• Home
  • Articles
  • [Jul-2025] Study resources for the Valid AWS-DevOps Braindumps! [Q337-Q359]

[Jul-2025] Study resources for the Valid AWS-DevOps Braindumps! [Q337-Q359]

Share

[Jul-2025] Study resources for the Valid AWS-DevOps Braindumps!

Updated AWS-DevOps Tests Engine pdf - All Free Dumps Guaranteed!

NEW QUESTION # 337
A user is defining a policy for an IAM user. Which of the below mentioned options is a valid version defined for the policy?

  • A. "Version":"2014-01-01"
  • B. "Version":"2013-10-17"
  • C. "Version":"2011-10-17"
  • D. "Version":"2012-10-17"

Answer: D

Explanation:
When defining an IAM Policy, the version element specifies the policy language version. Only the following values are allowed:
2012-10-17. This is the current version of the policy language, and the user should use this version number for all the policies.
2008-10-17. This was an earlier version of the policy language. The user might see this version on the existing policies. Do not use this version for any new policies or any existing policies that are being updated.
If a version element is not included, the value defaults to 2008-10-17.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/
AccessPolicyLanguage_ElementDescriptions.html


NEW QUESTION # 338
A software company wants to automate the build process for a project where the code is stored in GitHub. When the repository is updated, source code should be compiled, tested, and pushed to Amazon S3.
Which combination of steps would address these requirements? (Choose three.)

  • A. Create an AWS OpsWorks deployment with the install dependencies command.
  • B. Create an AWS CodeBuild project with GitHub as the source repository.
  • C. Configure a GitHub webhook to trigger a build every time a code change is pushed to the repository.
  • D. Add a buildspec.yml file to the source code with build instructions.
  • E. Create an AWS CodeDeploy application with the Amazon EC2/On-Premises compute platform.
  • F. Provision an Amazon EC2 instance to perform the build.

Answer: B,D,E


NEW QUESTION # 339
A development team is using AWS CodeCommit to version control application code and AWS CodePipeline to orchestrate software deployments. The team has decided to use a remote master branch as the trigger for the pipeline to integrate code changes. A developer has pushed code changes to the CodeCommit repository, but noticed that the pipeline had no reaction, even after 10 minutes.
Which of the following actions should be taken to troubleshoot this issue?

  • A. Check that the CodePipeline service role has permission to access the CodeCommit repository.
  • B. Check that the developer's IAM role has permission to push to the CodeCommit repository.
  • C. Check to see if the pipeline failed to start because of CodeCommit errors in Amazon CloudWatch Logs.
  • D. Check that an Amazon CloudWatch Events rule has been created for the master branch to trigger the pipeline.

Answer: B


NEW QUESTION # 340
An Application team has three environments for their application: development, pre-production, and production. The team recently adopted AWS CodePipeline. However, the team has had several deployments of misconfigured or nonfunctional development code into the production environment, resulting in user disruption and downtime. The DevOps Engineer must review the pipeline and add steps to identify problems with the application before it is deployed.
What should the Engineer do to identify functional issues during the deployment process?
(Choose two.)

  • A. Use Amazon Inspector to add a test action to the pipeline. Use the Amazon Inspector Runtime Behavior Analysis Inspector rules package to check that the deployed code complies with company security standards before deploying it to production.
  • B. Using AWS CodeBuild to add a test action to the pipeline to replicate common user activities and ensure that the results are as expected before progressing to production deployment.
  • C. Create an AWS CodeDeploy action in the pipeline with a deployment configuration that automatically deploys the application code to a limited number of instances. The action then pauses the deployment so that the QA team can review the application functionality. When the review is complete, CodeDeploy resumes and deploys the application to the remaining production Amazon EC2 instances.
  • D. Add an AWS CodeDeploy action in the pipeline to deploy the latest version of the development code to pre-production. Add a manual approval action in the pipeline so that the QA team can test and confirm the expected functionality. After the manual approval action, add a second CodeDeploy action that deploys the approved code to the production environment.
  • E. After the deployment process is complete, run a testing activity on an Amazon EC2 instance in a different region that accesses the application to simulate user behavior if unexpected results occur, the testing activity sends a warning to an Amazon SNS topic. Subscribe to the topic to get updates.

Answer: A,D


NEW QUESTION # 341
A DevOps Engineer must track the health of a stateless RESTful service sitting behind a Classic Load Balancer. The deployment of new application revisions is through a Cl/CD pipeline. If the service's latency increases beyond a defined threshold, deployment should be stopped until the service has recovered.
Which of the following methods allow for the QUICKEST detection time?

  • A. Use AWS Lambda and Elastic Load Balancing access logs to detect average latency. Alarm and stop deployment when latency increases beyond the defined threshold.
  • B. Use Amazon CloudWatch metrics provided by Elastic Load Balancing to calculate average latency.
    Alarm and stop deployment when latency increases beyond the defined threshold.
  • C. Use Metric Filters to parse application logs in Amazon CloudWatch Logs. Create a filter for latency.
    Alarm and stop deployment when latency increases beyond the defined threshold.
  • D. Use AWS CodeDeploy's MinimumHealthyHosts setting to define thresholds for rolling back deployments. If these thresholds are breached, roll back the deployment.

Answer: D


NEW QUESTION # 342
A media customer has several thousand amazon EC2 instances in an AWS account. The customer is using a Slack channel for team communications and important updates. A DevOps Engineer was told to send all AWS-scheduled maintenance notifications to the company Slack channel. Which method should the Engineer use to implement this process in the LEAST amount of steps?

  • A. Integrate AWS Support with AWS CloudTrail. Based on the CloudTrail lookup event created, the event can invoke an AWS Lambda function to pass EC2 maintenance notifications to the Slack channel.
  • B. Integrate EC2 events with Amazon CloudWatch monitoring. Based on the CloudWatch Alarm created, the alarm can invoke an AWS Lambda function to send EC2 maintenance notifications to the Slack channel.
  • C. Integrate AWS Personal Health Dashboard with Amazon CloudWatch Events. Based on the CloudWatch Events created, the event can invoke an AWS Lambda function to send notifications to the Slack channel.
  • D. Integrate AWS Trusted Advisor with AWS Config. Based on the AWS Config rules created, the AWS Config event can invoke an AWS Lambda function to send notifications to the Slack channel.

Answer: B


NEW QUESTION # 343
A company is using AWS Organizations to create separate AWS accounts for each of its departments. It needs to automate the following tasks:
* Updating the Linux AMIs with new patches periodically and generating a golden image
* Installing a new version of Chef agents in the golden image, if available
* Enforcing the use of the newly generated golden AMIs in the department's account Which option requires the LEAST management overhead?

  • A. Write a script to launch an Amazon EC2 instance from the previous golden AMI, apply the patch updates, install the new version of the Chef agent, generate a new golden AMI, and then modify the AMI permissions to share only the new image with the departments' accounts.
  • B. Use AWS Systems Manager Automation to update the Linux AMI using the previous image, provide the URL for the script that will update the Chef agent, and then use AWS Organizations to replace the previous golden AMI into the departments' accounts.
  • C. Use an AWS Systems Manager Run Command to update the Chef agent first, use Amazon EC2 Systems Manager Automation to generate an updated AMI, and then assume an IAM role to copy the new golden AMI into the departments' accounts.
  • D. Use AWS Systems Manager Automation to update the Linux AMI from the previous golden image, provide the URL for the script that will update the Chef agent, and then share only the newly generated AMI with the departments' accounts.

Answer: C


NEW QUESTION # 344
A DevOps Engineer must implement monitoring for a workload running on Amazon EC2 and Amazon RDS MySQL. The monitoring must include:
* Application logs and operating system metrics for the Amazon EC2 instances
* Database logs and operating system metrics for the Amazon RDS database Which steps should the Engineer take?

  • A. Install an Amazon CloudWatch agent on the EC2 and RDS instances. Configure the agent to send the operating system metrics and application and database logs to CloudWatch.
  • B. Install an Amazon CloudWatch agent on the EC2 instance, and configure the agent to send the application logs and operating system metrics to CloudWatch. Enable RDS Enhanced Monitoring, and modify the RDS instance to publish database logs to CloudWatch Logs.
  • C. Set up scheduled tasks on the EC2 and RDS instances to put operating system metrics and application and database logs into an Amazon S3 bucket. Set up an event on the bucket to invoke an AWS Lambda function to monitor for errors each time an object is put into the bucket.
  • D. Install an Amazon CloudWatch Logs agent on the EC2 instance and configure it to send application logs to CloudWatch.

Answer: B


NEW QUESTION # 345
A rapidly growing company wants to scale for Developer demand for AWS development environments. Development environments are created manually in the AWS Management Console. The Networking team uses AWS CloudFormation to manage the networking infrastructure, exporting stack output values for the Amazon VPC and all subnets. The development environments have common standards, such as Application Load Balancers, Amazon EC2 Auto Scaling groups, security groups, and Amazon DynamoDB tables.
To keep up with the demand, the DevOps Engineer wants to automate the creation of development environments. Because the infrastructure required to support the application is expected to grow, there must be a way to easily update the deployed infrastructure.
CloudFormation will be used to create a template for the development environments.
Which approach will meet these requirements and quickly provide consistent AWS environments for Developers?

  • A. Use nested stacks to define common infrastructure components. Use Fn::ImportValue intrinsic functions with the resources of the nested stack to retrieve Virtual Private Cloud (VPC) and subnet values. Use the CreateChangeSet and ExecuteChangeSet commands to update existing development environments.
  • B. Use Fn:ImportValue intrinsic functions in the Resources section of the template to retrieve Virtual Private Cloud (VPC) and subnet values. Use CloudFormation StackSets for the development environments, using the Count input parameter to indicate the number of environments needed.
    use the UpdateStackSet command to update existing development environments.
  • C. Use nested stacks to define common infrastructure components. To access the exported values, use to reference the Networking team's template. To retrieve Virtual Private Cloud (VPC) TemplateURL and subnet values, use Fn::ImportValue intrinsic functions in the Parameters section of the master template. Use the CreateChangeSet and ExecuteChangeSet commands to update existing development environments.
  • D. Use Fn:ImportValue intrinsic functions in the Parameters section of the master template to retrieve Virtual Private Cloud (VPC) and subnet values. Define the development resources in the order they need to be created in the CloudFormation nested stacks. Use the CreateChangeSet and commands to update existing development environments.
    ExecuteChangeSet

Answer: A

Explanation:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference- importvalue.html


NEW QUESTION # 346
Which one of the following is a restriction of AWS EBS Snapshots?

  • A. You cannot share unencrypted snapshots.
  • B. To share a snapshot with a user in other region the snapshot has to be created in that region first.
  • C. Snapshot restorations are restricted to the region in which the snapshots are created.
  • D. You cannot share a snapshot containing sensitive data such as an AWS Access Key ID or AWS Secret Access Key.

Answer: B

Explanation:
Shapshots shared with other users are usable in full by the recipient, including but limited to the ability to base modified volumes and snapshots.
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot- permissions.html


NEW QUESTION # 347
You have been tasked with deploying a scalable distributed system using AWS OpsWorks.
Your distributed system is required to scale on demand. As it is distributed, each node must hold a configuration file that includes the hostnames of the other instances within the layer.
How should you configure AWS OpsWorks to manage scaling this application dynamically?

  • A. Create a Chef Recipe to update this configuration file, configure your AWS OpsWorks stack to use custom cookbooks, and assign this recipe to execute when instances are launched.
  • B. Configure your AWS OpsWorks layer to use the AWS-provided recipe for distributed host configuration, and configure the instance hostname and file path parameters in your recipes settings.
  • C. Create a Chef Recipe to update this configuration file, configure your AWS OpsWorks stack to use custom cookbooks, and assign this recipe to the Configure LifeCycle Event of the specific layer.
  • D. Update this configuration file by writing a script to poll the AWS OpsWorks service API for new instances.
    Configure your base AMI to execute this script on Operating System startup.

Answer: C


NEW QUESTION # 348
A DevOps Engineer discovered a sudden spike in a website's page load times and found that a recent deployment occurred. A brief diff of the related commit shows that the URL for an external API call was altered and the connecting port changed from 80 to 443. The external API has been verified and works outside the application. The application logs show that the connection is now timing out, resulting in multiple retries and eventual failure of the call.
Which debug steps should the Engineer take to determine the root cause of the issue'?

  • A. Check the egress security group rules and network ACLs for the VPC. Also check the VPC flow logs looking for accepts originating from the web Auto Scaling group.
  • B. Check the VPC Flow Logs looking for denies originating from Amazon EC2 instances that are part of the web Auto Scaling group. Check the ingress security group rules and routing rules for the VPC.
  • C. Check the application logs being written to Amazon CloudWatch Logs for debug information. Check the ingress security group rules and routing rules for the VPC.
  • D. Check the existing egress security group rules and network ACLs for the VPC. Also check the application logs being written to Amazon CloudWatch Logs for debug information.

Answer: A


NEW QUESTION # 349
Which of these is not a Pseudo Parameter in AWS CloudFormation?

  • A. AWS::StackArn
  • B. AWS::NotificationARNs
  • C. AWS::AccountId
  • D. AWS::StackName

Answer: A

Explanation:
This is the complete list of Pseudo Parameters: AWS::AccountId, AWS::NotificationARNs, AWS::NoValue,
AWS::Region, AWS::StackId, AWS::StackName
Reference:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/pseudo-parameter-reference.html


NEW QUESTION # 350
Which of the following features of the Elastic Beanstalk service will allow you to perform a Blue Green
Deployment

  • A. Swap Environment
  • B. Rebuild Environment
  • C. Swap URL's
  • D. Environment Configuration

Answer: C

Explanation:
Explanation
With the Swap url feature, you can keep a version of your environment ready. And when you are ready to cut
over, you can just use the swap url feature to switch over
to your new environment
For more information on swap url feature, please refer to the below link:
* http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.CNAM
CSwap.html


NEW QUESTION # 351
A company indexes all of its Amazon CloudWatch Logs on Amazon ES and uses Kibana to view a dashboard for actionable insight. The company wants to restrict user access to Kibana by user Which actions can a DevOps Engineer take to meet this requirement? (Select TWO.)

  • A. Use Amazon Cognito to offer user name and password protection for Kibana
  • B. Create a proxy server with user authentication in an Auto Scaling group and restrict access of the Amazon ES endpoint to an Auto Scaling group tag
  • C. Create a proxy server with user authentication and an Elastic IP address and restrict access of the Amazon ES endpoint to the IP address
  • D. Create a proxy server with AWS IAM user and restrict access of the Amazon ES endpoint to the IAM user
  • E. Use AWS SSO to offer user name and password protection for Kibana

Answer: B,C


NEW QUESTION # 352
A devops team uses AWS CloudFormation to build their infrastructure. The security team is concerned about sensitive parameters, such as passwords, being exposed.
Which combination of steps will enhance the security of AWS CloudFormation? (Select THREE.)

  • A. Use the CloudFormation NoEcho parameter property to mask the parameter value.
  • B. Create a secure string with AWS KMS and choose a KMS encryption key. Reference the ARN of the secure string, and give AWS CloudFormation permission to the KMS key for decryption.
  • C. Use AWS KMS to encrypt the CloudFormation template.
  • D. Create secrets using the AWS Secrets Manager AWS::SecretsManager::Secret resource type. Reference the secret resource return attributes in resources that need a password, such as an Amazon RDS database.
  • E. Store sensitive static data in the AWS Systems Manager Parameter Store as strings. Reference the stored value using types of Systems Manager parameters.
  • F. Store sensitive static data as secure strings in the AWS Systems Manager Parameter Store. Use dynamic references in the resources that need access to the data.

Answer: B,D,E


NEW QUESTION # 353
You need to create a Route53 record automatically in CloudFormation when not running in production during all launches of a Template. How should you implement this?

  • A. Use a <code>Parameter</code> for <code>environment</code>, and add a
    <code>Condition</code> on the Route53 <code>Resource</code> in the template to create the record with a null string when <code>environment</code> is <code>production</code>.
  • B. Create two templates, one with the Route53 record and one without it. Use the one without it when deploying to production.
  • C. Use a <code>Parameter</code> for <code>environment</code>, and add a
    <code>Condition</code> on the Route53 <code>Resource</code> in the template to create the record only when <code>environment</code> is not <code>production</code>.
  • D. Create two templates, one with the Route53 record value and one with a null value for the record.
    Use the one without it when deploying to production.

Answer: C

Explanation:
The best way to do this is with one template, and a Condition on the resource. Route53 does not allow null strings for records.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/conditions-section- structure.html


NEW QUESTION # 354
When a user is detaching an EBS volume from a running instance and attaching it to a new instance, which of the below mentioned options should be followed to avoid file system damage?

  • A. Stop all the I/O of the volume before processing
  • B. Take a snapshot of the volume before detaching
  • C. Unmount the volume first
  • D. Force Detach the volume to ensure that all the data stays intact

Answer: C

Explanation:
When a user is trying to detach an EBS volume, the user can either terminate the instance or explicitly remove the volume. It is a recommended practice to unmount the volume first to avoid any file system damage.


NEW QUESTION # 355
When specifying multiple variable names and values for a playbook on the command line, which of the following is the correct syntax?

  • A. ansible-playbook playbook.yml -e `host: "foo", pkg: "bar"'
  • B. ansible-playbook playbook.yml -e `host="foo"' -e `pkg="bar"'
  • C. ansible-playbook playbook.yml -e `host="foo" pkg="bar"'
  • D. ansible-playbook playbook.yml --extra-vars "host=foo", "pkg=bar"

Answer: C

Explanation:
Variables are passed in a single command line parameter, `-e' or `--extra-vars'. They are sent as a single string to the playbook and are space delimited. Because of the space delimeter, variable values must be encapsulated in quotes. Additionally, proper JSON or YAML can be passed, such as: `-e `{"key": "name",
"array": ["value1", "value2"]}'.
Reference:
http://docs.ansible.com/ansible/playbooks_variables.html#passing-variables-on-the-commandline


NEW QUESTION # 356
You are a Devops Engineer for your company. There is a requirement to log each time an Instance is scaled in or scaled out from an existing Autoscaling Group. Which of the following steps can be implemented to fulfil this requirement. Each step forms part of the solution.

  • A. Createa Cloudwatch event which will trigger the Lambda function.
  • B. Createa Lambda function which will write the event to Cloudwatch logs
  • C. Createan SQS queue which will write the event to Cloudwatch logs
  • D. Createa Cloudwatch event which will trigger the SQS queue.

Answer: A,B

Explanation:
Explanation
The AWS documentation mentions the following
You can run an AWS Lambda function that logs an event whenever an Auto Scaling group launches or terminates an Amazon CC2 instance and whether the launch or terminate event was successful.
For more information on configuring lambda with Cloudwatch events for this scenario, please visit the URL:
http://docs.aws.amazon.com/AmazonCloudWatch/latest/events/LogASGroupState.html


NEW QUESTION # 357
You are doing a load testing exercise on your application hosted on AWS. While testing your Amazon RDS MySQL DB instance, you notice that when you hit 100% CPU utilization on it, your application becomes non- responsive. Your application is read-heavy.
What are methods to scale your data tier to meet the application's needs? (Choose three.)

  • A. Enable Multi-AZ for your Amazon RDS DB instance.
  • B. Use ElastiCache in front of your Amazon RDS DB to cache common queries.
  • C. Shard your data set among multiple Amazon RDS DB instances.
  • D. Use an Amazon SQS queue to throttle data going to the Amazon RDS DB instance.
  • E. Add Amazon RDS DB read replicas, and have your application direct read queries to them.
  • F. Add your Amazon RDS DB instance to an Auto Scaling group and configure your CloudWatch metric based on CPU utilization.

Answer: B,C,E


NEW QUESTION # 358
When thinking of AWS Elastic Beanstalk, the 'Swap Environment URLs' feature most directly aids in
what?

  • A. Immutable Rolling Deployments
  • B. Canary Deployments
  • C. Mutable Rolling Deployments
  • D. Blue-Green Deployments

Answer: D

Explanation:
Simply upload the new version of your application and let your deployment service (AWS Elastic
Beanstalk, AWS CloudFormation, or AWS OpsWorks) deploy a new version (green). To cut over to the
new version, you simply replace the ELB URLs in your DNS records. Elastic Beanstalk has a Swap
Environment URLs feature to facilitate a simpler cutover process.
Reference: https://d0.awsstatic.com/whitepapers/overview-of-deployment-options-on-aws.pdf


NEW QUESTION # 359
......

AWS-DevOps Dumps Updated Practice Test and 575 unique questions: https://troytec.validtorrent.com/AWS-DevOps-valid-exam-torrent.html

Related Articles

more
Amazon AWS-DevOps Certification Practice Exam

Copyright © 2026 ValidTorrent NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy