NEW QUESTION 1
As part of your deployment process, you are configuring your continuous integration (CI) system to build AMIs. You want to build them in an automated manner that is also cost-efficient. Which method should you use?

• A. Attachan Amazon EBS volume to your CI instance, build the root file system of yourimage on the volume, and use the Createlmage API call to create an AMI out ofthis volume.
• B. Havethe CI system launch a new instance, bootstrap the code and apps onto theinstance and create an AMI out of it.
• C. Uploadall contents of the image to Amazon S3 launch the base instance, download allof the contents from Amazon S3 and create the AMI.
• D. Havethe CI system launch a new spot instance bootstrap the code and apps onto theinstance and create an AMI out of it.

Answer: D

Explanation:
The AWS documentation mentions the following
If your organization uses Jenkins software in a CI/CD pipeline, you can add Automation as a post- build step to pre-install application releases into Amazon Machine Images (AMIs). You can also use the Jenkins scheduling feature to call Automation and create your own operating system (OS) patching cadence
For more information on Automation with Jenkins, please visit the link:
• http://docs.aws.a mazon.com/systems-manager/latest/userguide/automation-jenkinsJntm I
• https://wiki.jenkins.io/display/JCNKINS/Amazon < CC21 Plugin

NEW QUESTION 2
You are using Autoscaling for managing the instances in your AWS environment. You need to deploy a new version of your application. You'd prefer to use all new instances if possible, but you cannot have any downtime. You also don't want to swap any environment urls. Which of the following deployment methods would you implement

• A. Using "All at once" deployment method.
• B. Using "Blue Green" deployment method.
• C. Using"RollingUpdates"deploymentmethod.
• D. Using "Blue Green" with "All at once" deployment method.

Answer: C

Explanation:
In Rolling deployment, you can mention a new set of servers which can replace the existing set of servers. This replacement will happen in a phased out manner.
Since there is a requirement to not swap URL's, you must not use Blue Green deployments.
For more information on the differences between Rolling Updates and Blue Green deployments, please refer to the below URL:
• https://cloudnative.io/docs/blue-green-deployment/

NEW QUESTION 3
Your development team is using an Elastic beanstalk environment. After a week, the environment was torn down and a new one was created. When the development team tried to access the data on the older environment, it was not available. Why is this the case?

• A. Thisis because the underlying EC2 Instances are created with encrypted storage andcannot be accessed once the environment has been terminated.
• B. Thisis because the underlying EC2 Instances are created with IOPS volumes andcannot be accessed once the environment has been terminated.
• C. Thisis because before the environment termination, Elastic beanstalk copies thedata to DynamoDB, and hence the data is not present in the EBS volumes
• D. Thisis because the underlying EC2 Instances are created with no persistent localstorage

Answer: D

Explanation:
The AWS documentation mentions the following
Clastic Beanstalk applications run on Amazon CC2 instances that have no persistent local storage.
When the Amazon CC2 instances terminate, the local file system is not saved, and new Amazon CC2 instances start with a default file system. You should design your application to store data in a persistent data source.
For more information on Elastic beanstalk design concepts, please refer to the below link: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts.concepts.design.htmI

NEW QUESTION 4
You have a web application composed of an Auto Scaling group of web servers behind a load balancer, and create a new AMI for each application version for deployment. You have a new version to release, and you want to use the Blue-Green deployment technique to migrate users over in a controlled manner while the size of the fleet remains constant over a period of 6 hours, to ensure that the new version is performing well. What option should you choose to enable this technique while being able to roll back easily? Choose 2 answers from the options given below. Each answer presents part of the solution

• A. Createan Auto Scaling launch configuration with the new AMI to use the new launchconfiguration and to register instances with the new load balancer S
• B. Createan Auto Scaling launch configuration with the new AMI to use the new launchconfiguration and to register instances with the existing load balancer
• C. UseAmazon RouteS3 weighted Round Robin to varythe proportion of requests sent tothe load balancer
• D. -^
• E. ConfigureElastic Load Balancing to varythe proportion of requests sent to instancesrunningthe two application versions.

Answer: AC

Explanation:
The AWS documentation gives this example of a Blue Green deployment

You can shift traffic all at once or you can do a weighted distribution. With Amazon Route 53, you can define a percentage of traffic to go to the green environment and gradually update the weights until the green environment carries the full production traffic. A weighted distribution provides the ability to perform canary analysis where a small percentage of production traffic is introduced to a new environment. You can test the new code and monitor for errors, limiting the blast radius if any issues are encountered. It also allows the green environment to scale out to support the full production load if you're using Clastic Load Balancing, for example
For more information on Blue Green deployments, please refer to the below link:
• https://dOawsstatic.com/whitepapers/AWS_Blue_Green_Deployments.pdf

NEW QUESTION 5
You work for an insurance company and are responsible for the day-to-day operations of your company's online quote system used to provide insurance quotes to members of the public. Your company wants to use the application logs generated by the system to better understand customer behavior. Industry, regulations also require that you retain all application logs for the system indefinitely in order to investigate fraudulent claims in the future. You have been tasked with designing a log management system with the following requirements:
- All log entries must be retained by the system, even during unplanned instance failure.
- The customer insight team requires immediate access to the logs from the past seven days.
- The fraud investigation team requires access to all historic logs, but will wait up to 24 hours before these logs are available.
How would you meet these requirements in a cost-effective manner? Choose three answers from the options below

• A. Configure your application to write logs to the instance's ephemeral disk, because this storage is free and has good write performanc
• B. Create a script that moves the logs from the instance to Amazon S3 once an hour.
• C. Write a script that is configured to be executed when the instance is stopped or terminated and that will upload any remaining logs on the instance to Amazon S3.
• D. Create an Amazon S3 lifecycle configuration to move log files from Amazon S3 to Amazon Glacier after seven days.
• E. Configure your application to write logs to the instance's default Amazon EBS boot volume, because this storage already exist
• F. Create a script that moves the logs from the instance to Amazon S3 once an hour.
• G. Configure your application to write logs to a separate Amazon EBS volume with the "delete on termination" field set to fals
• H. Create a script that moves the logs from the instance to Amazon S3 once an hour.
• I. Create a housekeeping script that runs on a T2 micro instance managed by an Auto Scaling group for high availabilit
• J. The script uses the AWS API to identify any unattached Amazon EBS volumes containing log file
• K. Your housekeeping script will mount the Amazon EBS volume, upload all logs to Amazon S3, and then delete the volume.

Answer: CEF

Explanation:
Since all logs need to be stored indefinitely. Glacier is the best option for this. One can use Lifecycle events to stream the data from S3 to Glacier
Lifecycle configuration enables you to specify the lifecycle management of objects in a bucket. The configuration is a set of one or more rules, where each rule
defines an action for Amazon S3 to apply to a group of objects. These actions can be classified as
follows:
• Transition actions - In which you define when objects transition to another storage class. For example, you may choose to transition objects to the STANDARDJA QK for infrequent access) storage class 30 days after creation, or archive objects to the GLACIER storage class one year after creation.
• Expiration actions - In which you specify when the objects expire. Then Amazon S3 deletes the expired objects on your behalf. For more information on Lifecycle events, please refer to the below link:
• http://docs.aws.a mazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.htm I You can use scripts to put the logs onto a new volume and then transfer those logs to S3.
Note:
Moving the logs from CBS volume to S3 we have some custom scripts running in the background. Inorder to ensure the minimum memory requirements for the OS and the applications for the script to execute we can use a cost effective ec2 instance.
Considering the computing resource requirements of the instance and the cost factor a tZmicro instance can be used in this case.
The following link provides more information on various t2 instances. https://docs.aws.amazon.com/AWSCC2/latest/WindowsGuide/t2-instances.html
Question is "How would you meet these requirements in a cost-effective manner? Choose three answers from the options below"
So here user has to choose the 3 options so that the requirement is fulfilled. So in the given 6 options, options C, C and F fulfill the requirement.
" The CC2s use CBS volumes and the logs are stored on CBS volumes those are marked for non- termination" - is one of the way to fulfill requirement. So this shouldn't be a issue.

NEW QUESTION 6
You are designing a service that aggregates clickstream data in batch and delivers reports to subscribers via email only once per week. Data is extremely spikey, geographically distributed, high- scale, and unpredictable. How should you design this system?

• A. Use a large RedShift cluster to perform the analysis, and a fleet of Lambdas to perform recordinserts into the RedShift table
• B. Lambda will scale rapidly enough for the traffic spikes.
• C. Use a CloudFront distribution with access log delivery to S3. Clicks should be recorded as querystring GETs to the distributio
• D. Reports are built and sent by periodically running EMRjobs over the access logs in S3.C Use API Gateway invoking Lambdas which PutRecords into Kinesis, and EMR running Spark performing GetRecords on Kinesis to scale with spike
• E. Spark on EMR outputs the analysis to S3, which are sent out via email.D- Use AWS Elasticsearch service and EC2 Auto Scaling group
• F. The Autoscaling groups scale based on click throughput and stream into the Elasticsearch domain, which is also scalabl
• G. Use Kibana to generate reports periodically.

Answer: B

Explanation:
When you look at building reports or analyzing data from a large data set, you need to consider CMR because this service is built on the Hadoop framework which is used to processes large data sets.
The ideal approach to getting data onto CMR is to use S3. Since the Data is extremely spikey and geographically distributed, using edge locations via Cloudfront distributions is the best way to fetch the data.
Option A is invalid because RedShift is more of a petabyte storage cluster.
Option C is invalid because having both Kinesis and CMR for the job analysis is redundant. Option D is invalid because Elastic Search is not an option for processing records.
For more information on Amazon CMR, please visit the below URL:
• https://aws.amazon.com/emr/

NEW QUESTION 7
Which of the following design strategies is ideal when designing loosely coupled systems. Choose 2 answers from the options given below

• A. Having the web and worker roles running on the same set of EC2 Instances
• B. Having the web and worker roles running on separate EC2 Instances
• C. Using SNS to establish communication between the web and worker roles
• D. Using SQS to establish communication between the web and worker roles

Answer: BD

Explanation:
The below diagram shows the ideal design which uses SQS and separate environments for web and worker processes. The SQS queue manages the communication between the web and worker roles.

One example is the way Elastic beanstalk manages worker environments. For more information on
this, please visit the below URL:
◆ http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features-managing-env-tiers.htmI

NEW QUESTION 8
Which of the following is the right sequence of initial steps in the deployment of application revisions using Code Deploy
1) Specify deployment configuration
2) Upload revision
3) Create application
4) Specify deployment group

• A. 3, 2, 1 and 4
• B. 3,1,2 and 4
• C. 3,4,1 and 2
• D. 3,4,2 and 1

Answer: C

Explanation:
The below diagram from the AWS documentation shows the deployment steps

For more information on the deployment steps please refer to the below link:
• http://docs.aws.amazon.com/codedeploy/latest/userguide/de ployment-steps.html

NEW QUESTION 9
You have just recently deployed an application on EC2 instances behind an ELB. After a couple of weeks, customers are complaining on receiving errors from the application. You want to diagnose the errors and are trying to get errors from the ELB access logs. But the ELB access logs are empty. What is the reason for this.

• A. You do not have the appropriate permissions to access the logs
• B. You do not have your CloudWatch metrics correctly configured
• C. ELB Access logs are only available for a maximum of one week.
• D. Access logging is an optional feature of Elastic Load Balancing that is disabled by default

Answer: D

Explanation:
Clastic Load Balancing provides access logs that capture detailed information about requests sent to
your load balancer. Cach log contains information such as the
time the request was received, the client's IP address, latencies, request paths, and server responses.
You can use these access logs to analyze traffic patterns and to troubleshoot issues.
Access logging is an optional feature of Elastic Load Balancing that is disabled by default. After you enable access logging for your load balancer. Clastic Load
Balancing captures the logs and stores them in the Amazon S3 bucket that you specify. You can disable access logging at any time.
For more information on CLB access logs, please refer to the below document link: from AWS http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/access-log-collection.html

NEW QUESTION 10
Your company is planning on using the available services in AWS to completely automate their integration, build and deployment process. They are planning on using AWSCodeBuild to build their artefacts. When using CodeBuild, which of the following files specifies a collection of build commands that can be used by the service during the build process.

• A. appspec.yml
• B. buildspec.yml
• C. buildspecxml
• D. appspec.json

Answer: B

Explanation:
The AWS documentation mentions the following
AWS CodeBuild currently supports building from the following source code repository providers. The source code must contain a build specification (build spec) file,
or the build spec must be declared as part of a build project definition. A buildspecs a collection of build commands and related settings, in YAML format, that AWS
CodeBuild uses to run a build.
For more information on AWS CodeBuild, please refer to the below link: http://docs.aws.amazon.com/codebuild/latest/userguide/planning.html

NEW QUESTION 11
Your application requires long-term storage for backups and other data that you need to keep readily available but with lower cost. Which S3 storage option should you use?

• A. AmazonS3 Standard- Infrequent Access
• B. S3Standard
• C. Glacier
• D. ReducedRedundancy Storage

Answer: A

Explanation:
The AWS Documentation mentions the following
Amazon S3 Standard - Infrequent Access (Standard - IA) is an Amazon S3 storage class for data that is accessed less frequently, but requires rapid access when needed. Standard - IA offers the high durability, throughput, and low latency of Amazon S3 Standard, with a low per GB storage price and per GB retrieval fee.
For more information on S3 Storage classes, please visit the below URL:
• https://aws.amazon.com/s3/storage-classes/

NEW QUESTION 12
An organization is planning to use AWS for their Production Rollout. The organizations wants to implement automation for deployment, such that it will automatically create a LAMP stack, deploy an RDS MySQLDB instance, download the latest PHP installable from S3 and set up the ELB. Which of the below mentioned AWS services meets the requirement for making an orderly deployment of the software?

• A. AWS Elastic Beanstalk
• B. AWSCIoudfront
• C. AWS Cloudformation
• D. AWS DevOps

Answer: C

Explanation:
When you want to automate deployment, the automatic choice is Cloudformation. Below is the excerpt from AWS on cloudformation.
AWS Cloud Formation gives developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning updating them in an orderly and predictable fashion.
You can use AWS Cloud Formation's sample templates or create your own templates to describe the AWS resources, and any associated dependencies or runtime parameters, required to run your application. You don't need to figure out the order for provisioning AWS services or the subtleties of making those dependencies work. Cloud Formation takes care of this for you. After the AWS resources are deployed, you can modify and update them in a controlled and predictable way, in effect applying version control to your AWS infrastructure the same way you do with your software For more information on Cloud Formation, please visit the link:
• https://aws.amazon.com/cloudformation/ As per AWS,
"AWS Clastic Beanstalk provides support for running Amazon Relational Database Service (Amazon RDS) instances in your Clastic Beanstalk environment. This works great for development and testing environments. However, it isn't ideal for a production environment because it ties the lifecycle of the database instance to the lifecycleofyour application's environment."
• https://docs.aws.a mazon.com/elasticbeanstalk/latesWdg/AW SHowTo.RDS.htm I

NEW QUESTION 13
You work at a company that makes use of AWS resources. One of the key security policies is to ensure that all data is encrypted both at rest and in transit. Which of the following is not a right implementation which aligns to this policy?

• A. UsingS3 Server Side Encryption (SSE) to store the information
• B. Enable SSLtermination on the ELB C EnablingProxy ProtocolD- Enablingsticky sessions on your load balancer

Answer: B

Explanation:
Please note the keyword "NOT" in the question.
Option A is incorrect. Enabling S3 SSE encryption helps the encryption of data at rest in S3.So Option A is invalid.
Option B is correct. If you disable SSL termination on the ELB the traffic will be encrypted all the way to the backend. SSL termination allows encrypted traffic between the client
and the ELB but cause traffic to be unencrypted between the ELB and the backend (presumably EC2 or ECS/Task, etc.)
If SSL is not terminated on the ELB you must use Layer A to have traffic encrypted all the way.
Sticky sessions are not supported with Layer A (TCP endpoint). Thus option D" Enabling sticky sessions on your load balancer" can't be used and is the right answer
For more information on sticky sessions, please visit the below URL https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html Requirements
• An HTTP/HTTPS load balancer.
• At least one healthy instance in each Availability Zone.
• At least one healthy instance in each Availability Zone.
If you don't want the load balancer to handle the SSL termination (known as SSL offloading), you can use TCP for both the front-end and back-end connections, and deploy certificates on the registered instances handling requests.
For more information on elb-listener-config, please visit the below
• https://docs.awsamazon.com/elasticloadbalancing/latest/classic/elb-listener-config.html If the front-end connection uses TCP or SSL, then your back-end connections can use either TCP or SSL. Note: You can use an HTTPS listener and still use SSL on the backend but the ELB must terminate, decrypt and re-encrypt. This is slower and less secure then using the same encryption all the way to the backend.. It also breaks the question requirement of having all data encrypted in transit since it force the ELB to decrypt Proxy protocol is used to provide a secure transport connection hence Option C is also incorrect. For more information on SSL Listeners for your load balancer, please visit the below URL
http://docsaws.amazon.com/elasticloadbalancing/latest/classic/elb-https-load-balancers.html
https://aws.amazon.com/blogs/aws/elastic-load-balancer-support-for-ssl-termination/

NEW QUESTION 14
There is a requirement to monitor API calls against your AWS account by different users and entities. There needs to be a history of those calls. The history of those calls are needed in in bulk for later review. Which 2 services can be used in this scenario

• A. AWS Config; AWS Inspector
• B. AWS CloudTrail; AWS Config
• C. AWS CloudTrail; CloudWatch Events
• D. AWS Config; AWS Lambda

Answer: C

Explanation:
You can use AWS CloudTrail to get a history of AWS API calls and related events for your account. This history includes calls made with the AWS Management
Console, AWS Command Line Interface, AWS SDKs, and other AWS services. For more information on Cloudtrail, please visit the below URL:
• http://docs.aws.a mazon.com/awscloudtrail/latest/userguide/cloudtrai l-user-guide.html
Amazon Cloud Watch Cvents delivers a near real-time stream of system events that describe changes in Amazon Web Services (AWS) resources. Using simple rules that you can quickly set up, you can match events and route them to one or more target functions or streams. Cloud Watch Cvents becomes aware of operational changes as they occur. Cloud Watch Cvents responds to these operational changes and takes corrective action as necessary, by sending messages to respond to the environment, activating functions, making changes, and capturing state information. For more information on Cloud watch events, please visit the below U RL:
• http://docs.aws.a mazon.com/AmazonCloudWatch/latest/events/Whatl sCloudWatchCvents.html

NEW QUESTION 15
You need to grant a vendor access to your AWS account. They need to be able to read protected messages in a private S3 bucket at their leisure. They also use AWS. What is the best way to accomplish this?

• A. Create an 1AM User with API Access Key
• B. Grant the User permissions to access the bucke
• C. Give the vendor the AWS Access Key ID and AWS Secret Access Key for the User.
• D. Create an EC2 Instance Profile on your accoun
• E. Grant the associated 1AM role full access to the bucke
• F. Start an EC2 instance with this Profile and give SSH access to the instance to the vendor.
• G. Create a cross-account I AM Role with permission to access the bucket, and grant permission to use the Role to the vendor AWS account.D- Generate a signed S3 PUT URL and a signed S3 PUT URL, both with wildcard values and 2 year duration
• H. Pass the URLs to the vendor.

Answer: C

Explanation:
You can use AWS Identity and Access Management (I AM) roles and AWS Security Token Service (STS) to set up cross-account access between AWS accounts. When you assume an 1AM role in another AWS account to obtain cross-account access to services and resources in that account, AWS CloudTrail logs the cross-account activity For more information on Cross Account Access, please visit the below URL:
• https://aws.amazon.com/blogs/security/tag/cross-account-access/

NEW QUESTION 16
Which of the following credentials types are supported by AWSCodeCommit? Select 3 Options

• A. Git Credentials
• B. SSH Keys
• C. User name/password
• D. AWS Access Kevs

Answer: ABD

Explanation:
The AWS documentation mentions
I AM supports AWS CodeCommit with three types of credentials:
Git credentials, an 1AM -generated user name and password pair you can use to communicate with AWS CodeCommit repositories over HTTPS.
SSH keys, a locally generated public-private key pair that you can associate with your 1AM user to communicate with AWS CodeCommit repositories over SSH.
AWS access keys, which you can use with the credential helper included with the AWS CLI to communicate with AWS CodeCommit repositories over HTTPS. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_ssh-keys.htmI

NEW QUESTION 17
You need to deploy a new application version to production. Because the deployment is high-risk, you need to roll the new version out to users over a number of hours, to make sure everything is working correctly. You need to be able to control the proportion of users seeing the new version of the application down to the percentage point. You use ELB and EC2 with Auto Scaling Groups and custom AMIs with your code pre-installed assigned to Launch Configurations. There are no data base- level changes during your deployment. You have been told you cannot spend too much money, so you must not increase the number of EC2 instances much at all during the deployment, but you also need to be able to switch back to the original version of code quickly if something goes wrong. What is the best way to meet these requirements?

• A. Create a second ELB, Auto Scaling Launch Configuration, and Auto Scaling Group using the Launch Configuratio
• B. Create AMIs with all code pre-installe
• C. Assign the new AMI to the second Auto Scaling Launch Configuratio
• D. Use Route53 Weighted Round Robin Records to adjust the proportion of traffic hitting the two ELBs.S
• E. Use the Blue-Green deployment method to enable the fastest possible rollback if neede
• F. Create a full second stack of instances and cut the DNS over to the new stack of instances, and change the DNS back if a rollback is needed.
• G. Create AMIs with all code pre-installe
• H. Assign the new AMI to the Auto Scaling Launch Configuration, to replace the old on
• I. Gradually terminate instances running the old code (launched with the old Launch Configuration) and allow the new AMIs to boot to adjust the traffic balance to the new cod
• J. On rollback, reverse the process by doing the same thing, but changing the AMI on the Launch Config back to the original code.
• K. Migrate to use AWS Elastic Beanstal
• L. Use the established and well-tested Rolling Deployment setting AWS provides on the new Application Environment, publishing a zip bundle of the new code and adjusting the wait period to spread the deployment over tim
• M. Re-deploy the old code bundle to rollback if needed.

Answer: A

Explanation:
This is an example of a Blue Green Deployment
You can shift traffic all at once or you can do a weighted distribution. With Amazon Route 53, you can define a percentage of traffic to go to the green environment and gradually update the weights until the green environment carries the full production traffic. A weighted distribution provides the ability to perform canary analysis where a small percentage of production traffic is introduced to a new environment. You can test the new code and monitor for errors, limiting the blast radius if any issues are encountered. It also allows the green environment to scale out to support the full production load if you're using Elastic Load Balancing

For more information on Blue Green Deployments, please visit the below URL:
• https://dOawsstatic.com/whitepapers/AWS_Blue_Green_Deployments.pdf

NEW QUESTION 18
You are using lifecycle hooks in your AutoScaling Group. Because there is a lifecycle hook, the instance is put in the Pending:Wait state, which means that it is not available to handle traffic yet. When the instance enters the wait state, other scaling actions are suspended. After some time, the instance state is changed to Pending:Proceed, and finally InService where the instances that are part of the Autoscaling Group can start serving up traffic. But you notice that the bootstrapping process on the instances finish much earlier, long before the state is changed to PendingiProceed.
What can you do to ensure the instances are placed in the right state after the bootstrapping process is complete?

• A. Use the complete-lifecycle-action call to complete the lifecycle actio
• B. Run this command from another EC2 Instance.
• C. Use the complete-lifecycle-action call to complete the lifecycle actio
• D. Run this command from the Command line interfac
• E. -^C Use the complete-lifecycle-action call to complete the lifecycle actio
• F. Run this command from the Simple Notification service.
• G. Use the complete-lifecycle-action call to complete the lifecycle actio
• H. Run this command from a SQS queue

Answer: B

Explanation:
The AWS Documentation mentions the following
3. If you finish the custom action before the timeout period ends, use the complete-1ifecycle-action command so that the Auto Scalinggroup can continue launching
or terminating the instance. You can specify the lifecycle action token, as shown in the following command:
3. If you finish the custom action before the timeout period ends, use the complete-lifecycle-action command so that Auto Scaling can continue launching or terminating the instance. You can specify the lifecycle action token, as shown in the following command:

For more information on lifecycle hooks, please refer to the below URL:
• http://docs.aws.amazon.com/autoscaling/latest/userguide/lifecycle-hooks.htm I

NEW QUESTION 19
Your company wants to understand where cost is coming from in the company's production AWS account. There are a number of applications and services running at any given time. Without expending too much initial development time.how best can you give the business a good understanding of which applications cost the most per month to operate?

• A. Create an automation script which periodically creates AWS Support tickets requesting detailed intra-month information about your bill.
• B. Use custom CloudWatch Metrics in your system, and put a metric data point whenever cost is incurred.
• C. Use AWS Cost Allocation Taggingfor all resources which support i
• D. Use the Cost Explorer to analyze costs throughout the month.
• E. Use the AWS Price API and constantly running resource inventory scripts to calculate total price based on multiplication of consumed resources over time.

Answer: C

Explanation:
A tag is a label that you or AWS assigns to an AWS resource. Each tag consists of a Areyand a value. A key can have more than one value. You can use tags to organize your resources, and cost allocation tags to track your AWS costs on a detailed level. After you activate cost allocation tags, AWS uses the cost allocation tags to organize your resource costs on your cost allocation report, to make it easier
for you to categorize and track your AWS costs. AWS provides two types of cost allocation tags, an A WS-generated tagand user-defined tags. AWS defines, creates, and applies the AWS-generated tag for you, and you define, create, and apply user-defined tags. You must activate both types of tags separately before they can appear in Cost Explorer or on a cost allocation report.
For more information on Cost Allocation tags, please visit the below URL: http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloctags.html

NEW QUESTION 20
You have a web application composed of an Auto Scaling group of web servers behind a load balancer, and create a new AMI for each application version for deployment. You have a new version to release, and you want to use the A/B deployment technique to migrate users over in a controlled manner while the size of the fleet remains constant over a period of 12 hours, to ensure that the new version is performing well.
What option should you choose to enable this technique while being able to roll back easily?

• A. Createan Auto scaling launch configuration with the new AM
• B. Configure the AutoScalinggroup with the new launch configuratio
• C. Use the Auto Scaling rollingupdates feature to migrate to the new version.
• D. Createan Auto Scaling launch configuration with the new AM
• E. Create an Auto Scalinggroup configured to use the new launch configuration and to register instanceswith the same load balance
• F. Vary the desired capacity of each group tomigrate.
• G. Createan Auto scaling launch configuration with the new AM
• H. Configure Auto Scalingto vary the proportion of instances launched from the two launchconfigurations.
• I. Createa load balance
• J. Create an Auto Scaling launch configuration with the new AMIto use the new launch configuration and to registerinstances with the new loadbalance
• K. Use Amazon Route53 weighted Round Robin to vary the proportion ofrequests sent to the load balancers.
• L. Launchnew instances using the new AMI and attach them to the Auto Scalinggroup.Configure Elastic Load Balancing to vary the proportion of requests sent toinstances running the two application versions.

Answer: D

Explanation:
Since you want to control the usage to the new application in a controlled manner, the best way is to use Route53 weighted method. The AWS documentation
mentions the following on this method
Weighted routing lets you associate multiple resources with a single domain name (example.com) or subdomain name (acme.example.com) and choose how much traffic is routed to each resource. This can be useful for a variety of purposes, including load balancing and testing new versions of software.
For more information on Weighted Round Robin method, please visit the link: http://docs^ws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html/rrouting-policy- weighted

NEW QUESTION 21
Which of the following are ways to ensure that data is secured while in transit when using the AWS Elastic load balancer. Choose 2 answers from the options given below

• A. Usea TCP front end listener for your ELB
• B. Usean SSL front end listenerforyourELB
• C. Usean HTTP front end listener for your ELB
• D. Usean HTTPS front end listener for your ELB

Answer: BD

Explanation:
The AWS documentation mentions the following
You can create a load balancer that uses the SSL/TLS protocol for encrypted connections (also known as SSL offload). This feature enables traffic encryption between your load balancer and the clients that initiate HTTPS sessions, and for connections between your load balancer and your L~C2 instances.
For more information on Elastic Load balancer and secure listeners, please refer to the below link: http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-https-load-balancers.html

NEW QUESTION 22
In reviewing the Auto-Scaling events for your application you notice that your application is scaling up and down multiple times in the same hour. What design choice could you make to optimize for costs while preserving elasticity?
Choose 2 options from the choices given below

• A. Modifythe Auto Scaling policy to use scheduled scaling actions
• B. Modifythe Auto Scaling Group cool down timers
• C. Modifythe Amazon Cloudwatch alarm period that triggers your AutoScaling scale downpolicy.
• D. Modifythe Auto Scalinggroup termination policy to terminate the newest instancefirst.

Answer: BC

Explanation:
The Auto Scaling cooldown period is a configurable setting for your Auto Scalinggroup that helps to ensure that Auto Scaling doesn't launch or terminate additional instances before the previous scaling activity takes effect. After the Auto Scalinggroup dynamically scales using a simple scaling policy. Auto Scaling waits for the cooldown period to complete before resuming scaling activities. When you manually scale your Auto Scaling group, the default is not to wait for the cooldown period,
but you can override the default and honor the cooldown period. Note that if an instance becomes
unhealthy. Auto Scaling does not wait for the cooldown period to complete before replacing the unhealthy instance.
For more information on Autoscale cool down timers please visit the URL: http://docs.ws.amazon.com/autoscaling/latest/userguide/Cooldown.htm I
You can also modify the Cloudwatch triggers to ensure the thresholds are appropriate for the scale down policy For more information on Autoscaling user guide please visit the URL: http://docs.aws.amazon.com/autoscaling/latest/userguide/as-scale-based-on-demand.html

NEW QUESTION 23
Which of the following services from AWS can be integrated with the Jenkins continuous integration tool.

• A. AmazonEC2
• B. AmazonECS
• C. AmazonElastic beanstalk
• D. Allof the above

Answer: D

Explanation:
The following AWS sen/ices can be integrated with Jenkins

For more information on Jenkins in AWS, please refer to the below link:
https://dOawsstatic.com/whitepapers/DevOps/Jenkins_on_AWS.pdf

NEW QUESTION 24
You are planning on configuring logs for your Elastic Load balancer. At what intervals does the logs get produced by the Elastic Load balancer service. Choose 2 answers from the options given below

• A. 5minutes
• B. 60minutes
• C. 1 minute
• D. 30seconds

Answer: AB

Explanation:
The AWS Documentation mentions
Clastic Load Balancing publishes a log file for each load balancer node at the interval you specify. You can specify a publishing interval of either 5 minutes or 60 minutes when you enable the access log for your load balancer. By default. Elastic Load Balancing publishes logs at a 60-minute interval.
For more information on Elastic load balancer logs please see the below link: http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/access-log-collection.html

NEW QUESTION 25
Your API requires the ability to stay online during AWS regional failures. Your API does not store any state, it only aggregates data from other sources - you do not have a database. What is a simple but effective way to achieve this uptime goal?

• A. Use a CloudFront distribution to serve up your AP
• B. Even if the region your API is in goes down, the edge locations CloudFront uses will be fine.
• C. UseanELBand a cross-zone ELB deployment to create redundancy across datacenter
• D. Even if a region fails, the other AZ will stay online.
• E. Create a Route53 Weighted Round Robin record, and if one region goes down, have that region redirect to the other region.
• F. Create a Route53 Latency Based Routing Record with Failover and point it to two identical deployments of your stateless API in two different region
• G. Make sure both regions use Auto Scaling Groups behind ELBs.

Answer: D

Explanation:
Failover routing lets you route traffic to a resource when the resource is healthy or to a different resource when the first resource is unhealthy. The primary and secondary resource record sets can route traffic to anything from an Amazon S3 bucket that is configured as a website to a complex tree of records.
For more information on Route53 Failover Routing, please visit the below URL:
http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html

NEW QUESTION 26
You are working with a customer who is using Chef Configuration management in their data center. Which service is designed to let the customer leverage existing Chef recipes in AWS?

• A. AmazonSimple Workflow Service
• B. AWSEIastic Beanstalk
• C. AWSCIoudFormation
• D. AWSOpsWorks

Answer: D

Explanation:
AWS OpsWorks is a configuration management service that helps you configure and operate applications of all shapes and sizes using Chef. You can define the application's architecture and the specification of each component including package installation, software configuration and resources
such as storage. Start from templates for common technologies like application servers and databases or build your own to perform any task that can be scripted. AWS OpsWorks includes automation to scale your application based on time or load and dynamic configuration to orchestrate changes as your environment scales.
For more information on Opswork, please visit the link:
• https://aws.amazon.com/opsworks/

NEW QUESTION 27
......