没有合适的资源?快使用搜索试试~ 我知道了~
首页AWS DevOps工程师专业认证:离线安装策略
"《Amazon AWS DevOps Engineer Professional Questions & Answers》是一份针对AWS认证DevOps工程师的专业考试资料,适用于有两年以上AWS环境部署、操作和管理经验的人员。这份PDF文件包含了实际考试中可能遇到的问题与解答,版本为1.0。 问题1涉及到了一个DevOps工程师在AWS环境中遇到的挑战。他为一个应用程序部署Amazon EC2实例,并使用了公共子网中的公开IP地址。用户数据脚本负责获取应用 artifacts 并在实例启动时安装。然而,随着对安全性的新要求,应用必须在无互联网访问的情况下运行。尽管实例成功启动且显示健康,但应用似乎并未安装。 为了解决这个问题,正确的方法是C. 将应用程序artifacts发布到Amazon S3存储桶,并创建一个VPC(虚拟私有云)端点用于S3。这样,可以通过为EC2实例分配一个具有读取权限的IAM(身份和访问管理)实例角色,确保它们可以在私有子网中访问S3,从而安装应用程序,同时遵循新的规则,即限制网络访问。 B选项提到的NAT网关虽然可以将私有子网内的实例暴露给外部网络,但这并不符合新的无互联网访问规则。A选项中使用弹性IP地址的做法也不符合,因为弹性IP地址允许实例保持外部连接,不符合限制条件。因此,最符合要求的解决方案是C,通过VPC端点实现私密且受控的应用部署。"
资源详情
资源推荐
QUESTION NO: 13
A Development team uses AWS CodeCommit for source code control. Developers apply their
changes to various feature branches and create pull requests to move those changes to the
master branch when they are ready for production. A direct push to the master branch should not
be allowed. The team applied the AWS managed policy AWSCodeCommitPowerUser to the
Developers’ IAM rote, but now members are able to push to the master branch directly on every
repository in the AWS account.
What actions should be taken to restrict this?
A.
Create an additional policy to include a deny rule for the codecommit: GitPush action, and include
a restriction for the specific repositories in the resource statement with a condition for the master
reference.
B.
Remove the IAM policy and add an AWSCodeCommitReadOnlypolicy. Add an allow rule for the
codecommit: GitPush action for the specific repositories in the resource statement with a condition
for the master reference.
C.
Modify the IAM policy and include a deny rule for the codecommit: GitPush action for the specific
repositories in the resource statement with a condition for the master reference.
D.
Create an additional policy to include an allow rule for the codecommit: GitPush action and include
a restriction for the specific repositories in the resource statement with a condition for the feature
branches reference.
Answer: C
Explanation:
QUESTION NO: 14
A Developer is designing a continuous deployment workflow for a new Development team to
facilitate the process for source code promotion in AWS. Developers would like to store and
promote code for deployment from development to production while maintaining the ability to roll
back that deployment if it fails.
Which design will incur the LEAST amount of downtime?
A.
Create one repository in AWS CodeCommit. Create a development branch to hold merged
changes. Use AWS CodeBuild to build and test the code stored in the development branch
triggered on a new commit. Merge to the master and deploy to production by using AWS
Amazon AWS DevOps Engineer Professional Exam
"Leading the way in IT Testing & Certification Tools" - www.testking.com 11
CodeDeploy for a blue/green deployment.
B.
Create one repository for each Developer in AWS CodeCommit and another repository to hold the
production code. Use AWS CodeBuild to merge development and production repositories, and
deploy to production by using AWS CodeDeploy for a blue/green deployment.
C.
Create one repository for development code in AWS CodeCommit and another repository to hold
the production code. Use AWS CodeBuild to merge development and production repositories, and
deploy to production by using AWS CodeDeploy for a blue/green deployment.
D.
Create a shared Amazon S3 bucket for the Development team to store their code. Set up an
Amazon CloudWatch Events rule to trigger an AWS Lambda function that deploys the code to
production by using AWS CodeDeploy for a blue/green deployment.
Answer: D
Explanation:
QUESTION NO: 15
A DevOps Engineer discovered a sudden spike in a website's page load times and found that a
recent deployment occurred. A brief diff of the related commit shows that the URL for an external
API call was altered and the connecting port changed from 80 to 443. The external API has been
verified and works outside the application. The application logs show that the connection is now
timing out, resulting in multiple retries and eventual failure of the call.
Which debug steps should the Engineer take to determine the root cause of the issue'?
A.
Check the VPC Flow Logs looking for denies originating from Amazon EC2 instances that are part
of the web Auto Scaling group. Check the ingress security group rules and routing rules for the
VPC.
B.
Check the existing egress security group rules and network ACLs for the VPC. Also check the
application logs being written to Amazon CloudWatch Logs for debug information.
C.
Check the egress security group rules and network ACLs for the VPC. Also check the VPC flow
logs looking for accepts originating from the web Auto Scaling group.
D.
Check the application logs being written to Amazon CloudWatch Logs for debug information.
Check the ingress security group rules and routing rules for the VPC.
Amazon AWS DevOps Engineer Professional Exam
"Leading the way in IT Testing & Certification Tools" - www.testking.com 12
Answer: C
Explanation:
QUESTION NO: 16
An Engineering team manages a Node.js e-commerce application. The current environment
consists of the following components:
• Amazon S3 buckets for storing content
• Amazon EC2 for the front-end web servers
• AWS Lambda for executing image processing
• Amazon DynamoDB for storing session-related data
The team expects a significant increase in traffic to the site. The application should handle the
additional load without interruption. The team ran initial tests by adding new servers to the EC2
front-end to handle the larger load, but the instances took up to 20 minutes to become fully
configured. The team wants to reduce this configuration time.
What changes will the Engineering team need to implement to make the solution the MOST
resilient and highly available while meeting the expected increase in demand?
A.
Use AWS OpsWorks to automatically configure each new EC2 instance as it is launched.
Configure the EC2 instances by using an Auto Scaling group behind an Application Load Balancer
across multiple Availability Zones. Implement Amazon DynamoDB Auto Scaling. Use Amazon
Route 53 to point the application DNS record to the Application Load Balancer.
B.
Deploy a fleet of EC2 instances, doubling the current capacity, and place them behind an
Application Load Balancer. Increase the Amazon DynamoDB read and write capacity units. Add
an alias record that contains the Application Load Balancer endpoint to the existing Amazon Route
53 DNS record that points to the application.
C.
Configure Amazon CloudFront and have its origin point to Amazon S3 to host the web application.
Implement Amazon DynamoDB Auto Scaling. Use Amazon Route 53 to point the application DNS
record to the CloudFront DNS name.
D.
Use AWS Elastic Beanstalk with a custom AMI including all web components. Deploy the platform
by using an Auto Scaling group behind an Application Load Balancer across multiple Availability
Zones. Implement Amazon DynamoDB Auto Scaling. Use Amazon Route 53 to point the
application DNS record to the Elastic Beanstalk load balancer.
Amazon AWS DevOps Engineer Professional Exam
"Leading the way in IT Testing & Certification Tools" - www.testking.com 13
剩余61页未读,继续阅读
isfufula
- 粉丝: 1
- 资源: 2
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 前端面试必问:真实项目经验大揭秘
- 永磁同步电机二阶自抗扰神经网络控制技术与实践
- 基于HAL库的LoRa通讯与SHT30温湿度测量项目
- avaWeb-mast推荐系统开发实战指南
- 慧鱼SolidWorks零件模型库:设计与创新的强大工具
- MATLAB实现稀疏傅里叶变换(SFFT)代码及测试
- ChatGPT联网模式亮相,体验智能压缩技术.zip
- 掌握进程保护的HOOK API技术
- 基于.Net的日用品网站开发:设计、实现与分析
- MyBatis-Spring 1.3.2版本下载指南
- 开源全能媒体播放器:小戴媒体播放器2 5.1-3
- 华为eNSP参考文档:DHCP与VRP操作指南
- SpringMyBatis实现疫苗接种预约系统
- VHDL实现倒车雷达系统源码免费提供
- 掌握软件测评师考试要点:历年真题解析
- 轻松下载微信视频号内容的新工具介绍
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功