/

正解：A

解説：
Explanation
Option A is an invalid option since Lifecycle policies are normally used for expiration of objects or archival of
objects.
Option B is partially correct where you store the data in DynamoDB, but then the number of GET requests
would still be high if the entire DynamoDB table had to be
traversed and each object compared and updated in S3.
Option D is invalid because uploading all files to Clastic Cache is not an ideal solution.
The best option is to have a notification which can then trigger an update to the application to update the
DynamoDB table accordingly.
For more information on SNS triggers and DynamoDB please refer to the below link:
https://aws.amazon.com/blogs/compute/619/

質問 # 306
You have written a server-side Node.Js application and a web application with an HTML/JavaScript front end that uses the Angular.js framework.
The server-side application connects to an Amazon Redshift cluster, issues queries, and then returns the results to the front end for display.
Your user base is very large and distributed, but it is important to keep the cost of running this application low.
Which deployment strategy is both technically valid and the most cost-effective?

• A. Upload the HTML, CSS, images, and JavaScript for the front end to an Amazon S3 bucket.
  Use AWS Elastic Beanstalk to deploy the Node.js application.
  Launch an Amazon Redshift cluster, and point your application to its JDBC endpoint.
• B. Deploy an AWS Elastic Beanstalk application with two environments: one for the Node.js application and another for the web front end.
  Launch an Amazon Redshift cluster, and point your application to its Java Database Connectivity (JDBC) endpoint.
• C. Upload the HTML, CSS, images, and JavaScript for the front end to an Amazon Simple Storage Service (S3) bucket.
  Create an Amazon CloudFront distribution with this bucket as its origin. Use AWS Elastic Beanstalk to deploy the Node.js application.
  Launch an Amazon Redshift cluster, and point your application to its JDBC endpoint.
• D. Upload the HTML, CSS, images, and JavaScript for the front end, plus the Node.js code for the server-side application, to an Amazon S3 bucket.
  Create a CloudFront distribution with this bucket as its origin.
  Launch an Amazon Redshift cluster, and point your application to its JDBC endpoint.
• E. Deploy an AWS OpsWorks stack with three layers: a static web server layer for your front end, a Node.js app server layer for your server-side application, and a Redshift DB layer for your Amazon Redshift duster.

正解：C

質問 # 307
You need the absolute highest possible network performance for a cluster computing application. You
already selected homogeneous instance types supporting 10 gigabit enhanced networking, made sure
that your workload was network bound, and put the instances in a placement group. What is the last
optimization you can make?

• A. Use 9001 MTU instead of 1500 for Jumbo Frames, to raise packet body to packet overhead ratios.
• B. Turn off SYN/ACK on your TCP stack or begin using UDP for higher throughput.
• C. Segregate the instances into different peered VPCs while keeping them all in a placement group, so
  each one has its own Internet Gateway.
• D. Bake an AMI for the instances and relaunch, so the instances are fresh in the placement group and do
  not have noisy neighbors.

正解：A

解説：
For instances that are collocated inside a placement group, jumbo frames help to achieve the maximum
network throughput possible, and they are recommended in this case. For more information, see
Placement Groups.
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/network_mtu.html#jumbo_frame_instances

質問 # 308
What does it mean if you have zero IOPS and a non-empty I/O queue for all EBS volumes attached to a
running EC2 instance?

• A. The EBS volume is unavailable.
• B. Your EBS disk head(s) is/are seeking magnetic stripes.
• C. You need to re-mount the EBS volume in the OS.
• D. The I/O queue is buffer flushing.

正解：A

解説：
This is the definition of Unavailable from the EC2 and EBS SLA.
"Unavailable" and "Unavailability" mean... For Amazon EBS, when all of your attached volumes perform
zero read write IO, with pending IO in the queue.
Reference: https://aws.amazon.com/ec2/sla/

質問 # 309
Two teams are working together on different portions of an architecture and are using AWS CloudFormation to manage their resources. One team administers operating system-level updates and patches, while the other team manages application-level dependencies and updates. The Application team must take the most recent AMI when creating new instances and deploying the application. What is the MOST scalable method for linking these two teams and processes?

• A. The Operating System team uses CloudFormation stack to create an AWS CodePipeline pipeline that builds new AMIs. The team then places the AMI ARNs as parameters in AWS Systems Manager Parameter Store as part of the pipeline output. The Application team specifies a parameter of type ssm in their CloudFormation stack to obtain the most recent AMI ARN from the Parameter Store.
• B. The Operating System team uses CloudFormation stack to create an AWS CodePipeline pipeline that builds new AMIs, then places the latest AMI ARNs in an encrypted Amazon S3 object as part of the pipeline output. The Application team uses a cross-stack reference within their own CloudFormation template to get that S3 object location and obtain the most recent AMI ARNs to use when deploying their application.
• C. The Operating System team uses CloudFormation to create new versions of their AMIs and lists the Amazon Resource names (ARNs) of the AMIs in an encrypted Amazon S3 object as part of the stack output section. The Application team uses a cross-stack reference to load the encrypted S3 object and obtain the most recent AMI ARNs.
• D. The Operating System team maintains a nested stack that includes both the operating system and Application team templates. The Operating System team uses a stack update to deploy updates to the application stack whenever the Application team changes the application code.

正解：A

解説：
https://aws.amazon.com/premiumsupport/knowledge-center/cloudformation-systems-manager- parameter
https://aws.amazon.com/blogs/mt/integrating-aws-cloudformation-with-aws-systems-manager- parameter-store/

質問 # 310
......

最新100%合格率保証付きの素晴らしいAWS-DevOps-Engineer-Professional試験問題PDF：https://www.passtest.jp/Amazon/AWS-DevOps-Engineer-Professional-shiken.html

AWS-DevOps-Engineer-Professional試験問題集を試そう！ベストAWS-DevOps-Engineer-Professional試験問題：https://drive.google.com/open?id=1-IIXz8hjAC9lGos4rK_UD5tdsF4sAlue